Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
airtun-ng [2009/10/14 16:02] – Corrected parameter errors darkaudax | airtun-ng [2010/11/21 16:14] – typos sleek |
---|
In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as [[http://www.snort.org|snort]]. | In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as [[http://www.snort.org|snort]]. |
| |
Traffic injection can be fully bidirectional if you have the full encyption key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets. | Traffic injection can be fully bidirectional if you have the full encryption key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets. |
| |
Airtun-ng also has repeater and tcpreplay-type functionality. There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. While doing this, you can still use the tun interface while repeating. As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. This is essentially tcpreplay functionality for wifi. | Airtun-ng also has repeater and tcpreplay-type functionality. There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. While doing this, you can still use the tun interface while repeating. As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. This is essentially tcpreplay functionality for wifi. |
FromDS bit set in all frames. | FromDS bit set in all frames. |
| |
You notice above that it created the **at0** interface. Switch to another console sesssion and you must now bring this interface up in order to use it: | You notice above that it created the **at0** interface. Switch to another console session and you must now bring this interface up in order to use it: |
| |
ifconfig at0 up | ifconfig at0 up |
| |
This loads the "tun" module. You can confirm it is loaded by running "lsmod | grep tun". If it does not load or there are problems, running "dmesg" and reviewing the end should show errors, if any. | This loads the "tun" module. You can confirm it is loaded by running "lsmod | grep tun". If it does not load or there are problems, running "dmesg" and reviewing the end should show errors, if any. |
| |
| ==== Error creating tap interface: Permission denied ==== |
| |
| See the following [[faq#why_do_i_get_error_creating_tap_interfacepermission_denied_or_a_similar_message|FAQ entry]]. |
| |