User Tools

Site Tools


arp_inject_capture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
arp_inject_capture [2009/02/16 19:45]
darkaudax Updated to reflect unique IVs are used on injected packets.
arp_inject_capture [2009/08/14 19:22]
mister_x use dokuwiki internal link
Line 1: Line 1:
 ====== Tutorial: ARP Request Injection Packet Capture Explained ====== ====== Tutorial: ARP Request Injection Packet Capture Explained ======
-Version: 1.02 February 16, 2009\\+Version: 1.03 February 16, 2009\\
 By: darkAudax By: darkAudax
  
 File linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/arpinjection.cap|arpinjection.cap]] File linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/arpinjection.cap|arpinjection.cap]]
 +
  
 ===== Introduction ===== ===== Introduction =====
Line 9: Line 10:
 This is quick and dirty explanation of a sample capture file.  It is a capture of an ARP request injection.  To keep things simple, I have only included three rounds. This is quick and dirty explanation of a sample capture file.  It is a capture of an ARP request injection.  To keep things simple, I have only included three rounds.
  
-To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All" This shows all the sections and fields expanded.  You will need to scroll through the fields for each packet to locate the ones mentioned.  See this [[http://aircrack-ng.org/doku.php?id=faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.+To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All" This shows all the sections and fields expanded.  You will need to scroll through the fields for each packet to locate the ones mentioned.  See this [[faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.
  
 The capture was done using an Atheros chipset and airodump-ng as the capture program. The capture was done using an Atheros chipset and airodump-ng as the capture program.
Line 31: Line 32:
 Notice the the initialization vector number (IEEE 802.11 -> WEP Parameters) is the same on each.  This is because we are injecting the same packet over and over. Notice the the initialization vector number (IEEE 802.11 -> WEP Parameters) is the same on each.  This is because we are injecting the same packet over and over.
  
-NOTE: In current versions of aircrack-ng, the initialization vector number changes on each injected packet since a push-down stack of the most recently received packets is used.+NOTE: In current versions of aireplay-ng, the initialization vector number changes on each injected packet since a push-down stack of the most recently received packets is used.  The following sample file shows examples of unique injected IVs: [[http://download.aircrack-ng.org/wiki-files/other/arpinjection.new.cap|arpinjection.new.cap]]
  
  
arp_inject_capture.txt · Last modified: 2009/08/14 19:22 by mister_x