Hi,

I have been trying to crack the WEP key of my wireless network at home during the last days but it does not work because I do not get Data-Packets (IVs). Since I am new to this stuff, I have read some howtos: (*) this one for example. I tried this several times but it won't work and I don't know why.

The router I am using is a SMC2804WBR. My desktop-computer is connected to the router via WLAN and is authenticated. Now I am trying to capture Data-Packets with my notebook (+Netgear WG111 v2) using BackTrack 2.0 Final and the Aircrack Suite.

Here is a screenshot which shows what I did: (**)

I don't get any ARP Requests and the Data-Packets are not increasing.
So.. what is the problem?


(*) hxxp://forums.remote-exploit.org/showthread.php?t=569
(**) hxxp://img161.imageshack.us/img161/5573/snapshot2ir9.png



/edit: Sry for the hxxp-links, but I am not allowed to post links here :rolleyes:

Judging by the screenshot you did get ARP requests, 5 of them. Not sure what your problem is. Did you try the tut that I posted? The one you used is a little dated.

Yes, the tutorial that I used is a little dated but actually only the syntax of the commands has changed and I corrected them properly, so that should not be the problem.

I got 5 ARP requests in 10 minutes.. I think there should be some more? And the problem is that the Data-Packets are not increasing. I only get Data, if the client uses the network (i.e. downloading sth. or surfing on websites). If I understood the tutorials right I should get Data by sending a deauth and then arpreplaying the client's response to create traffic which contains IVs. This seems not to work...

Another problem that I noticed recently: sometimes when I run the -3 (arpreplay) attack on my notebook, the desktop-pc's network card get's disconnected. When I run a ping it says Hardware Error. If I stop the -3 attack the client gets back into the network.

I don't know why this stuff does not work and that makes me crazy :eek:


Could my wireless USB stick (Netgear WG111 with RTL8187 chipset) be a problem? According to the Aircrack-FAQ it shouldn't...

Your signal strength is very high, I think you should back up a bit more away from your router, because that can interefere with your card. Also try running your attacks from the same folder you are saving your airodump data to.

The part that confuses me is when you do your airreplay attack why do you get 'The interface mac does not match the specified mac', I AM EXPERIENCING THE SAME PROBLEM. Someone please help us out, oh and one more thing even though i do a deauthentication attack the ARP and sent seem to be 0, please help.

Hello, im a noob too but heres what i do. try
aireplay-ng --arpreplay -b 00:04:E2:AB:80:A4 -h 00:30:BD:95:3D:CD wlan0
it works for me. The AP and Machine i typed in, are the same as your pic.

Thats the exact same thing he did (except for using the -x 500 but that dosen't make much of a difference). Can someone please help.

Thanks,
Sid

About 'The interface mac does not match the specified mac': I wouldn't go as far as to say I know for sure, but as everyone is having this message with the new version, I guess it's an addition so we know better what is happening behind the scenes when we do this kind of attack. (want to send packets as this MAC? You are not this MAC! Wait, I'll make you be this MAC)

I'm willing to bet that your problem is the USB dongle, I've had nothing but problems with it and even though BT2 Final is supposed to support the chipset doesn't mean it does, apparently.

Try the tutorial and find out for yourself.
http://forums.remote-exploit.org/showthread.php?t=1321

I tried the tutorial for injection checking and it wasn't successful because my USB dongle is not shown in wireshark.

Damnit, why does that not work? Due to the Aircrack Page my chipset supports all attacks...

I've been having the same kind of problems with my Proxim 8461-05 card (Atheros) Don't know why I don't get any new IVs. I don't have any problems with my Trendnet card. The one thing I will suggest though is try using your cards ow MAC for the attack. Do a FakeAuth using you MAC of the card you wish to use to inject. Then run ARP replay using the same MAC of the injected card instead of using the MAC of a legit client. Using the MAC of the legit client is the reason why you are getting 'The interface mac does not match the specified mac'. You could also post a dump from kismet so that we may have a better idea what is going on.

To understand the problem you have to understand
1) the way the computers (AP's and clients) are sending the wireless packets
to each other
2) the WEP theory and the way the WEP key is implemented in different hardware
So I suggest to start with creating your own net with two or three computers
and see the way they are communicating ( use wireshark for example)
You can try different speed , different protocols and so on.
Fakeauth is the platform that enables to communicate with the unknown AP not the press-button Coke machine.