packetforge-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
packetforge-ng [2007/01/26 23:44] – cosmetic changes mister_x | packetforge-ng [2008/01/01 17:26] – added troubleshooting for "Mode already specified" error. darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Packetforge-ng ====== | ====== Packetforge-ng ====== | ||
- | |||
- | |||
Line 22: | Line 20: | ||
*-e : disables WEP encryption | *-e : disables WEP encryption | ||
*-k < | *-k < | ||
- | *-l < | + | *-l < |
*-t ttl : set Time To Live | *-t ttl : set Time To Live | ||
*-w < | *-w < | ||
Line 31: | Line 29: | ||
*-y < | *-y < | ||
- | ====Modes: | + | ====Modes |
*--arp | *--arp | ||
*--udp | *--udp | ||
*--icmp | *--icmp | ||
+ | *--null | ||
*--custom | *--custom | ||
+ | |||
===== Usage Example ===== | ===== Usage Example ===== | ||
+ | ==== Generating an arp request packet ==== | ||
Here is an example of how to generate an arp request packet. | Here is an example of how to generate an arp request packet. | ||
Line 52: | Line 53: | ||
*-a 00: | *-a 00: | ||
*-h 00: | *-h 00: | ||
- | *-k 255.255.255.255 is the destination IP. IE In an arp it is the "Who has this IP" | + | *-k 192.168.1.100 is the destination IP. IE In an arp it is the "Who has this IP" |
- | *-l 255.255.255.255 is the source IP. IE In an arp is the "Tells this IP" | + | *-l 192.168.1.1 is the source IP. IE In an arp it is the "Tell this IP" |
*-y fragment-0124-161129.xor | *-y fragment-0124-161129.xor | ||
*-w arp-packet | *-w arp-packet | ||
Line 95: | Line 96: | ||
Saving chosen packet in replay_src-0124-163529.cap | Saving chosen packet in replay_src-0124-163529.cap | ||
You should also start airodump-ng to capture replies. | You should also start airodump-ng to capture replies. | ||
- | + | | |
- | End of file. | + | |
By entering " | By entering " | ||
+ | |||
+ | |||
+ | ==== Generating a null packet ==== | ||
+ | |||
+ | This option allows you to generate LLC null packets. | ||
+ | |||
+ | Remember that the size value (-s) defines the absolute size of an unencrypted packet, so you need to add 8 bytes to get its final length after encrypting it (4 bytes for iv+idx and 4 bytes for icv). This value also includes the 802.11 header with a length of 24bytes. | ||
+ | |||
+ | The command is: | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | * --null means generate a LLC null packet (requires double dash). | ||
+ | * -s 42 specifies the packet length to be generated. | ||
+ | * -a BSSID is the MAC address of the access point. | ||
+ | * -h SMAC is the source MAC address of the packet to be generated. | ||
+ | * -w short-packet.cap is the name of the output file. | ||
+ | * -y fragment.xor is the name of the file containing the PRGA. | ||
+ | |||
+ | |||
+ | ==== Generating a custom packet ==== | ||
+ | If you want to generate a customer packet, first create a packet with the tool of your choice. | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | * -9 means generate a custom packet. | ||
+ | * -r input.cap is the input file. | ||
+ | * -y keystream.xor is the file containing the PRGA. | ||
+ | * -w output.cap is the output file. | ||
+ | |||
+ | When it runs, packetforge-ng will ask you which packet to use and then output the file. | ||
+ | |||
+ | |||
+ | ===== Usage Tips ===== | ||
+ | |||
+ | Most access points really don't care what IPs are used for the arp request. | ||
+ | |||
+ | So the packetforge-ng command becomes: | ||
+ | | ||
+ | |||
+ | |||
+ | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | ==== Including both -j and -o flags ==== | ||
+ | |||
+ | A common mistake people make is to include either or both -j and -o flags and create invalid packets. | ||
+ | |||
+ | |||
+ | ==== Error message "Mode already specified" | ||
+ | |||
+ | This is commonly caused by using the number one (-1) instead of dash lowercase L (-l) in the command. | ||
+ | |||
+ | Entering: | ||
+ | | ||
+ | |||
+ | Gives: | ||
+ | Mode already specified. | ||
+ | " | ||
+ | |||
+ | This because -1 was used instead of the correct -l. So simply use " | ||
packetforge-ng.txt · Last modified: 2010/08/22 20:59 by mister_x