This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
arp_inject_capture [2009/02/16 19:45] darkaudax Updated to reflect unique IVs are used on injected packets. |
arp_inject_capture [2009/08/14 19:22] mister_x use dokuwiki internal link |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: ARP Request Injection Packet Capture Explained ====== | ====== Tutorial: ARP Request Injection Packet Capture Explained ====== | ||
- | Version: 1.02 February 16, 2009\\ | + | Version: 1.03 February 16, 2009\\ |
By: darkAudax | By: darkAudax | ||
File linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/arpinjection.cap|arpinjection.cap]] | File linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/arpinjection.cap|arpinjection.cap]] | ||
+ | |||
===== Introduction ===== | ===== Introduction ===== | ||
Line 9: | Line 10: | ||
This is quick and dirty explanation of a sample capture file. It is a capture of an ARP request injection. To keep things simple, I have only included three rounds. | This is quick and dirty explanation of a sample capture file. It is a capture of an ARP request injection. To keep things simple, I have only included three rounds. | ||
- | To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All". This shows all the sections and fields expanded. You will need to scroll through the fields for each packet to locate the ones mentioned. See this [[http://aircrack-ng.org/doku.php?id=faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark. | + | To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All". This shows all the sections and fields expanded. You will need to scroll through the fields for each packet to locate the ones mentioned. See this [[faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark. |
The capture was done using an Atheros chipset and airodump-ng as the capture program. | The capture was done using an Atheros chipset and airodump-ng as the capture program. | ||
Line 31: | Line 32: | ||
Notice the the initialization vector number (IEEE 802.11 -> WEP Parameters) is the same on each. This is because we are injecting the same packet over and over. | Notice the the initialization vector number (IEEE 802.11 -> WEP Parameters) is the same on each. This is because we are injecting the same packet over and over. | ||
- | NOTE: In current versions of aircrack-ng, the initialization vector number changes on each injected packet since a push-down stack of the most recently received packets is used. | + | NOTE: In current versions of aireplay-ng, the initialization vector number changes on each injected packet since a push-down stack of the most recently received packets is used. The following sample file shows examples of unique injected IVs: [[http://download.aircrack-ng.org/wiki-files/other/arpinjection.new.cap|arpinjection.new.cap]] |