User Tools

Site Tools


i_am_injecting_but_the_ivs_don_t_increase

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
i_am_injecting_but_the_ivs_don_t_increase [2008/01/09 16:37]
darkaudax Updated to include more examples and assumptions
i_am_injecting_but_the_ivs_don_t_increase [2018/03/11 20:14] (current)
mister_x Removed link to trac
Line 1: Line 1:
 ====== Tutorial: I am injecting but the IVs don't increase! ====== ====== Tutorial: I am injecting but the IVs don't increase! ======
-Version: 1.08 January 92008\\+Version: 1.09 September 102009\\
 By: darkAudax By: darkAudax
  
  
 ===== Introduction ===== ===== Introduction =====
-A frequent ​problem that problem that comes up is that packets are being injected but the IVs don't increase. This tutorial provides guidance on determining the root cause of the problem and how to fix it.+A frequent problem that comes up is that packets are being injected but the IVs don't increase. This tutorial provides guidance on determining the root cause of the problem and how to fix it.
  
 Experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a   ​particular access point, please remember to get permission from the owner prior to playing with it. Experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a   ​particular access point, please remember to get permission from the owner prior to playing with it.
  
-I would like to acknowledge and thank the [[http://​trac.aircrack-ng.org/​wiki/​Team|Aircrack-ng team]] for producing such a great robust tool.  +Please send any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome.
-Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome.+
  
 ===== Assumptions ===== ===== Assumptions =====
Line 64: Line 63:
  
   11:​04:​34.360700 314us BSSID:​00:​14:​6c:​7e:​40:​80 DA:​00:​0f:​b5:​46:​11:​19 SA:​00:​14:​6c:​7e:​40:​80 DeAuthentication:​ Class 3 frame received from nonassociated station   11:​04:​34.360700 314us BSSID:​00:​14:​6c:​7e:​40:​80 DA:​00:​0f:​b5:​46:​11:​19 SA:​00:​14:​6c:​7e:​40:​80 DeAuthentication:​ Class 3 frame received from nonassociated station
 +  ​
 +  ​
  
 Notice that the access point (00:​14:​6c:​7e:​40:​80) is telling the source (00:​0f:​b5:​46:​11:​19) you are not associated. ​ Meaning, the AP will not process or accept the injected packets. Notice that the access point (00:​14:​6c:​7e:​40:​80) is telling the source (00:​0f:​b5:​46:​11:​19) you are not associated. ​ Meaning, the AP will not process or accept the injected packets.
Line 112: Line 113:
 ==== ARP Request Replay ==== ==== ARP Request Replay ====
  
-Use the standard [[http://​aircrack-ng.org/​doku.php?​id=arp-request_reinjection|ARP request replay]] technique.+Use the standard [[arp-request_reinjection|ARP request replay]] technique.
  
 This assumes that you have a wired or wireless client active. ​ To speed things up, simply ping a non-existent IP on your LAN. This assumes that you have a wired or wireless client active. ​ To speed things up, simply ping a non-existent IP on your LAN.
Line 118: Line 119:
 ==== Replay Previous ARP ==== ==== Replay Previous ARP ====
  
-You can replay an ARP which was previously captured. ​ See this [[http://​aircrack-ng.org/​doku.php?​id=arp-request_reinjection#​usage_example|section]] for an example.+You can replay an ARP which was previously captured. ​ See this [[arp-request_reinjection#​usage_example|section]] for an example.
  
-==== Use "-p 084" Technique ==== 
  
-You can replay any data packet captured in real time.  See this [[http://​aircrack-ng.org/​doku.php?​id=interactive_packet_replay#​other_examples|section]] for an example.+==== Use "-p 0841" Technique ==== 
 + 
 +You can replay any data packet captured in real time.  See this [[interactive_packet_replay#​other_examples|section]] for an example.
  
 This assumes that there is at least one data packet broadcast by the AP or a wireless client. This assumes that there is at least one data packet broadcast by the AP or a wireless client.
  
  
-==== Use "​-p ​084" Technique with Previous Data ====+ 
 +==== Use "​-p ​0841" Technique with Previous Data ====
  
 You can combine the "-p 0841" technique with reading packets from a previous capture. ​ Simply use the technique from the previous section in combination with "-r <file name>"​. You can combine the "-p 0841" technique with reading packets from a previous capture. ​ Simply use the technique from the previous section in combination with "-r <file name>"​.
Line 176: Line 179:
  
 Although you can't see it, the above command started generating the IVs.  As usual, run [[airodump-ng]] and [[aircrack-ng]]. Although you can't see it, the above command started generating the IVs.  As usual, run [[airodump-ng]] and [[aircrack-ng]].
 +
  
  
Line 184: Line 188:
   * With some drivers, the wireless card MAC address must be the same as MAC address you are injecting. So if fake authentication is still not working then try changing the card MAC to the same one you are trying to authenticate with.  A typical package to do this is macchanger. ​ Search the forums or the internet for the details and other options. ​ Changing the MAC address is beyond the scope of this tutorial. ​ See [[faq#​how_do_i_change_my_card_s_mac_address|How do I change my card's MAC address?]]   * With some drivers, the wireless card MAC address must be the same as MAC address you are injecting. So if fake authentication is still not working then try changing the card MAC to the same one you are trying to authenticate with.  A typical package to do this is macchanger. ​ Search the forums or the internet for the details and other options. ​ Changing the MAC address is beyond the scope of this tutorial. ​ See [[faq#​how_do_i_change_my_card_s_mac_address|How do I change my card's MAC address?]]
  
-  * Some access points are configured to only allow selected MAC access to associate and connect. ​ If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list.  Thus ,the advantage of the next technique (interactive replay) is that it gets around this control.+  * Some access points are configured to only allow selected MAC access to associate and connect. ​ If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list.  Thus, the advantage of the next technique (interactive replay) is that it gets around this control.
  
 To determine if MAC access control is in place, enter the following command: To determine if MAC access control is in place, enter the following command:
i_am_injecting_but_the_ivs_don_t_increase.1199893069.txt.gz · Last modified: 2008/01/09 16:37 by darkaudax