but if you are not getting arp request look the source code.
tkiptun-ng works in 802.11e wirelesse network
if you dont get arp paquet, you are not in 802.11e network
or you have not actived it.
xnoor the AP and the client need to both support 802.11e. You can check your access point by logging into it. I know my Belkin AP has an option for QoS mode under the wireless section.
Some AP's have this on by default, especially the ones that come with that fancy sticker that says voip support.
My ddwrt supports it but it need to be enabled in the firmware .. thats really the only way to turn it on. I will say that airodump can spot AP's that have this turned on you just need to know what to look for.
As for the actual attack ive never done it myself so i dont have a clue what steps need to be taken ... one thing that kinda bothered me tho while doing some searching, and pretty much the main reason im posting here is.
What exactly does this attack do .. i know it will give you a few bytes of the passcode, but is there a way to plug that into cowpatty or aircrack to speed up the cracking process?
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
i'm stuck to capture.
my computer have successful michael=>> but can't not capture a handshake.
i use iwl3945. somebody can solve!!!please, help me(i'm very poor).
somebody can step by step show me how to crack wpa tkip use tkiptun-ng by iwl3945
WPA uses a seperate encryption "seed" for each client, thus getting a single "seed" allows you to read that clientss transmissions and gain recon before even touching the network (get the IPs/netmask if its not using DHCP, learn who is most active, and maybe why, etc)
I use the word seed very loosely because that is not the actual term but is the nicest way to put it.