After cracking WEP on my styles of AP's I began to wonder about what/if the people on the network could easily see what I was doing so I began to investigate. Note: during this testing I had a severe blinding flash of the obvious. When generating traffic to obtain those precious IVs you are sending a large amount of ARP broadcast packets to the AP and seeing as how most AP’s are on the same subnet as the rest of the network you are in fact sending all of that broadcast data to everyone on the network. If you would like to duplicate this start attacking an AP and setup a Wireshark session on a client computer (wow look at those thousands of ARP broadcast packet…way to be stealthy LOL).
I wanted to bring this to everyone’s attention to make sure that they know they are in plain daylight while trying this attack and second to all of those net-admins out there to be aware that if you are seeing a lot of that type of traffic and have AP’s you may want to audit the air.
The only attack vector that I used that did not generate all of the “Look at Me!” packets on the network was the Chop-Chop attack. Unfortunately I am unable to use the fragmentation attack (dang Broadcom).
Can anyone verify Chop-Chop and fragmentation as being a bit more on the quite side?