packetforge-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
packetforge-ng [2007/01/27 20:49] – Standardizing the format darkaudax | packetforge-ng [2010/08/22 20:59] (current) – update "Usage" and fixed "mode" rendering mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Packetforge-ng ====== | ====== Packetforge-ng ====== | ||
- | |||
- | |||
Line 12: | Line 10: | ||
Usage: packetforge-ng < | Usage: packetforge-ng < | ||
- | ====Forge options:==== | + | ====Forge options==== |
*-p < | *-p < | ||
Line 22: | Line 20: | ||
*-e : disables WEP encryption | *-e : disables WEP encryption | ||
*-k < | *-k < | ||
- | *-l < | + | *-l < |
*-t ttl : set Time To Live | *-t ttl : set Time To Live | ||
*-w < | *-w < | ||
- | ====Source options:==== | + | ====Source options==== |
*-r < | *-r < | ||
*-y < | *-y < | ||
- | ====Modes:==== | + | ====Modes ==== |
- | + | ||
- | *--arp | + | |
- | *--udp | + | |
- | *--icmp | + | |
- | *--custom | + | |
+ | *-'''' | ||
+ | *-'''' | ||
+ | *-'''' | ||
+ | *-'''' | ||
+ | *-'''' | ||
===== Usage Example ===== | ===== Usage Example ===== | ||
+ | ==== Generating an arp request packet ==== | ||
Here is an example of how to generate an arp request packet. | Here is an example of how to generate an arp request packet. | ||
Line 100: | Line 99: | ||
By entering " | By entering " | ||
+ | |||
+ | |||
+ | ==== Generating a null packet ==== | ||
+ | |||
+ | This option allows you to generate LLC null packets. | ||
+ | |||
+ | Remember that the size value (-s) defines the absolute size of an unencrypted packet, so you need to add 8 bytes to get its final length after encrypting it (4 bytes for iv+idx and 4 bytes for icv). This value also includes the 802.11 header with a length of 24bytes. | ||
+ | |||
+ | The command is: | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | * --null means generate a LLC null packet (requires double dash). | ||
+ | * -s 42 specifies the packet length to be generated. | ||
+ | * -a BSSID is the MAC address of the access point. | ||
+ | * -h SMAC is the source MAC address of the packet to be generated. | ||
+ | * -w short-packet.cap is the name of the output file. | ||
+ | * -y fragment.xor is the name of the file containing the PRGA. | ||
+ | |||
+ | |||
+ | ==== Generating a custom packet ==== | ||
+ | If you want to generate a customer packet, first create a packet with the tool of your choice. | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | * -9 means generate a custom packet. | ||
+ | * -r input.cap is the input file. | ||
+ | * -y keystream.xor is the file containing the PRGA. | ||
+ | * -w output.cap is the output file. | ||
+ | |||
+ | When it runs, packetforge-ng will ask you which packet to use and then output the file. | ||
+ | |||
Line 107: | Line 140: | ||
So the packetforge-ng command becomes: | So the packetforge-ng command becomes: | ||
- | | + | |
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | ==== Including both -j and -o flags ==== | ||
+ | |||
A common mistake people make is to include either or both -j and -o flags and create invalid packets. | A common mistake people make is to include either or both -j and -o flags and create invalid packets. | ||
+ | |||
+ | |||
+ | ==== Error message "Mode already specified" | ||
+ | |||
+ | This is commonly caused by using the number one (-1) instead of dash lowercase L (-l) in the command. | ||
+ | |||
+ | Entering: | ||
+ | | ||
+ | |||
+ | Gives: | ||
+ | Mode already specified. | ||
+ | " | ||
+ | |||
+ | This because -1 (number one) was used instead of the correct -l (the letter ell). So simply use " | ||
packetforge-ng.1169927358.txt.gz · Last modified: 2007/01/27 20:49 (external edit)