User Tools

Site Tools


fragmentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
fragmentation [2007/07/21 19:07]
darkaudax fixed typo
fragmentation [2009/09/05 23:32]
mister_x wiki-files.aircrack-ng.org become download.aircrack-ng.org/wiki-files
Line 1: Line 1:
 ====== Fragmentation Attack ====== ====== Fragmentation Attack ======
- 
- 
- 
- 
 ===== Description ===== ===== Description =====
 This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with [[packetforge-ng]] which are in turn used for various injection attacks. ​ It requires at least one data packet to be received from the access point in order to initiate the attack. This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA. The PRGA can then be used to generate packets with [[packetforge-ng]] which are in turn used for various injection attacks. ​ It requires at least one data packet to be received from the access point in order to initiate the attack.
  
-Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. ​ This cycle is repeated ​several times until 1500 bytes of PRGA are obtained or sometimes less then 1500 bytes+Basically, the program obtains a small amount of keying material from the packet then attempts to send ARP and/or LLC packets with known content to the access point (AP).  If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. ​ This cycle is repeated several times until 1500 bytes of PRGA are obtained or sometimes less then 1500 bytes.
- +
-The original paper, [[http://​darkircop.org/​bittau-wep.pdf|The Fragmentation Attack in Practice]], by Andrea Bittau provides a much more detailed technical description of the technique. ​ A local copy is located [[http://​wiki-files.aircrack-ng.org/​doc/​Fragmentation-Attack-in-Practice.pdf|here]]. ​ Here are [[http://​darkircop.org/​frag.pdf|presentation slides]] of a related paper. ​ A local copy of the slides is located [[http://​wiki-files.aircrack-ng.org/​doc/​Final-Nail-in-WEPs-Coffin.slides.pdf|here]]. ​ Also see the paper "The Final Nail in WEP's Coffin"​ on this page.+
  
 +The original paper, [[http://​darkircop.org/​bittau-wep.pdf|The Fragmentation Attack in Practice]], by Andrea Bittau provides a much more detailed technical description of the technique. ​ A local copy is located [[http://​download.aircrack-ng.org/​wiki-files/​doc/​Fragmentation-Attack-in-Practice.pdf|here]]. ​ Here are [[http://​darkircop.org/​frag.pdf|presentation slides]] of a related paper. ​ A local copy of the slides is located [[http://​download.aircrack-ng.org/​wiki-files/​doc/​Final-Nail-in-WEPs-Coffin.slides.pdf|here]]. ​ Also see the paper "The Final Nail in WEP's Coffin"​ on this page.
  
 ===== Usage ===== ===== Usage =====
Line 98: Line 93:
  
 ===== Usage Troubleshooting ===== ===== Usage Troubleshooting =====
 +
 +==== General =====
  
   * Make sure your card can successfully inject. ​ Use the [[injection_test|injection test]] to confirm your card can inject.   * Make sure your card can successfully inject. ​ Use the [[injection_test|injection test]] to confirm your card can inject.
Line 109: Line 106:
   * [[interactive_packet_replay#​other_examples|-p 0841 method]]: This technique allows you to reinject any data packet received from the access point and generate IVs.   * [[interactive_packet_replay#​other_examples|-p 0841 method]]: This technique allows you to reinject any data packet received from the access point and generate IVs.
  
 +
 +==== "Not enough acks, repeating"​ message ====
 +
 +If you receive a message similar to:
 +
 +   ​20:​49:​37 ​ Sending fragmented packet
 +   ​20:​49:​37 ​ Not enough acks, repeating...
 +   ​20:​49:​37 ​ Sending fragmented packet
 +   ​20:​49:​38 ​ Not enough acks, repeating...
 +   ​20:​49:​38 ​ Sending fragmented packet
 +   ​20:​49:​39 ​ No answer, repeating...
 +
 +Possible reasons are:
 +
 +  * Too close or too far from the Access Point
 +  * The driver is problematic. ​ Especially mac80211 versions of drivers are not as stable at this point as the ieee80211 version. ​ Try the ieee80211 version. ​ Or try a different version of the same driver. ​ This especially applies to the madwifi-ng driver.
  
fragmentation.txt · Last modified: 2009/09/05 23:32 by mister_x