How to increase max packet injection rate?

**toymachineman19** · 01-25-2008, 03:24 PM

Hello all,

Alright, first off I have a Dell Inspiron 1520 Laptop, with a Dell WLAN 1390 Mini Card, which is a broadcom chipset, using the bcm43xx drivers included in BT3 beta. So, with aireplay-ng, I can successfully inject ARP packets and increase the IVs. However, if left without the -x option, it begins to inject packets at 499-500 packets per second, then gives me an error about memory buffer overflow or something (I will double check the exact message when I next boot into backtrack). When I use the -x option to limit the pps to about 150, it works great, and I can inject until I have enough IVs consistently until I have enough, but is there any way I can increase the rate at which my card will let me inject? Also I know this is a problem with my card, because I have tried it at home, as well as my friend letting me borrow his AP to try it on. Thanks!

**abitaz** · 01-25-2008, 05:15 PM

Sorry to break this news to you, but the Broadcom chipset and driver can't handle any quicker. Be happy, because my Broadcom overflows if I inject any faster than 14 packets per second, so if you can set it at 150, lucky you.

Originally Posted by toymachineman19

Hello all,

Alright, first off I have a Dell Inspiron 1520 Laptop, with a Dell WLAN 1390 Mini Card, which is a broadcom chipset, using the bcm43xx drivers included in BT3 beta. So, with aireplay-ng, I can successfully inject ARP packets and increase the IVs. However, if left without the -x option, it begins to inject packets at 499-500 packets per second, then gives me an error about memory buffer overflow or something (I will double check the exact message when I next boot into backtrack). When I use the -x option to limit the pps to about 150, it works great, and I can inject until I have enough IVs consistently until I have enough, but is there any way I can increase the rate at which my card will let me inject? Also I know this is a problem with my card, because I have tried it at home, as well as my friend letting me borrow his AP to try it on. Thanks!

**toymachineman19** · 01-25-2008, 08:27 PM

Alright, thanks, somehow I was able to get 300 pps just a few minutes ago, I'm not sure how though. Thanks for the answer though, I just read some documentation and it said that injection was slower on broadcom, so I guess I am pretty lucky i can get 150 on average.

**-=Xploitz=-** · 01-25-2008, 09:13 PM

I have the Broadcom 4311 and it injects constantly at a rate of 500pps. All packets injected are valid. Its the best card I have for pps...its even better than any other card I have. The down side to this is that it locks up every 5 seconds and I have to repeat the command line to "re-inject"..and thats such a pain in the as....other than that, no problems with it at all.

**imported_spankdidly** · 01-25-2008, 09:18 PM

Originally Posted by -=Xploitz=-

I have the Broadcom 4311 and it injects constantly at a rate of 500pps. All packets injected are valid. Its the best card I have for pps...its even better than any other card I have. The down side to this is that it locks up every 5 seconds and I have to repeat the command line to "re-inject"..and that such a pain in the as....other than that, no problems with it at all.

Just remember Folks, Sploitz practices voodoo as well. That's how he got the broadcom to work so well.

**-=Xploitz=-** · 01-25-2008, 09:31 PM

Originally Posted by spankdidly

Just remember Folks, Sploitz practices voodoo as well. That's how he got the broadcom to work so well.

voodoo!!

Heres my proof.

500pps!!!!

Notice the top it says

write failed: Cannot allocate memory
wi_write() Illegal seek

Thats the broadcoms ONLY flaw.

**abitaz** · 01-25-2008, 10:08 PM

Actually, it's got a coupla other faults, i.e. the power in airodump doesn't get reported, and shows -1 or 0..., and some.

Originally Posted by -=Xploitz=-

voodoo!!

Thats the broadcoms ONLY flaw.

**-=Xploitz=-** · 01-25-2008, 10:14 PM

Originally Posted by abitaz

Actually, it's got a coupla other faults, i.e. the power in airodump doesn't get reported, and shows -1 or 0..., and some.

Theres a fix for that as well.

Code:

http://downloads.openwrt.org/sources/broadcom-wl-4.80.53.0.tar.bz2

Code:

http://prdownload.berlios.de/bcm43xx...er-008.tar.bz2

You might need to make a module out of latest kernel, so I would probably go this route:

Code:
# get a copy of the tree
git clone git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6.git
cd wireless-2.6
# checkout all the other stuff
git checkout -b everything
# copy your existing kernel config
cp /boot/configxxxxxxxxx .config
make menuconfig
# make sure the bcm driver is configured as a module
make
sudo make install

Thanks goes to Berkut for pointing this out to me a few months ago.

See this thread for more details.

Code:

http://forums.remote-exploit.org/sho...adcom+internet

**toymachineman19** · 01-27-2008, 06:52 AM

Hey Xploitz, I guess I didn't explain it all, I can do 500 pps for around 5 sec before it gives me the
write failed: Cannot allocate memory
wi_write() Illegal seek

also, so I mean I guess it still works.

**JCasper** · 01-27-2008, 08:03 PM

Well, I can send 500 pps, but airodump shows the AP only recieving 50-60 per second tops. Does that mean I have the potential to get 500 if I craft my packets differently or something? Or possibly get closer to the AP....idk

BackTrack Linux - Penetration Testing Distribution

Thread: How to increase max packet injection rate?

Thread Tools

Search Thread

Display

How to increase max packet injection rate?

Posting Permissions