User Tools

Site Tools


airtun-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
airtun-ng [2009/10/14 16:02]
darkaudax Corrected parameter errors
airtun-ng [2015/04/12 23:15] (current)
mister_x Updated usage.
Line 8: Line 8:
 In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as [[http://​www.snort.org|snort]]. In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as [[http://​www.snort.org|snort]].
  
-Traffic injection can be fully bidirectional if you have the full encyption ​key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets.+Traffic injection can be fully bidirectional if you have the full encryption ​key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets.
  
 Airtun-ng also has repeater and tcpreplay-type functionality. ​ There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. ​ While doing this, you can still use the tun interface while repeating. ​ As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. ​ This is essentially tcpreplay functionality for wifi. Airtun-ng also has repeater and tcpreplay-type functionality. ​ There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. ​ While doing this, you can still use the tun interface while repeating. ​ As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. ​ This is essentially tcpreplay functionality for wifi.
Line 16: Line 16:
 ===== Usage ===== ===== Usage =====
  
- usage: airtun-ng <​options>​ <replay interface>​+ Usage: airtun-ng <​options>​ <replay interface>​
  
       *-x nbpps : maximum number of packets per second (optional)       *-x nbpps : maximum number of packets per second (optional)
-      *-a bssid : set Access Point MAC address (mandatory)+      *-a bssid : set Access Point MAC address (mandatory). In WDS Mode this sets the Receiver
       *-i iface : capture packets from this interface (optional)       *-i iface : capture packets from this interface (optional)
       *-y file : read PRGA from this file (optional / one of -y or -w must be defined)       *-y file : read PRGA from this file (optional / one of -y or -w must be defined)
       *-w wepkey : use this WEP-KEY to encrypt packets (optional / one of -y or -w must be defined)       *-w wepkey : use this WEP-KEY to encrypt packets (optional / one of -y or -w must be defined)
-      *-t tods : send frames to AP (1) or to client (0) (optional ​defaults to 0)+      ​*-p pass : use this WPA passphrase to decrypt packets (use with -a and -e) 
 +      *-e essid : target network SSID (use with -p) 
 +      ​*-t tods : send frames to AP (1) or to client (0) or tunnel them into a WDS/Bridge (2)
       *-r file : read frames out of pcap file (optional)       *-r file : read frames out of pcap file (optional)
       *-h MAC  : source MAC address       *-h MAC  : source MAC address
       *-H      : Display help.  Long form --help       *-H      : Display help.  Long form --help
 +
 +WDS/Bridge Mode options:
 +  *-s transmitter : set Transmitter MAC address for WDS Mode
 +  *-b : bidirectional mode. This enables communication in Transmitter'​s AND Receiver'​s networks. Works only if you can see both stations.
  
 Repeater options (the following all require double dashes): Repeater options (the following all require double dashes):
Line 52: Line 58:
    ​FromDS bit set in all frames.    ​FromDS bit set in all frames.
  
-You notice above that it created the **at0** interface. Switch to another console ​sesssion ​and you must now bring this interface up in order to use it:+You notice above that it created the **at0** interface. Switch to another console ​session ​and you must now bring this interface up in order to use it:
  
    ​ifconfig at0 up    ​ifconfig at0 up
Line 200: Line 206:
  
 This loads the "​tun"​ module. ​ You can confirm it is loaded by running "lsmod | grep tun"​. ​ If it does not load or there are problems, running "​dmesg"​ and reviewing the end should show errors, if any. This loads the "​tun"​ module. ​ You can confirm it is loaded by running "lsmod | grep tun"​. ​ If it does not load or there are problems, running "​dmesg"​ and reviewing the end should show errors, if any.
 +
 +==== Error creating tap interface: Permission denied ====
 +
 +See the following [[faq#​why_do_i_get_error_creating_tap_interfacepermission_denied_or_a_similar_message|FAQ entry]].
 +
airtun-ng.1255528970.txt.gz · Last modified: 2009/10/14 16:02 by darkaudax