Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision |
airtun-ng [2010/03/07 23:36] – Fixed typo darkaudax | airtun-ng [2010/11/21 16:14] – typos sleek |
---|
In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as [[http://www.snort.org|snort]]. | In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as [[http://www.snort.org|snort]]. |
| |
Traffic injection can be fully bidirectional if you have the full encyption key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets. | Traffic injection can be fully bidirectional if you have the full encryption key. It is outgoing unidirectional if you have the PRGA obtained via [[korek_chopchop|chopchop]] or [[fragmentation]] attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets. |
| |
Airtun-ng also has repeater and tcpreplay-type functionality. There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. While doing this, you can still use the tun interface while repeating. As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. This is essentially tcpreplay functionality for wifi. | Airtun-ng also has repeater and tcpreplay-type functionality. There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. While doing this, you can still use the tun interface while repeating. As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. This is essentially tcpreplay functionality for wifi. |
FromDS bit set in all frames. | FromDS bit set in all frames. |
| |
You notice above that it created the **at0** interface. Switch to another console sesssion and you must now bring this interface up in order to use it: | You notice above that it created the **at0** interface. Switch to another console session and you must now bring this interface up in order to use it: |
| |
ifconfig at0 up | ifconfig at0 up |