Results 1 to 5 of 5

Thread: How long should it take to get packets for cracking WEP?

  1. #1
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    3

    Default How long should it take to get packets for cracking WEP?

    So I'm trying to crack the WEP on my WRT54G, which is located literally within half a meter of the machine that's doing the stuff. It's running an Intel 5100 AGN, which has been reported able to inject/monitor, and it works fine for me.

    However, I read a while ago that WEP is really quick simple (relative to WPA/2) to crack. I recall it being something like 20 minutes, which seems pretty quick.

    The simple web cracking guide on aircrack-ng.org lists that one needs 250K IVs for one attack method and 20K IVs for the PTW method to be able to obtain a key with good probability for 64-bit WEP.

    At first, I associated myself and found that for some reason I won't get any ARPs to reinject if there isn't a client present. So I connected another computer to the AP. Then some ARPs were SLOWLY generated and over the period of 40 minutes, I got approximately 70 ARPs, and 1500 data packets (listed as #Data in airodump, so I assume that they're IVs). Packets sent is in the 100+K range.

    This seems pretty damned slow and definitely not 20 minutes. Reinjection was at 500pps pretty constantly. After I made the other machine on the network start downloading something, #Data/s increased by LOADS. ARPs generated remained at the same rate, though.



    So...how long should it really take to collect the necessary packets? How many does one need? Also, when I set my other box to download some massive file, is this generating IVs for the standard method or still for the PTW attack of cracking? Finally, for the PTW method, is the focus on collecting 20K ARPs or just the data packets that I get while doing reinjection...?

    Thanks for helping a newb!

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Aerith View Post
    So I'm trying to crack the WEP on my WRT54G, which is located literally within half a meter of the machine that's doing the stuff. It's running an Intel 5100 AGN, which has been reported able to inject/monitor, and it works fine for me.

    However, I read a while ago that WEP is really quick simple (relative to WPA/2) to crack. I recall it being something like 20 minutes, which seems pretty quick.

    The simple web cracking guide on aircrack-ng.org lists that one needs 250K IVs for one attack method and 20K IVs for the PTW method to be able to obtain a key with good probability for 64-bit WEP.

    At first, I associated myself and found that for some reason I won't get any ARPs to reinject if there isn't a client present. So I connected another computer to the AP. Then some ARPs were SLOWLY generated and over the period of 40 minutes, I got approximately 70 ARPs, and 1500 data packets (listed as #Data in airodump, so I assume that they're IVs). Packets sent is in the 100+K range.

    This seems pretty damned slow and definitely not 20 minutes. Reinjection was at 500pps pretty constantly. After I made the other machine on the network start downloading something, #Data/s increased by LOADS. ARPs generated remained at the same rate, though.



    So...how long should it really take to collect the necessary packets? How many does one need? Also, when I set my other box to download some massive file, is this generating IVs for the standard method or still for the PTW attack of cracking? Finally, for the PTW method, is the focus on collecting 20K ARPs or just the data packets that I get while doing reinjection...?

    Thanks for helping a newb!
    About ten minutes.

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Sounds like you've missed a rather obvious step and the router is refusing to let you talk to it. Howsabout you paste your commands so we have an idea of what you are or are not doing.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    3

    Default

    Quote Originally Posted by Gitsnik View Post
    Sounds like you've missed a rather obvious step and the router is refusing to let you talk to it. Howsabout you paste your commands so we have an idea of what you are or are not doing.
    airmon-ng wlan0 start 6(gives a mon0 as monitor mode interface)

    airodump-ng -c 6 --bssid my_router's_mac -w output_file mon0

    new terminal open

    aireplay-ng -1 6000 -e my_router_SSID -b my_router's_mac -h my_wifi_card's_mac mon0

    This works about a quarter of the time. After about 2 hours, it'll refuse to reassociate unless I stop and restart wlan0. Enclosing my router's SSID with quotes has no noticeable effect.

    Then the standard

    aireplay-ng -3 -b my_router's_mac -h my_wifi_card's_mac mon0


    By the way, I'm using the standard BT4 pre-final drivers without updating or installing anything wifi-related, should I have installed something first?

  5. #5
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Try

    Code:
    aireplay-ng -1 0 -e my_router_SSID -a my_router's_mac -h my_wifi_card's_mac mon0
    If you have an issue associating, make sure the AP doesn't have MAC filtering on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •