aircrack-ng failed, 150,000 IVs

[mostofmonty]

I have been attempting to retrieve the WEP password from my own AP using aircrack installed on a linux OS (Slax).

My card is the intel wifi 5100, i believe i have patched the drivers correctly as all injection tests are working.

I successfully retrieve many IVs at around 500/s when injecting, but the problem arises when i run aircrack-ng on the file with just over 150,000 IVs. The attempt always fails.

I am only using a 64 bit key, and i've read that it should require far less than this when using the PTW attack.

Is there a possibility that i am not collecting the correct IVs?

Apologies if this is a simple question that has already been answered, but i have not found any threads through my searches.

Any help would be greatly appreciated.

[snaes]

Thats wierd....It should work from what you are telling me. Try increasing the fudge factor a little. Technically you shouldnt have to but thats all i can think of. If nothing else turn it way up over night and see what happens...

its the -f <#> function. Default is -f 2 i believe. So this is what it would look like:
aircrack-ng -f 6 file.cap

EDIT: oh, make sure when you are running airodump-ng you have all the setting like --bssid and --channel set to filter out unwanted junk. You might have a bunch of random .ivs which would be hard to crack

[Snayler]

In aircrack-ng site, it says that there are some routers that inject some fake IV's to fool aircrack. Maybe it is your case? Try to read some more about it. If memory serves me, the aircrack team created a workaround for this.

[Nick_the_Greek]

Quote:

Originally Posted by mostofmonty

..... using aircrack installed on a linux OS (Slax).

This isn't an Slax or Aicrack-ng forum.

[_DoS_]

It`s not a aircrack forum but BT has the aircrack suit so it deserves help i think ..

I have the same card and its working just fine with me (difrence is that am using BT4 ) .. In what you are telling if you had patched the drivers ok and you got injection working (as you say,you capture 500#/s) then you should have no problem. Maybe the problem is with Slax or with the router like Snayler said.

I have seen a case that aircrack didnt find the key with 3.000.000 packets from an AP, but the next day it found it from just 2000 packets (the same AP).

Post the commands that you are using may be of some help, but at the end from my expirience i sugesst to download and try Backtrack becouse it works flowless with intel 5100 with the right update.

Regards

[vvpalin]

wow .. blind leading the blind

Quote:

150,000 IVs

Is about 100,000 more than what you need fyi, and you do realize in older versions of aircrack you need to specify the keylength rite ????

[_DoS_]

Quote:

Originally Posted by vvpalin

wow .. blind leading the blind



Is about 100,000 more than what you need fyi, and you do realize in older versions of aircrack you need to specify the keylength rite ????

The point was that sometimes you just dont get the right ivs that aircrack needs..You can collect an infinite number of Iv`s and still you`ll be unable to crack the key.

And mostofmonty did you stoped airodump-ng before trying to crack the .cap file ?

[Gary987]

Quote:

Is there a possibility that i am not collecting the correct IVs?

Maybe a stupid question, but can you/are you using ARP request replay?

The other modes will take ALOT of ivs.