Results 1 to 9 of 9

Thread: Not capturing packets correctly

  1. #1
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Exclamation Not capturing packets correctly

    I'm having problem with capturing packets this the first time it has happened to me and i googled the problem. Now it works fine with backtrack 3 and ubuntu but for some reason with backtrack 4 it's not working, now these are the commands I'm using and the outputs I'm getting.


    Code:
    root@YOU:~# aireplay-ng -1 0 -a 00:1D:68:E8:9A:87 mon0
    No source MAC (-h) specified. Using the device MAC (00:24:2B:7C:3E:9D)
    22:46:04  Waiting for beacon frame (BSSID: 00:1D:68:E8:9A:87) on channel 1
    
    22:46:04  Sending Authentication Request (Open System) [ACK]
    22:46:04  Authentication successful
    22:46:04  Sending Association Request [ACK]
    22:46:04  Association successful :-) (AID: 1)
    root@YOU:~# aireplay-ng -3 -b 00:1D:68:E8:9A:87 mon0
    No source MAC (-h) specified. Using the device MAC (00:24:2B:7C:3E:9D)
    22:46:32  Waiting for beacon frame (BSSID: 00:1D:68:E8:9A:87) on channel 1
    Saving ARP requests in replay_arp-1028-224632.cap
    You should also start airodump-ng to capture replies.
    1280 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
    I know it said it didn't specify a mac but even when i do specify a mac it still doesn't work..

    Code:
     CH  1 ][ Elapsed: 2 mins ][ 2009-10-28 22:48
    
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
    
     00:1D:68:E8:9A:87  -60 100     1653       73    0   1  54   WEP  WEP    OPN  Thomson1492EA
    
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes
    
     00:1D:68:E8:9A:87  00:11:22:33:44:55   -1    1 - 0      0        2
     00:1D:68:E8:9A:87  00:24:2B:7C:3E:9D    0    1 - 1      0       25
    Any suggestions would be great.... THNX
    One day your life will flash before your eyes. Make sure its worth watching.

  2. #2
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    1

    Default

    Seems like it hasn't located a useable packet for re-injection.

    Simply ping an unreachable or non-existant IP from the client on the network, it will broadcast and then aireplay-ng will pick it up and start re-injection.

  3. #3
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Default

    just tried it still no luck.
    One day your life will flash before your eyes. Make sure its worth watching.

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    If you use wireshark on the interface and put in the WEP key can you see ARP packets being sent across the wire(less) when you try to ping other machines?
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Default

    Do you mean ping the router or the computers connected.. If they are the computers connected how am I supposed to go about doing that when I'm not connected to the router.
    One day your life will flash before your eyes. Make sure its worth watching.

  6. #6
    Junior Member
    Join Date
    Sep 2009
    Posts
    43

    Default

    What Gitsnik says is: ping the router with a computer already connected on the network and then look on your unconnected computer if you see some ARP packets.

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by mortis View Post
    What Gitsnik says is: ping the router with a computer already connected on the network and then look on your unconnected computer if you see some ARP packets.
    Correct. Or a non-existant IP from a connected computer (more likely to generate an ARP).

    If the router is 192.168.1.1 and the connected machine is 192.168.1.2, the connected machine should try to ping 192.168.1.3 for maximum chance of creating an ARP packet. Then, the unconnected attacker should pick it up. If it does not, the wireshark should at least see what is operating on the network - so if you see an ARP packet in wireshark, there is something wrong with your aircrack installation.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  8. #8
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Talking

    I just figured it out I have to use a mon0 for injecting and mon1 for capturing and on top of all that wlan0 must be down weird huh. Well if anyone has the same problem as me try it out and see if that works for you. ^_^

    And thanks for all of your feedback Gitsnik, Mortis and Hawaii.
    One day your life will flash before your eyes. Make sure its worth watching.

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default

    Can you write your whole command to me because i think i'm having the same problem with you and i'm cracking my head thinking whats going on.thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •