User Tools

Site Tools


interactive_packet_replay

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
interactive_packet_replay [2008/12/02 21:18]
darkaudax packes
interactive_packet_replay [2008/12/02 21:21]
darkaudax Fixed typos.
Line 27: Line 27:
 We don't care what the destination MAC address is.  This because in this case we will modify the packet being injected. ​ The following options will result in the packet looking like a "​natural"​ packet above. ​ Here are the options required: We don't care what the destination MAC address is.  This because in this case we will modify the packet being injected. ​ The following options will result in the packet looking like a "​natural"​ packet above. ​ Here are the options required:
  
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client to the access point. IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client to the access point. ​ IE Set the "To DS" field to 1.
   * -c FF:​FF:​FF:​FF:​FF:​FF sets the destination MAC address to be a broadcast. ​ This is required to cause the AP to replay the packet and thus getting the new IV.   * -c FF:​FF:​FF:​FF:​FF:​FF sets the destination MAC address to be a broadcast. ​ This is required to cause the AP to replay the packet and thus getting the new IV.
  
Line 100: Line 100:
  
   * -2 means interactive replay   * -2 means interactive replay
-  * -b 00:​14:​6C:​7E:​40:​80 selects packets with the MAC of the access point we are interested in+  * -b 00:​14:​6C:​7E:​40:​80 selects packets with the MAC of the access point we are interested in.
   * -t 1 selects packets with the "To Distribution System"​ flag set on   * -t 1 selects packets with the "To Distribution System"​ flag set on
   * -c FF:​FF:​FF:​FF:​FF:​FF sets the destination MAC address to be a broadcast. ​ This is required to cause the AP to replay the packet and thus getting the new IV.   * -c FF:​FF:​FF:​FF:​FF:​FF sets the destination MAC address to be a broadcast. ​ This is required to cause the AP to replay the packet and thus getting the new IV.
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set the "To DS" field to 1.
   * ath0 is the wireless interface   * ath0 is the wireless interface
  
Line 144: Line 144:
  
   * -2 means the interactive replay attack   * -2 means the interactive replay attack
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set the "To DS" field to 1.
   * -c FF:​FF:​FF:​FF:​FF:​FF sets the destination MAC address to be a broadcast. ​ This is required to cause the AP to replay the packet and thus getting the new IV.   * -c FF:​FF:​FF:​FF:​FF:​FF sets the destination MAC address to be a broadcast. ​ This is required to cause the AP to replay the packet and thus getting the new IV.
   * -b 00:​14:​6C:​7E:​40:​80 is the MAC address of the access point (BSSID). ​ This is a filter to select a single AP.   * -b 00:​14:​6C:​7E:​40:​80 is the MAC address of the access point (BSSID). ​ This is a filter to select a single AP.
Line 188: Line 188:
  
   * -2 means the interactive replay attack   * -2 means the interactive replay attack
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set the "To DS" field to 1.
   * -m 68 is the minimum packet length   * -m 68 is the minimum packet length
   *  -n 86 is the maximum packet length ​   *  -n 86 is the maximum packet length ​
Line 231: Line 231:
  
   * -2 means the interactive replay attack   * -2 means the interactive replay attack
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. ​ IE Set the "To DS" field to 1.
   * -c FF:​FF:​FF:​FF:​FF:​FF NOTE: This is not included because an ARP packet already has the destination MAC address set to broadcast.   * -c FF:​FF:​FF:​FF:​FF:​FF NOTE: This is not included because an ARP packet already has the destination MAC address set to broadcast.
   * -b 00:​14:​6C:​7E:​40:​80 is the MAC address of the access point (BSSID). ​ This is a filter to select a single AP.   * -b 00:​14:​6C:​7E:​40:​80 is the MAC address of the access point (BSSID). ​ This is a filter to select a single AP.
interactive_packet_replay.txt ยท Last modified: 2010/11/21 09:05 by sleek