Simple check for proper injection

hobbes · #1 (**permalink**) 04-28-2006, 04:14 AM

This thread was created as a companion to the Quick Guide to Breaking WEP because it exceeded the character limit. Still, useful.

Checking for injection

If you are unsure if your card is injecting properly there is a simple test you can do. First you will need to bring your card into monitor mode (iwconfig DEV mode monitor where DEV is your wifi device. There may be additional steps involved in preparing your system for injection. Some cards do not support monitor mode, either.)

Then start wireshark (it's in the sniffers menu, or type "wireshark" into a console. It's worth noting that until recently his tool was called ethereal.) Click the button to show the capture options (second from the left, little wrench icon) and select your wifi device from the drop down menu. Check the box to update the list of packets in realtime and then start the capture. If you want to display only the deauth frames you are about to broadcast, enter the following into the display filter of wireshark (NOTE: Display filters and Capture filters are not the same thing. The display filter input box is labled "Filter:" and is located just below the options button.)

Display filter for deauth packets in wireshark

wlan.fc.type_subtype == 12

Next, in a fresh konsole or xterm window, type: aireplay -0 10 -a 01:02:03:04:05:06 DEVICE . This command will broadcast 10 deauth frames to a nonexistant AP. If all goes well the deauth packets should show up in the wireshark capture frame.

As usual, I'm open to corrections and additions, PM me if you have any.

Links

Ethereal Wireless Filter List

Original WEP Cracking Tutorial

kimbell · #2 (**permalink**) 04-28-2006, 11:20 PM

Nice job. That is usefull for those who have problem with aireplay and are unsure of what the can do to investigate further.

Pyrator · #3 (**permalink**) 04-28-2006, 11:56 PM

thanx for this!

Tossil · #4 (**permalink**) 05-18-2006, 12:53 AM

after I enter

aireplay -0 -10 -a 00:00:00:00:00 ath0

I get

please specify a BSSID (-a).

Any clue what I must be doing wrong?

darthn · #5 (**permalink**) 05-18-2006, 01:02 AM

Quote:

Originally Posted by Tossil

after I enter

aireplay -0 -10 -a 00:00:00:00:00 ath0

I get

please specify a BSSID (-a).

Any clue what I must be doing wrong?

Enter it. Google essid, ssid, bssid.

bigugly · #6 (**permalink**) 05-18-2006, 02:04 AM

Quote:

Originally Posted by Tossil

after I enter

aireplay -0 -10 -a 00:00:00:00:00 ath0

I get

please specify a BSSID (-a).

Any clue what I must be doing wrong?

try aireplay -0 -10 -a 00:11:22:33:44:55 ath0

Tossil · #7 (**permalink**) 05-18-2006, 05:46 AM

Quote:

Originally Posted by darthn

Enter it. Google essid, ssid, bssid.

Darthn, as you can see in my post I did enter a BSSID (OO:OO:OO:OO:OO:OO) as was said above. The error came after entering exactly what was said.

hobbes · #8 (**permalink**) 05-18-2006, 06:10 AM

The MAC address must be six (6) hex characters long. As in 11:22:33:44:55:66.

bigugly · #9 (**permalink**) 05-18-2006, 07:35 AM

the reason I posted the 00:11:22:33:44:55 was that I also had problems just using 0's but 00:11:22:33:44:55 worked fine

Tossil · #10 (**permalink**) 05-18-2006, 08:18 AM

"Next, in a fresh konsole or xterm window, type: aireplay -0 10 -a 00:00:00:00:00:00 DEVICE . This command will broadcast 10 deauth frames to a nonexistant AP. If all goes well the deauth packets should show up in the ethereal capture frame."

As stated above, entering 00:00:00:00:00:00 gave me that error. So I entered 00:11:22:33:44:55 and did not get the error I had gotten before.

After doing that, nothing came up in Ethereal, so I assume my wireless card is not injecting anything. Oh fun.... At least I know one thing thats giving me problems now. Thanks for the help.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode