Table of Contents

Tutorial: Packets Supported for the PTW Attack

Version: 1.03 August 14, 2008
By: darkAudax

Introduction

Sometimes people report that PTW fails even though they have sufficient packets. Sufficient meaning roughly 20,000 to 100,000 data packets. For PTW to work correctly, it assumes packets are IP (ethertype 0x0800) or ARP (ethertype 0x0806). The real life problem comes when some of the packets being used with aircrack-ng do not match this assumption. In this case, they disrupt the PTW calculations and PTW fails to find the key.

This tutorial is intended to explore this problem in more detail. Hopefully it will allow people to understand when alternate techniques are to be used.

Another important limitation is that the PTW attack currently can only crack 40 and 104 bit WEP keys.

This web page briefly describes the IEEE 802.3 Logical Link Control. It explains the following terms which are used in the table below: Destination Service Access Point (DSAP) and the second address a Source Service Access Point (SSAP). The LLC contains the following total of 8 bytes:

For IP (TCP/UDP/ICMP) packets:

 DSAP 0xAA SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x000000 Ethertype 0x0800

For ARP packets:

 DSAP 0xAA SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x000000 Ethertype 0x0806

Aircrack-ng is programmed by default to use the PTW method to determine the key. This PTW method is broken into two phases. The first phase uses only ARP packets for decryption. ARP being defined as a broadcast destination MAC (FF:FF:FF:FF:FF:FF) and a length of 68 or 86 data bytes. Please keep in mind that non-ARP packets can sometimes match this criteria and disrupt PTW. The second phase uses all available data packets. During the second phase, certain packets are ignored since they are known to be unusable with PTW. The table below describes the packets known at this time. Again, please keep in mind the fact that other packets may be inadvertently included which disrupt the PTW calculations.

The bottom line is that the PTW method normally works well but bad packets can sometimes cause it to fail. If this is the case then you need to gather a much larger number of packets and use the Korek method to determine the WEP key.

Non-standard Packet Support

All IP and ARP packets are known to be supported. The following table documents the current status of non-standard packet support for PTW.

Protocol Address Information Packet Information Comments PTW
Spanning Tree 802.1D (STP)Destination MAC 01:80:C2:00:00:00DSAP 0x42, SSAP 0x42, Control Frame Type 0x03The Spanning Tree protocol is used to prevent routing loops between switchesNo.
Port Aggregation Protocol (PAgP)Destination MAC 01:00:0C:CC:CC:CCDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x0104Used to bundle ports on Catalys switches into EtherChannel. Similar to Ethernet bonding in the linux world.No
VLAN Trunking Protocol (VTP)Destination MAC 01:00:0C:CC:CC:CCDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x2003Provides information about configured virtual LANs (VLANs)No
Cisco Inter Switch Link (ISL)Destination MAC 01:00:0C:00:00:00UnknownCisco Version. Functionally similar to 802.1q.Unknown
Dynamic Trunking Protocol (DTP)Destination MAC 01:00:0C:CC:CC:CCDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x2004Negotiates trunk port mode between Cisco Catalyst switches.No
Cisco Spanning Tree PVST+Destination MAC 01:00:0C:CC:CC:CDDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x010BCisco proprietary verson of the Spanning Tree Protocol.No
Cisco STP Uplink FastDestination MAC 01:00:0C:CD:CD:CDDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x200ASpeeds up STP convergence time in the presence of reducant links on networks consisting of Catalys switches.No
Cisco VLAN Bridge STPDestination MAC 01:00:0C:CD:CD:CEDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x010COperates on top of IEEE STP to bridge VLANS while running single instance of STP. Indicates presence of Catalyst 6000/6500 switches with Multilayer Switch Feature Cards (MSFCs) installed.No
Cisco SyncDestination MAC 01:00:0C:EE:EE:EEUnknownSent by the root bridge on VLAN 1 every 2 minutes. Helps to maintain an accurate STP topology.Unknown
Cisco Discovery Protocol (STP)Destination MAC 01:00:0C:CC:CC:CCDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x2000CDP is used to discover and announce network devices.No
Cisco Group Management Protocol (CGMP)Destination MAC 01:00:0C:DD:DD:DDDSAP 0xAA, SSAP 0xAA, Control Frame Type 0x03, Organization Code 0x00000C, Protocol 0x2001Limits the forwarding of IP multicast packets only to those ports associated with IP multicast clients on Catalyst switches.No

Bytes Needed for Decryption

For PTW we need “key length plus 3 bytes” keystream length. As an example: A 40 bit WEP key is 5 bytes long. So we need “5 bytes plus 3 bytes”, thus 8 keystream bytes. Keystream bytes are bytes that we know the unencrypted value.

For ARP packets, we know 22 keystream bytes. ARPs can be used for 40 and 104 bit WEP cracking.

For IP packets, we know 9 bytes for sure so 40 bit WEP is no problem. For 104 bit WEP, there are 2 bytes which are completely unknown. These are bruteforced. And one final byte is guessed since there are only three possibilities.

Handy URLs