Results 1 to 10 of 16

Thread: Very slow PPS. Is this right?

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Dec 2006
    Posts
    10

    Default Very slow PPS. Is this right?

    I'm following Xploitz tutorial video to the T:

    hxxp://forums.remote-exploit.org/showthread.php?t=9063

    I've tried two of his other tutorials as well with the same results. I get very slow packets. I let it run for just under an hour and only had 2500-ish packets of data. My PPS stayed at pretty much zero, although I would see it jump up to 7ish from time to time. For hardware I'm using an acer aspire one netbook. The wireless card is an atheros chipset.

    I started going through tutorials on aircrack's site to try and single out the problem, and I've found that I can't even run an injection test. Maybe I'm trying to do it wrong, but here's what I do:

    airmon-ng stop ath0
    airmon-ng start wifi0

    that's how I'm supposed to start my card in monitor mode, right? I follow that up with these commands to try and test packet injection:

    airoplay-ng -9 ath0

    and I get this in reply:

    Trying to broadcast probe requests...
    No Answer...
    Found 0 APs

    And yet I know that there are several APs around here. What's the deal? Is this linked to why I have such slow PPS when I follow the tutorial video?

  2. #2
    Member
    Join Date
    Jun 2008
    Posts
    129

    Default

    First off, clear something up. When you say there are plenty of APs round here, you not trying to access them? True?

    Secondly, it depends on your hardware and how good your signal is to your AP

  3. #3
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Move closer to your AP.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  4. #4
    Just burned his ISO
    Join Date
    Dec 2006
    Posts
    10

    Default

    Quote Originally Posted by marked View Post
    First off, clear something up. When you say there are plenty of APs round here, you not trying to access them? True?
    I'm trying to access my own AP.

    Quote Originally Posted by marked View Post
    Secondly, it depends on your hardware and how good your signal is to your AP
    I'm not certain, but from what I can find, the wireless card appears to be an atheros AR5007EG. Doing a quick search on the forums, the AR5007EG seems to be a supported card, and I've seen users say that it's great. I sat right next to my router to make sure I had a good signal.

  5. #5
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    I have to ask this just cuz sometimes people dont understand this when you enter this:

    aireplay-ng -3 -b (bssid) -h (fake mac) (interface)

    you have to have another machine that is wireless do some sort of network activity. It could be anything you could just open the home page and after that you should see the data packets jump. Running 2 hours of data packets is way to long I have done alot of WEP stuff for customers and the longest I have ever had to run it was 10min.

    If you dont have another machine to use to test it with then you have force the data packets. That can be done by doing this open up a new shell and type in:

    aireplay-ng -5 -b (bssid) -h (fake mac) (interface) <--this will capture packet frags. You will have to select y/n

    Open yet another shell and type:

    aireplay-ng -2 -p 0841 -d ff:ff:ff:ff:ff:ff -a (bssid) -h (fake mac) (interface)

    That will capture full packets from the frags you were sending to the router. Once again you will have to select yes or no. If you say no it wont work. Once you send 1 packet you should at that time see your data packets clim like crazy.

    This was kinda a quick answer for you if you need more detail then go look for clientless WEP cracking. Hope this helped.

  6. #6
    Just burned his ISO
    Join Date
    Dec 2006
    Posts
    10

    Default

    I think the reason I wasn't finding any AP's earlier when I did the test command was because I was on the wrong channel. Regardless, when I run the following command, I receive confirmation that my card can inject.

    Code:
    aireplay-ng -9 ath0
    This is what my AP pings as:
    Code:
    Ping (min/avg/max): 4.542ms/70.745m/95.948ms Power:50.5
    30/30: 100%
    So then I start up airodump-ng with the following command:

    Code:
    airodump-ng -c 1 --bssid (my AP's ssid) -w default ath0
    Once that's started, I run the aireplay-ng command with the following attributes:

    Code:
    aireplay-ng -3 -b (mac address of ap) -h (my ath0 mac address) ath0
    Once I run that, I get a bunch of lines that looks like it's doing a lot. In Xploitz video, his terminal appears to show only one line, and the line just keeps updating. My screen gets flooded with lines. Here's an exact line from the last run I did:

    Code:
    Read 72129 packets (got 260 ARP requests and 23405 ACKs), sent 46719 packets...(500 pps)
    So I look back at my other console, the one with airodump-ng running, and I see the following stats. PWR, depending on where I am, is about 60ish. Beacons seem to go up rather quickly. My #Data seems to jump at first, and #/s looks to be about 300 at first, but quickly falls. Usually, it hits 0 in a few seconds, and my #Data slows down around 1300ish. The CH is correct, the MB speed and ENC are correct, and the ESSID reads correct.

    I've tried pinging a non-existing machine on my network from another computer to see if it helps, and it seems to have no effect. In addition, all the computers in my house seem to lose connection quite a bit while I'm running packet injection - is that normal?

    Also, I ran the same test on another laptop, this one with an intel3954 a/b/g card, and I had the same results.

  7. #7
    Member
    Join Date
    Jun 2008
    Posts
    129

    Default

    Some APs max out at so many IVs. You can run a replay attack several times while using Airodump-ng over a few hours or days if you have to till the AP lets you have more.
    Once you have done it a few times run 'aircrack-ng -z wep-*.*' and it will use all the data in the files and crack it.

  8. #8
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    Quote Originally Posted by Nalif View Post
    Code:
    aireplay-ng -3 -b (mac address of ap) -h (my ath0 mac address) ath0
    You start with this code? Your first line should look like this:

    aireplay-ng -1 0 -a (bssid) -h (mac real or fake) (interface)

    after that you should get a line that says successful. Once you have that then type in your line of:

    aireplay-ng -3 -b (bssid) -h (mac real of fake) (interface)

    try that and let us know if that changes anything.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •