Simple check for proper injection

[ahouston]

Quote:

Originally Posted by ahouston

Firstly a big thanks to pilotsnipes - really,really good guide on getting this card working on BT 1.0

I've tried both the modified 1.0 Final CD (as per your guide) and the beta 2.0 CD - and I'm basically seeing [Malformed Packet: Prism] when I use Wireshark to look for deauth packets.

OK - I think I've got it sorted on my own - booted into the Beta 2.0 CD, and in this order:

airmon-ng start
iwpriv rausb0 rfprismhdr 0
airodump-ng rausb0
aireplay-ng -0 100 -a 11:22:33:44:55:66 rausb0

Open Wireshark - and OMG there they are - deauth frames

Looking on the driver page - http://homepages.tu-darmstadt.de/~p_larbig/wlan/

Quote:

Only difference is, that the official one is still doing automatic prism header switching, which is annoying, but can be disabled via an iwpriv command now.

Anyway, hope this helps someone cos its been driving me crazy all day.. I guess that the "rfprismhdr" is set to "1" by default when the driver starts, and that this is causing the hassle ?

[bigcat99]

Quote:

Originally Posted by ahouston

OK - I think I've got it sorted on my own - booted into the Beta 2.0 CD, and in this order:

airmon-ng start
iwpriv rausb0 rfprismhdr 0
airodump-ng rausb0
aireplay-ng -0 100 -a 11:22:33:44:55:66 rausb0

Open Wireshark - and OMG there they are - deauth frames

Looking on the driver page - http://homepages.tu-darmstadt.de/~p_larbig/wlan/



Anyway, hope this helps someone cos its been driving me crazy all day.. I guess that the "rfprismhdr" is set to "1" by default when the driver starts, and that this is causing the hassle ?

AHAH! i thought it was supposed to be a 1.

You've saved me and made my day. I thank you sir.

[wootski]

Specs: BT2.0 / Netgear WAG511 & Ubiquiti SRC (same results)
I boot
I start Kismet
I type: "wlanconfig ath1 wlandev wifi0 wlanmode monitor"
I start wireshark on ath1
I type "aireplay-ng -0 10 -a 01:02:03:04:05:06 ath1"

This is my result:
CLICK HERE FOR IMAGE
It says "prism monitoring header" but my card is atheros!?

I type: "wlan.fc.type_subtype == 12" in the filter of wireshark

All the packets now listed are Deathentication ones, and the malformed ones are gone.

Is this correct?

[pilotsnipes]

Quote:

Originally Posted by ahouston

Anyway, hope this helps someone cos its been driving me crazy all day.. I guess that the "rfprismhdr" is set to "1" by default when the driver starts, and that this is causing the hassle ?

Well done.

You may be interested in this thread:

http://tinyshell.be/aircrackng/forum...p?topic=180.15

[dopefish1337]

Hey ho party people!

Pls help me, can you pls check my result!?



Here is a thread in which a have it also posted...
D-Link DWL-G650 C4 - 0 ARP Packets - Injection working?

Is my card injection in the right way?

Thank you very much!!!

[franky_402]

ok, i just got my wg511t in the mail today and when i run airmon-ng start ath0 it wont put it into monitor mode so i yse airmon-ng start wifi0 and i get ath1 as monitor mode. So i am checking for the deauth packets and i use the dropdown list in wireshark and i do not get ath1 so i type it in manually and i use my airodump-ng script and wireshark show up bad. so i used wifi0 and wireshark shows me all the deauth packets so when i am wardriving what do i use ath1 or wifi0???

[hobbes]

franky_402: Did you bring the ath1 device up using ifconfig? There's also a handy guide on creating a monitor mode interface at the madwifi-ng wiki. NOTE: use the second wlanconfig command as backtrack will automatically create an ath0 interface.

dopefish1337: Yes.

[franky_402]

i thought i didnt have to do that i run airmon-ng start wifi0 because if i use ath1 instead nothing goes into monitor mode i get the vap cannot be put into monitor mode when i run wifi0 it tells me that ath1 is now in monitor mode with wifi0 is the parent. Then another thing that happens when i try to crack wep i always get a messege !notice recieved aa dissasociation/deauth packet..is the source mac associated. wg511t btw

[titan]

Thanks, this was really helpful!
Sadly, not good news for me but at least it made it clear that it's my device that's not injecting the right way and nothing else that make my attempts to crack my AP unsuccessful.

My device is a Netgear WG111 v2 USB dongle, using the rt8187 chipset/drivers.

Tried bringing the dongle into monitor mode both via airomon and iwconfig and everything seems good so far but when I check the packets in Wireshark they turn up as Malformed.
This is confusing, I was under the impression that this chipset should work just fine in BT2 Final.

*screenshot was supposed to go here but seems I can't post URLs yet*
The interesting parts from Wireshark's reporting seems to be these:

Packet length: 26 bytes
Protocols in frame: Prism
Malformed packet: Prism

Why does the packets turn up as Prism when I'm using rt8187?

Anyone? Would appreciate any help...

[Eristic]

hit for later reading.