packetforge-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
packetforge-ng [2007/01/27 18:31] – Added troubleshooting tip darkaudax | packetforge-ng [2009/09/25 22:52] – Fixed typos darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Packetforge-ng ====== | ====== Packetforge-ng ====== | ||
- | |||
- | |||
Line 22: | Line 20: | ||
*-e : disables WEP encryption | *-e : disables WEP encryption | ||
*-k < | *-k < | ||
- | *-l < | + | *-l < |
*-t ttl : set Time To Live | *-t ttl : set Time To Live | ||
*-w < | *-w < | ||
Line 31: | Line 29: | ||
*-y < | *-y < | ||
- | ====Modes: | + | ====Modes |
*--arp | *--arp | ||
*--udp | *--udp | ||
*--icmp | *--icmp | ||
+ | *--null | ||
*--custom | *--custom | ||
- | |||
===== Usage Example ===== | ===== Usage Example ===== | ||
+ | ==== Generating an arp request packet ==== | ||
Here is an example of how to generate an arp request packet. | Here is an example of how to generate an arp request packet. | ||
Line 102: | Line 101: | ||
- | Usage Tip: | + | ==== Generating a null packet ==== |
+ | |||
+ | This option allows you to generate LLC null packets. | ||
+ | |||
+ | Remember that the size value (-s) defines the absolute size of an unencrypted packet, so you need to add 8 bytes to get its final length after encrypting it (4 bytes for iv+idx and 4 bytes for icv). This value also includes the 802.11 header with a length of 24bytes. | ||
+ | |||
+ | The command is: | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | * --null means generate a LLC null packet (requires double dash). | ||
+ | * -s 42 specifies the packet length to be generated. | ||
+ | * -a BSSID is the MAC address of the access point. | ||
+ | * -h SMAC is the source MAC address of the packet to be generated. | ||
+ | * -w short-packet.cap is the name of the output file. | ||
+ | * -y fragment.xor is the name of the file containing the PRGA. | ||
+ | |||
+ | |||
+ | ==== Generating a custom packet ==== | ||
+ | If you want to generate a customer packet, first create a packet with the tool of your choice. | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | * -9 means generate a custom packet. | ||
+ | * -r input.cap is the input file. | ||
+ | * -y keystream.xor is the file containing the PRGA. | ||
+ | * -w output.cap is the output file. | ||
+ | |||
+ | When it runs, packetforge-ng will ask you which packet to use and then output the file. | ||
+ | |||
+ | |||
+ | |||
+ | ===== Usage Tips ===== | ||
+ | |||
+ | Most access points really don't care what IPs are used for the arp request. | ||
+ | |||
+ | So the packetforge-ng command becomes: | ||
+ | | ||
+ | |||
+ | |||
+ | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | ==== Including both -j and -o flags ==== | ||
+ | |||
+ | A common mistake people make is to include either or both -j and -o flags and create invalid packets. | ||
+ | |||
+ | |||
+ | ==== Error message "Mode already specified" | ||
+ | |||
+ | This is commonly caused by using the number one (-1) instead of dash lowercase L (-l) in the command. | ||
+ | |||
+ | Entering: | ||
+ | | ||
- | Most access points really don't care what IPs are used for the arp request. | + | Gives: |
- | So as a result you can use 255.255.255.255 for source and destination IPs. | + | Mode already specified. |
- | | + | "packetforge-ng --help" for help. |
- | So the packetforge-ng | + | |
- | | + | |
- | -l 192.168.1.1 -y fragment-0124-161129.xor -w arp-request | + | |
- | Troubleshooting Tip: | + | This because |
- | A common mistake people make is to include either or both -j and -o flags and | + | |
- | | + | |
- | | + | |
- | you are doing, don' | + | |
packetforge-ng.txt · Last modified: 2010/08/22 20:59 by mister_x