Also, make certain that your wnic supports injection and is in monitor mode.
I have a rausb0 card and when i follower xplotiz tutorial everything works except when i try and crack the wep key.
For some reason i get IV's really slowly like 20 in 5 minutes.
Is this because my network does not have much traffic?
and if this is true how can i increase the traffic without logging into it?
Many factors can slow you down. Your proximity to the access point is one. Another rather foolish mistake I have made in the past is not specifying a channel. This will cause you to collect the packets you want intermittently slowing you down greatly. And to continue with what GunMonkey asked, what is the result of the following command:
Code:bt ~ # aireplay-ng -9 rausb0
Thanks for your replay. I think my problem is just there is no traffic so i have to wait awhile
As long as there is one client associated with that network you can gather enough IVs to crack it in say...under a minute. What you need to do (which I am sure is explained clearly in the tutorial) is find the client associated with the AP and de-authenticate him\her. This will force the reconnect and allow you to replay the ARP requests that follow next. Here are the EXACT steps I used to crack my WEP.
NOTE: It may be necessary to set your MAC to that of the client you wish to disassociate from the AP. It was not necessary for me and I don't really see why it would be but others claim it is.Code:1: bt ~ # ifconfig rausb0 up 2: bt ~ # iwconfig rausb0 mode monitor channel *channel* rate 1m 3: bt ~ # iwpriv rausb0 forceprism 1 4: bt ~ # iwpriv rausb0 rfmontx 1 5: bt ~ # airodump-ng --channel *channel* -b *00:bssid:00* -w *capfile* rausb0 6: bt ~ # aireplay-ng -0 5 -a *00:bssid:00* -c *00:client mac:00* rausb0 7: bt ~ # aireplay-ng --arpreplay -b *00:bssid:00* -h *mac of associated client* rausb0 8: bt ~ # aircrack-ng -z -b *00:bssid:00* *capfile*.cap
Obviously the starred text are variables, set them to the appropriate values. Lines 1-4 put a Ralink USB dongle into monitor mode assuming you are using the correct drivers and configuration (line 4 is important for the replay attack). Backtrack 2 does NOT have the right configuration for Ralink by default (BT3b does).
Keep in mind I was about 4 feet away from the router so obviously the signal strength was not a limiting factor.
Let me know how this works out for you.
i have a rausb device too but i`m having dificulties in cracking wep ..meaning my auth/deauth is not working ...i`m next to my ap wich is a d-link and when i type :
aireplay-ng -1 0 -a (bssid) -h (mac adress of client) rausb0 it says :
Sending autentication request (Open System) a few times and then :
Attack was unsuccessful ..
1.i`m very close to the ap so distance isn`t a problem
card supports injection
i think mac filtering is off but if it was on couldn`t i still auth/deauth using a cloned mac ?
i`ll look in the d`link`s settings and see if filtering is on or off ..
also tried the wesside-ng but i get the error max retransmits for 30 bytes and wheni tried the -k 1 solution it says invalid option --k ......
Ok so what are the errors you are getting when you type in the commands I posted? You are using the commands I posted, aren't you?
Which Backtrack are you using? 2 or 3b? If you are using 2 see this thread.
i am using the correct commands ...
yes it is my AP , but i didn`t know where mac filtering was that`s why i said i don`t know for shure ...i watched the settings more carefully and the macfilter was on , i turned it off and now it works ...but i get iv`s really slowly and there arren`t enough to crack the wep key ...i`ll put something to download on my client and make some traffic and see how that goes ...