User Tools

Site Tools


packetforge-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
packetforge-ng [2007/01/27 18:31]
darkaudax Added troubleshooting tip
packetforge-ng [2010/08/22 20:59]
mister_x update "Usage" and fixed "mode" rendering
Line 1: Line 1:
 ====== Packetforge-ng ====== ====== Packetforge-ng ======
- 
- 
  
  
Line 12: Line 10:
 Usage: packetforge-ng <​mode>​ <​options>​ Usage: packetforge-ng <​mode>​ <​options>​
  
-====Forge options:====+====Forge options====
  
       *-p <​fctrl> ​    : set frame control word (hex)       *-p <​fctrl> ​    : set frame control word (hex)
Line 22: Line 20:
       *-e             : disables WEP encryption       *-e             : disables WEP encryption
       *-k <​ip[:​port]>​ : set Destination IP [Port]       *-k <​ip[:​port]>​ : set Destination IP [Port]
-      *-l <​ip[:​port]>​ : set Source ​     IP [Port]+      *-l <​ip[:​port]>​ : set Source ​     IP [Port] ​(Dash lowercase letter L)
       *-t ttl         : set Time To Live       *-t ttl         : set Time To Live
       *-w <​file> ​     : write packet to this pcap file       *-w <​file> ​     : write packet to this pcap file
  
-====Source options:====+====Source options====
  
       *-r <​file> ​     : read packet from this raw file       *-r <​file> ​     : read packet from this raw file
       *-y <​file> ​     : read PRGA from this file       *-y <​file> ​     : read PRGA from this file
  
-====Modes:==== +====Modes ====
- +
-      *--arp ​         : forge an ARP packet ​   (-0) +
-      *--udp ​         : forge an UDP packet ​   (-1) +
-      *--icmp ​        : forge an ICMP packet ​  ​(-2) +
-      *--custom ​      : build a custom packet ​ (-9)+
  
 +      *-''''​-arp ​         : forge an ARP packet ​   (-0)
 +      *-''''​-udp ​         : forge an UDP packet ​   (-1)
 +      *-''''​-icmp ​        : forge an ICMP packet ​  (-2)
 +      *-''''​-null ​        : build a null packet (-3)
 +      *-''''​-custom ​      : build a custom packet ​ (-9)
  
  
 ===== Usage Example ===== ===== Usage Example =====
  
 +==== Generating an arp request packet ====
 Here is an example of how to generate an arp request packet. Here is an example of how to generate an arp request packet.
  
Line 102: Line 101:
  
  
-Usage Tip:+==== Generating a null packet ==== 
 + 
 +This option allows you to generate LLC null packets. ​ These are the smallest possible packets and contain no data.  The switch "​-s"​ is used to manually set the size of the packet. ​ This a simple way to generate small packets for injection. 
 + 
 +Remember that the size value (-s) defines the absolute size of an unencrypted packet, so you need to add 8 bytes to get its final length after encrypting it (4 bytes for iv+idx and 4 bytes for icv). This value also includes the 802.11 header with a length of 24bytes. 
 + 
 +The command is: 
 + 
 +   ​packetforge-ng --null -s 42 -a BSSID -h SMAC -w short-packet.cap -y fragment.xor 
 + 
 +Where: 
 +  * --null means generate a LLC null packet (requires double dash). 
 +  * -s 42 specifies the packet length to be generated. 
 +  * -a BSSID is the MAC address of the access point. 
 +  * -h SMAC is the source MAC address of the packet to be generated. 
 +  * -w short-packet.cap is the name of the output file. 
 +  * -y fragment.xor is the name of the file containing the PRGA. 
 + 
 + 
 +==== Generating a custom packet ==== 
 +If you want to generate a customer packet, first create a packet with the tool of your choice. ​ This could be a specialized tool, a hex editor or even from a previous capture. ​ Then save it as a pcap file.  Following this, run the command: 
 + 
 +   ​packetforge-ng -9 -r input.cap -y keystream.xor -w output.cap 
 + 
 +Where: 
 +  * -9 means generate a custom packet. 
 +  * -r input.cap is the input file. 
 +  * -y keystream.xor is the file containing the PRGA. 
 +  * -w output.cap is the output file. 
 + 
 +When it runs, packetforge-ng will ask you which packet to use and then output the file. 
 + 
 + 
 + 
 +===== Usage Tips ===== 
 + 
 +Most access points really don't care what IPs are used for the arp request. ​ So as a result you can use 255.255.255.255 for source and destination IPs. 
 + 
 +So the packetforge-ng command becomes: 
 +   ​packetforge-ng -0 -a 00:​14:​6C:​7E:​40:​80 -h 00:​0F:​B5:​AB:​CB:​9D -k 255.255.255.255 -l 255.255.255.255 -y fragment-0124-161129.xor -w arp-request 
 + 
 + 
 +===== Usage Troubleshooting ===== 
 + 
 +==== Including both -j and -o flags ==== 
 + 
 +A common mistake people make is to include either or both -j and -o flags and create invalid packets. ​ These flags adjust the FromDS and ToDS flages in the packet generated. ​ Unless you are doing something special and really know what you are doing, don't use them.  In general, they are not needed. 
 + 
 + 
 +==== Error message "Mode already specified"​ ==== 
 + 
 +This is commonly caused by using the number one (-1) instead of dash lowercase L (-l) in the command. 
 + 
 +Entering: 
 +   ​packetforge-ng -0 -a 00:​14:​6C:​7E:​40:​80 -h 00:​09:​5B:​EC:​EE:​F2 -k 255.255.255.255 -1 255.255.255.255 -y 00:​14:​6C:​7E:​40:80-03-00-14-6C-7E-40-80.xor -w arp-request ​
  
-   Most access points really don't care what IPs are used for the arp request. +Gives: 
-   So as a result you can use 255.255.255.255 for source and destination IPs. +   Mode already specified
-    ​ +   "packetforge-ng --help" for help.
-   So the packetforge-ng ​command becomes: +
-   ​packetforge-ng -0 -a 00:​14:​6C:​7E:​40:​80 -h 00:​0F:​B5:​AB:​CB:​9D -k 192.168.1.100 +
-   -l 192.168.1.1 -y fragment-0124-161129.xor -w arp-request+
  
-Troubleshooting Tip: +This because ​-1 (number one) was used instead of the correct ​-l (the letter ell).  ​So simply ​use "​-l"​.
-   A common mistake people make is to include either or both -j and -o flags and +
-   ​create invalid packets. ​ These flags adjust ​the FromDS and ToDS flages in the +
-   ​packet generated.  ​Unless you are doing something special and really know what +
-   you are doing, don'​t ​use them.  In general, they are not needed.+
  
packetforge-ng.txt · Last modified: 2010/08/22 20:59 by mister_x