injection_test
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
injection_test [2007/05/05 15:05] – updated to reflect the new ping test darkaudax | injection_test [2012/08/17 23:20] – [Usage] jano | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Injection test ====== | ====== Injection test ====== | ||
- | ++++++ IMPORTANT ++++++\\ | + | **Important note: |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | + | ||
- | This functionality will be available | + | |
- | + | ||
- | ++++++ IMPORTANT ++++++\\ | + | |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | + | ||
===== Description ===== | ===== Description ===== | ||
- | The injection test determines if your card can successfully inject and determine the ping response times to the Access Point (AP). If you have two wireless cards, it can also determine which specific injection tests can be successfully | + | The injection test determines if your card can successfully inject and determine the ping response times to the Access Point (AP). If you have two wireless cards, it can also determine which specific injection tests can be successfully |
- | The basic injection test provides additional valuable information as well. | + | The basic injection test provides additional valuable information as well. First, it lists access points in the area which respond to broadcast probes. |
You may optionally specify the AP name and MAC address. | You may optionally specify the AP name and MAC address. | ||
Line 32: | Line 22: | ||
If two wireless cards were specified then each attack mode is tried and the results printed on the screen. | If two wireless cards were specified then each attack mode is tried and the results printed on the screen. | ||
+ | |||
+ | An additional feature is the ability to test connectivity to [[airserv-ng]]. | ||
===== Usage ===== | ===== Usage ===== | ||
- | aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 -i wlan0 ath0 | + | aireplay-ng -9 -e teddy -a 00:de:ad:ca:fe:00 -i wlan1 wlan0 |
Where: | Where: | ||
- | * -9 means injection test. Long form is - -test. | + | * -9 means injection test. Long form is -'''' |
* -e teddy is the network name (SSID). | * -e teddy is the network name (SSID). | ||
- | * -a 00:14:6C:7E:40:80 ath0 is MAC address of the access point (BSSID). This is optional. | + | * -b 00:de:ad:ca:fe:00 ath0 is MAC address of the access point (BSSID). This is optional. |
- | * -i wlan0 is interface name of the second card if you want to determine which attacks your card supports. | + | * -i wlan1 is interface name of the second card if you want to determine which attacks your card supports. This interfaces acts as an AP and receives packets. This is optional. |
- | * ath0 is the interface name. (Mandatory) | + | * wlan0 is the interface name or airserv-ng IP Address plus port number. |
- | IMPORTANT: | + | IMPORTANT: |
===== Usage Examples ===== | ===== Usage Examples ===== | ||
- | |||
==== Basic Test ==== | ==== Basic Test ==== | ||
Line 107: | Line 98: | ||
* It confirms that the card can inject and successfully communicate with the specified network. | * It confirms that the card can inject and successfully communicate with the specified network. | ||
+ | |||
==== Attack Tests ==== | ==== Attack Tests ==== | ||
- | This test requires two wireless cards. | + | This test requires two wireless cards in monitor mode. The card specified by " |
Run the following command: | Run the following command: | ||
- | | + | |
Where: | Where: | ||
* -9 means injection test. | * -9 means injection test. | ||
- | * -i ath0 is the interface to mimic the AP. | + | * -i wlan1 is the interface to mimic the AP and receives packets. |
* wlan0 is the injection interface. | * wlan0 is the injection interface. | ||
The system responds: | The system responds: | ||
- | | + | |
| | ||
| | ||
Line 131: | Line 123: | ||
| | ||
- | | + | |
| | ||
| | ||
Line 144: | Line 136: | ||
Analysis of the response: | Analysis of the response: | ||
- | * **11: | + | * **11: |
* The first part of the output is identical to what has been presented earlier. | * The first part of the output is identical to what has been presented earlier. | ||
* The last part shows that wlan0 card is able to perform all attack types successfully. | * The last part shows that wlan0 card is able to perform all attack types successfully. | ||
* If you get a failure on attack 5, it may still work in the field if the injection MAC address matches the current card MAC address. | * If you get a failure on attack 5, it may still work in the field if the injection MAC address matches the current card MAC address. | ||
+ | |||
+ | ==== Airserv-ng Test ==== | ||
+ | |||
+ | Run the following command: | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | |||
+ | * -9 means injection test. | ||
+ | * 127.0.0.1: | ||
+ | |||
+ | The system responds: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Analysis of the response: | ||
+ | |||
+ | * **Connection successful**: | ||
+ | * The second part of the output is identical to what has been presented earlier. | ||
+ | |||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
Line 156: | Line 185: | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | Make sure the card(s) are on the same channel as your AP. | ||
- | Make sure your cards are not channel hopping. | + | ==== General ==== |
+ | |||
+ | * Make sure you use the correct interface name. For mac80211 drivers, it is typically " | ||
+ | |||
+ | * Make sure the card(s) are on the same channel as your AP and locked on this channel. | ||
+ | |||
+ | * Make sure your card is not channel hopping. A very common mistake is to have airodump-ng running in channel hopping mode. If you use airodump-ng, | ||
+ | |||
+ | ==== " | ||
+ | |||
+ | If you get error messages similar to the following for Atheros-based cards and the madwifi-ng driver: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | write failed: Network is down | ||
+ | | ||
+ | |||
+ | Remove the " | ||
+ | |||
+ | |||
+ | ==== Airodump-ng shows APs but they don't respond ==== | ||
+ | |||
+ | The injection test uses broadcast probe requests. | ||
+ | In both cases, try another channel with multiple APs. Or try the specific SSID test described above. | ||
injection_test.txt · Last modified: 2013/04/25 11:17 by jano