User Tools

Site Tools


interactive_packet_replay

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
interactive_packet_replay [2008/12/02 21:18] – packes darkaudaxinteractive_packet_replay [2008/12/02 21:21] – Fixed typos. darkaudax
Line 27: Line 27:
 We don't care what the destination MAC address is.  This because in this case we will modify the packet being injected.  The following options will result in the packet looking like a "natural" packet above.  Here are the options required: We don't care what the destination MAC address is.  This because in this case we will modify the packet being injected.  The following options will result in the packet looking like a "natural" packet above.  Here are the options required:
  
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client to the access point. IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client to the access point.  IE Set the "To DS" field to 1.
   * -c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast.  This is required to cause the AP to replay the packet and thus getting the new IV.   * -c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast.  This is required to cause the AP to replay the packet and thus getting the new IV.
  
Line 100: Line 100:
  
   * -2 means interactive replay   * -2 means interactive replay
-  * -b 00:14:6C:7E:40:80 selects packets with the MAC of the access point we are interested in+  * -b 00:14:6C:7E:40:80 selects packets with the MAC of the access point we are interested in.
   * -t 1 selects packets with the "To Distribution System" flag set on   * -t 1 selects packets with the "To Distribution System" flag set on
   * -c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast.  This is required to cause the AP to replay the packet and thus getting the new IV.   * -c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast.  This is required to cause the AP to replay the packet and thus getting the new IV.
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set the "To DS" field to 1.
   * ath0 is the wireless interface   * ath0 is the wireless interface
  
Line 144: Line 144:
  
   * -2 means the interactive replay attack   * -2 means the interactive replay attack
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client. IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set the "To DS" field to 1.
   * -c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast.  This is required to cause the AP to replay the packet and thus getting the new IV.   * -c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast.  This is required to cause the AP to replay the packet and thus getting the new IV.
   * -b 00:14:6C:7E:40:80 is the MAC address of the access point (BSSID).  This is a filter to select a single AP.   * -b 00:14:6C:7E:40:80 is the MAC address of the access point (BSSID).  This is a filter to select a single AP.
Line 188: Line 188:
  
   * -2 means the interactive replay attack   * -2 means the interactive replay attack
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set the "To DS" field to 1.
   * -m 68 is the minimum packet length   * -m 68 is the minimum packet length
   *  -n 86 is the maximum packet length    *  -n 86 is the maximum packet length 
Line 231: Line 231:
  
   * -2 means the interactive replay attack   * -2 means the interactive replay attack
-  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set "To DS" field to 1.+  * -p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.  IE Set the "To DS" field to 1.
   * -c FF:FF:FF:FF:FF:FF NOTE: This is not included because an ARP packet already has the destination MAC address set to broadcast.   * -c FF:FF:FF:FF:FF:FF NOTE: This is not included because an ARP packet already has the destination MAC address set to broadcast.
   * -b 00:14:6C:7E:40:80 is the MAC address of the access point (BSSID).  This is a filter to select a single AP.   * -b 00:14:6C:7E:40:80 is the MAC address of the access point (BSSID).  This is a filter to select a single AP.
interactive_packet_replay.txt · Last modified: 2010/11/21 09:05 by sleek