Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: aircrack-ng strange output

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    9

    Default aircrack-ng strange output

    When I use airodump-ng and aircrack-ng I always get strange output when I'm asked to select an AP for cracking I end up with around 300+ different AP's (or more depending on how long i let it run) i have a 1000HE EEE PC I'm still searching for an answer please let me know if you already found a solution Thanks in advance

    here is a sample of what i get
    326 00:1F:F3:00:F7:ED California No data - WEP or WPA
    327 43:E2:5D:80:4B:FC Unknown
    328 8A8:63:81:3E:1D None (0.0.0.0)
    329 4D:33:93:C2:44:7B Unknown
    330 44:95:B7:24:66:ED California No data - WEP or WPA
    331 00:3F:E8:C1:18:4B None (0.0.0.0)
    332 00:1F:6B:0D:66:ED California No data - WEP or WPA
    333 00:1F:F3:88:62:ED California No data - WEP or WPA
    334 BDB:53:36:22:A3 No data - WEP or WPA
    335 9A:E3:04:06:66:ED �)-?Qb�3i�Ԙ:xUM?�0�W:??� ??�?� No data - WEP or WPA
    336 46:1A:4D:25:A0:BD Unknown
    337 98:1D:BD:06:66:ED �R��?�����?P0?�)?$0�????J4?�?,I� None (0.0.0.0)
    338 00:1F:33:10:B2F ����������???�_-?$ None (0.0.0.0)
    339 00:1F:B3:60:FE:04 No data - WEP or WPA
    340 00:3F:E1:00:66:ED No data - WEP or WPA
    341 60:9E:EB:FF:96:77 No data - WEP or WPA
    342 00:1F:F3:00:44:EC No data - WEP or WPA
    343 B2:B0:35:40:77:8E No data - WEP or WPA
    344 00:1F:F3:00:EE:E9 �?? No data - WEP or WPA
    345 5F:16:F3:00:66:F5 Unknown
    346 80:8F:79:91:B3:76 Unknown
    347 3F:33:A4:02:80:E2 No data - WEP or WPA
    348 00:1F:40:01:66:ED 6 No data - WEP or WPA
    349 1A:F1:F4:00:76:E4 No data - WEP or WPA
    350 0D:1F:F3:00:66:ED California No data - WEP or WPA
    351 66:1B:4D:E1:EA:BD Unknown
    352 FF:4C:FE:FF:FF:6E OmiNet411 No data - WEP or WPA
    353 62:10:4F:70:E2:85 Unknown
    354 C0:FF:1A:55:66:58 Unknown
    355 9D:219:7E:A0:BD Unknown
    356 66:1B:4D:25:A0:BD Unknown
    357 00:18:4D:E9:A6:BD OmiNet411 No data - WEP or WPA
    358 00:18:4D:41:40:7B Unknown
    359 DC:37:9A:4A:40:7B Unknown
    360 00:18:4D:35:38:BD No data - WEP or WPA
    361 80:56:90:BC:7F:F4 � No data - WEP or WPA
    362 66:1BC:25:60:E1 Unknown

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Which one of those matches the MAC for your router? The MAC will be on the back just next to the serial.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    9

    Default

    in that sample none are the mac but its the fact there are 300+ macs showing that bothers me as APs. aircrack still works when i tell it which essid or bssid im trying to attack

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default

    I also have an eeePC 1000HE and I have the same problem. I'm still searching for a solution.

    Its look like a synchronization problem. Sometime, it works fine, like 1 in 4 or 5. Filtering for my channel help only to reduce the amount of bad AP.

    I don't see any problem when I use my eee PC to browse the web. It's only when I use airodump-ng. Kismet seems to be more stable.

  5. #5
    Just burned his ISO igbtbt's Avatar
    Join Date
    Jul 2009
    Posts
    3

    Default

    It would be nice to know the chipset of your wireless card.

    Does the --bssid <AP's MAC address> option in airodump-ng command, narrows the results to the specified AP?

  6. #6
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default

    The chipset is an Atheros AR9280 and it use the ath9k and mac80211 drivers.

    Filtering with --bssid help to see only the desired AP, but many non-existing clients appear to be connected to it. Many of the non-existing clients have a MAC address close the the real client. They differ by one or two digits in the MAC's NIC part. Some differ from the manufacturer part. The others have 3 or more digits changed. That's why we can "see" so many clients.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    9

    Default

    What i posted is the select option of Aircrack-NG and should not contain all of those AP's I'm sure some of them are clients and im also sure that most of these are none existent i don't understand why its giving me the 300+ options to choose from

  8. #8
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    I was just reminded of something I notice during very clear days - I get a lot of invalid mac's and AP's that I know don't exist in my area (after I war drove to ensure I wouldn't be impinging on any of them with my routers). Studying the signals and tracing them and so forth shows me a very large amount of signal bounce and corruptions from the local public transport on it's way past (probing for a specified network), as well as interference from other 2.4GHz based devices.

    Do you have any wireless phone systems or anything like that which could be giving you a lot of interference?
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default

    In my case, I do have a wireless phone. It works in the 5.8Ghz range. I will do a test tomorrow with the phone off.

  10. #10
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default

    The phone isn't the cause, but I found something.

    I usually reboot to put my wlan in monitor mode with the following commands:

    airmon-ng stop wlan0
    airmon-ng start wlan0
    airodump-ng --bssid $MyAP mon0

    And I see many non-existing clients as described earlier.

    But if I don't reboot and simply kill wicd, dhclient and wpa_supplicant and use the same commands, I see only one client connected to my AP.

    The only thing left is airodump-ng sometime shows two lines with the sames MACs, as-if the client have gone and came back. But nothing appears in the .csv. It contains only one entry. So it must be a refresh problem: airodump-ng doesn't always clear the lastest used line.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •