User Tools

Site Tools


arp_inject_capture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
arp_inject_capture [2009/02/16 19:45]
darkaudax Updated to reflect unique IVs are used on injected packets.
arp_inject_capture [2009/08/14 19:22] (current)
mister_x use dokuwiki internal link
Line 1: Line 1:
 ====== Tutorial: ARP Request Injection Packet Capture Explained ====== ====== Tutorial: ARP Request Injection Packet Capture Explained ======
-Version: 1.02 February 16, 2009\\+Version: 1.03 February 16, 2009\\
 By: darkAudax By: darkAudax
  
 File linked to this tutorial: [[http://​download.aircrack-ng.org/​wiki-files/​other/​arpinjection.cap|arpinjection.cap]] File linked to this tutorial: [[http://​download.aircrack-ng.org/​wiki-files/​other/​arpinjection.cap|arpinjection.cap]]
 +
  
 ===== Introduction ===== ===== Introduction =====
Line 9: Line 10:
 This is quick and dirty explanation of a sample capture file.  It is a capture of an ARP request injection. ​ To keep things simple, I have only included three rounds. This is quick and dirty explanation of a sample capture file.  It is a capture of an ARP request injection. ​ To keep things simple, I have only included three rounds.
  
-To view the capture, use [[http://​www.wireshark.org/​|Wireshark]] to open it then "​View"​ then "​Expand All"​. ​ This shows all the sections and fields expanded. ​ You will need to scroll through the fields for each packet to locate the ones mentioned. ​ See this [[http://​aircrack-ng.org/​doku.php?​id=faq#​can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.+To view the capture, use [[http://​www.wireshark.org/​|Wireshark]] to open it then "​View"​ then "​Expand All"​. ​ This shows all the sections and fields expanded. ​ You will need to scroll through the fields for each packet to locate the ones mentioned. ​ See this [[faq#​can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.
  
 The capture was done using an Atheros chipset and airodump-ng as the capture program. The capture was done using an Atheros chipset and airodump-ng as the capture program.
Line 31: Line 32:
 Notice the the initialization vector number (IEEE 802.11 -> WEP Parameters) is the same on each.  This is because we are injecting the same packet over and over. Notice the the initialization vector number (IEEE 802.11 -> WEP Parameters) is the same on each.  This is because we are injecting the same packet over and over.
  
-NOTE: In current versions of aircrack-ng, the initialization vector number changes on each injected packet since a push-down stack of the most recently received packets is used.+NOTE: In current versions of aireplay-ng, the initialization vector number changes on each injected packet since a push-down stack of the most recently received packets is used.  The following sample file shows examples of unique injected IVs: [[http://​download.aircrack-ng.org/​wiki-files/​other/​arpinjection.new.cap|arpinjection.new.cap]]
  
  
arp_inject_capture.1234809929.txt.gz ยท Last modified: 2009/02/16 19:45 by darkaudax