¿ about ARP packet injection and WEP ?

Printable View

02-24-2012, 02:43 AM
ineedtoknow

¿ about ARP packet injection and WEP ?

hi everybody.

could someone please explain to me how does the arp packet injection works ?

what i dont understand is that when the aireplay program sais that its "waiting for arp packets" to inject them, how can it tell whether the paket is or isnt ARP since all packets are encripted with WEP.

and if arp packets dont travel encripted, why isnt there the option to create an ARP by just using a known ip ?

im just curious. really wanna know.

if someone doesnt understand what i mean please tell me and i will try to clarify.

thanks in advance.
02-24-2012, 07:57 AM
shadowzero

Re: ¿ about ARP packet injection and WEP ?

See http://eprint.iacr.org/2007/120.pdf
Under Section 5:

Quote:

ARP requests and ARP replies are of a fixed size. Because the size of a packet is
not masked by WEP, they can usually be easily distinguished from other traffic.
02-24-2012, 12:51 PM
comaX

Re: ¿ about ARP packet injection and WEP ?

Quote:

why isnt there the option to create an ARP by just using a known ip ?

There is. It's in the aircrack-ng suite ;)
02-24-2012, 01:03 PM
ineedtoknow

Oh thats what i wanted to know! thanks :D! i have been like a month thinking about it :S

yes i know but you must have a PRGA file, and normal arp packets doesnt need it, thats what i was talking about. thanks anyway.
02-25-2012, 12:14 PM
Reamer

Re: ¿ about ARP packet injection and WEP ?

It's because with WEP using open authentication, any client can authenticate to the access point and "sniff" the packets that is within that access point. The data packets are encrypted with the WEP key and cannot be read in plain text, but can still be captured. ARP packets have distinct features that Aireplay-ng looks for. They are small in size so that can be replayed much faster than a larger file, they have the "To DS" (distribution system) bit on, and the destination is always broadcast. In order to create an ARP packet that will work with the network you have to obtain a PRGA file and use Packetforge-ng in order to create a packet to inject.

Someone please correct me if I'm wrong, I'm in the middle of learning about this as well and I want to make sure I am right as well.
02-25-2012, 01:32 PM
comaX

Re: ¿ about ARP packet injection and WEP ?

@Reamer : yup, you're right, I was too lazy to explain, plus it's easy to find *hum hum http://www.aircrack-ng.org*
It's all in the fragmentation and the chopchop attacks.
02-26-2012, 06:43 PM
Reamer

Re: ¿ about ARP packet injection and WEP ?

@comaX : Thanks for letting me know. I'm taking the OSWP course this Wednesday and I just want to make sure I know the material. I felt it was good review to say it and get clarification, otherwise I would have probably not gone into so much detail.