First post on the forums - hope someone can point me in the right direction.
I've been trying to use aireplay with the -2 option to generate some IVs. I got this working perfectly for one type of AP, but it seems to give different results for another.
I've been using the Wiki as a reference: interactive_packet_replay [Aircrack-ng]
My first attack got back the correct data eg:
Where the Destination mac is FF:FF:FF:FF:FF:FF
Read 4 packets...
Size: 68, FromDS: 0, ToDS: 1 (WEP)
BSSID = 00:14:6C:7E:40:80
Dest. MAC = FF:FF:FF:FF:FF:FF
Source MAC = 00:0F:B5:34:30:30
0x0000: 0841 de00 0014 6c7e 4080 000f b534 3030 .A....l~@....400
0x0010: ffff ffff ffff 4045 d16a c800 6f4f ddef ......@E.j..oO..
0x0020: b488 ad7c 9f2a 64f6 ab04 d363 0efe 4162 ...|.*d....c..Ab
0x0030: 8ad9 2f74 16bb abcf 232e 97ee 5e45 754d ../t....#...^EuM
0x0040: 23e0 883e #..>
When I do the same command on another AP, I seem to get a different Dest. Mac -> 01:00:5E:00:00:01 which seems to have something to do with a multicast if I have understood this correctly.
On the first AP, this generated ~ 20,000 IVs and allowed me to break the 64bit WEP
On the second AP, I tried several times - generating up to 200,000 IVs but still can't seem to crack the WEP key. I have toggled the -n option on aircrack incase it's 128bit but to no avail.
Can someone shed any light on this? Perhaps I have overlooked something simple. Also, is it possible to tell if the WEP is encrypted with 64 or 128bit?