Differences

This shows you the differences between two versions of the page.

--- interactive_packet_replay [2007/03/16 21:43] – more detailed description and extra examples darkaudax
+++ interactive_packet_replay [2007/11/27 20:57] – darkaudax
@@ Line 264: / Line 264: @@
 ===== Usage Tips =====
+==== Additional Interactive Application ====
 There are some interesting applications of the first example above.    It can be used to attack networks without any connected wireless clients.  Start the aireplay-ng attack per the example.  Now sit back and wait for any packet to be broadcast.  It does not matter what type.  Just say "y" and bingo you are generating IVs.  The tradeoff is speed, big packets yield lower IVs per second.  The major advantages is it saves the steps of obtaining the xor stream (chopchop or fragmentation attacks), building a packet and launching relay attack.
@@ Line 269: / Line 274: @@
 This would also work on APs with clients.  It would be faster since you don't have to wait for an ARP, any packet will do.
-IMPORTANT:  The MAC address you use must be associated with the AP either via fake authentication or an existing wireless client.
+IMPORTANT:  The source MAC address you use must first be associated with the AP via fake authentication.
+==== Injecting Management Frames ====
+You can also inject management and control frames on a per frame basis with aireplay-ng.  You just need to specify a matching filter since the default one just allows wep data packets.
+Examples:
+  * Setting -v 8 -u 0 -w 0 allows you to send beacons frames.
+  * Setting -v 12 -u 1 -w 0 -m 10 -n 2000 sets a filter for control frames (in this case clear-to-send frames).
 ===== Usage Troubleshooting =====