interactive_packet_replay
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
interactive_packet_replay [2007/03/16 21:43] – more detailed description and extra examples darkaudax | interactive_packet_replay [2008/12/02 21:21] – Fixed typos. darkaudax | ||
---|---|---|---|
Line 14: | Line 14: | ||
So the aireplay-ng filter options we require to select these packets are: | So the aireplay-ng filter options we require to select these packets are: | ||
- | * -b 00: | + | * -b 00: |
* -d FF: | * -d FF: | ||
* -t 1 selects packets with the "To Distribution System" | * -t 1 selects packets with the "To Distribution System" | ||
Line 22: | Line 22: | ||
Next, we will look at packets which need to be manipulated in order to be successfully replayed by the access point. | Next, we will look at packets which need to be manipulated in order to be successfully replayed by the access point. | ||
- | * -b 00: | + | * -b 00: |
* -t 1 selects packets with the "To Distribution System" | * -t 1 selects packets with the "To Distribution System" | ||
We don't care what the destination MAC address is. This because in this case we will modify the packet being injected. | We don't care what the destination MAC address is. This because in this case we will modify the packet being injected. | ||
- | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client to the access point. | + | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client to the access point. IE Set the "To DS" field to 1. |
* -c FF: | * -c FF: | ||
Line 58: | Line 58: | ||
* -2 means interactive replay | * -2 means interactive replay | ||
- | * -b 00: | + | * -b 00: |
* -d FF: | * -d FF: | ||
* -t 1 selects packets with the "To Distribution System" | * -t 1 selects packets with the "To Distribution System" | ||
Line 100: | Line 100: | ||
* -2 means interactive replay | * -2 means interactive replay | ||
- | * -b 00: | + | * -b 00: |
* -t 1 selects packets with the "To Distribution System" | * -t 1 selects packets with the "To Distribution System" | ||
* -c FF: | * -c FF: | ||
- | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. | + | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. IE Set the "To DS" field to 1. |
* ath0 is the wireless interface | * ath0 is the wireless interface | ||
Line 144: | Line 144: | ||
* -2 means the interactive replay attack | * -2 means the interactive replay attack | ||
- | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. | + | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. IE Set the "To DS" field to 1. |
* -c FF: | * -c FF: | ||
* -b 00: | * -b 00: | ||
Line 188: | Line 188: | ||
* -2 means the interactive replay attack | * -2 means the interactive replay attack | ||
- | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. | + | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. IE Set the "To DS" field to 1. |
* -m 68 is the minimum packet length | * -m 68 is the minimum packet length | ||
* -n 86 is the maximum packet length | * -n 86 is the maximum packet length | ||
Line 231: | Line 231: | ||
* -2 means the interactive replay attack | * -2 means the interactive replay attack | ||
- | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. | + | * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. IE Set the "To DS" field to 1. |
* -c FF: | * -c FF: | ||
* -b 00: | * -b 00: | ||
Line 264: | Line 264: | ||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== Additional Interactive Application ==== | ||
There are some interesting applications of the first example above. | There are some interesting applications of the first example above. | ||
Line 269: | Line 274: | ||
This would also work on APs with clients. | This would also work on APs with clients. | ||
- | IMPORTANT: | + | IMPORTANT: |
+ | |||
+ | ==== Injecting Management Frames ==== | ||
+ | |||
+ | You can also inject management and control frames on a per frame basis with aireplay-ng. | ||
+ | |||
+ | Examples: | ||
+ | * Setting -v 8 -u 0 -w 0 allows you to send beacons frames. | ||
+ | * Setting -v 12 -u 1 -w 0 -m 10 -n 2000 sets a filter for control frames (in this case clear-to-send frames). | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== |
interactive_packet_replay.txt · Last modified: 2010/11/21 09:05 by sleek