User Tools

Site Tools


This is an old revision of the document!

Interactive packet replay

This attack allows you to choose a given packet for replaying; it sometimes gives more effective results than attack 3 ([ARP-request reinjection]).

You could use it, for example, to attempt the “any data re-broadcast” attack, which only works if the AP actually reencrypts WEP data packets:

aireplay-ng -2 -b 00:13:10:30:24:9C -n 100 -p 0841 -h 00:09:5B:EB:C5:2B -c FF:FF:FF:FF:FF:FF ath0

You can also use attack 2 to manually replay WEP-encrypted ARP request packets, which size is either 68 or 86 bytes (depending on the operating system):

aireplay-ng -2 -b 00:13:10:30:24:9C -d FF:FF:FF:FF:FF:FF -m 68 -n 68 -p 0841 -h 00:09:5B:EB:C5:2B ath0
aireplay-ng -2 -b 00:13:10:30:24:9C -d FF:FF:FF:FF:FF:FF -m 86 -n 86 -p 0841 -h 00:09:5B:EB:C5:2B ath0

Another good idea is to capture some traffic and then have a look at it with ethereal. If two packets are looking like a request and a response (One client sends a packet and very short time later the receiver is answering to it) then it is a good idea to try to reinject the request packet to get answers.

interactive_packet_replay.1163949138.txt.gz · Last modified: 2007/01/02 23:13 (external edit)