Results 1 to 7 of 7

Thread: IV's collect too slow?

  1. #1
    Just burned his ISO
    Join Date
    May 2006
    Posts
    6

    Default IV's collect too slow?

    Hi all, I've just got myself my own AP to practice using BT on, it's a netgear WG602v3, i've got a 64bit WEP key in place which i'm trying to crack at the moment using a dual booted Dell D505 laptop with a netgear MA401. The trouble is that even when using a deauth attack IVs are captured at a really slow speed, the command I've been using to deauth is:

    aireplay-ng -e backtrack_testbed -a 00:11:22:33:44:55 -c AA:BB:CC:dD:EE:FF --deauth 10 eth1

    ie, 'backtrack_tesbed' is the ESSID i'm using, 00:11 etc is the AP MAC, AA:BB etc is one of my other computers, eth1 is my MA401.

    Is this the right thing to use? Apparently this should cause a huge number of IV's to be captured, but there is no difference I’m capturing about 32 packets a second when I max out my connection (I set off a torrent on the associated computer) and only the odd one or two when the connection is relatively idle (only browsing the web etc)

    1) Is this normal
    2) Am I going about this the right way?
    3) Is the MA401 just rubbish?

    Thank you for your consideration.

  2. #2
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    12

    Default

    im not to much of a wiz myself but the card is in monitor mode right? Im not sure if it will still catch ivs if it is not in monitor mode. to put your card in monitor mode run ifconfig -a to see all devices then pick yours in my case it was wifi0 and then type ifconfig start DEVICE then it will tell you wich one is in monitor mode mine ended up being ath1 was the selectedd one for monitor mode and i get ivs really fast using a similar attack script. try using -x 750 at the end of that command and see if that speeds it up any. From what i understand that will broadcast the messege 750 times a second but i may be wrong!!

  3. #3
    Just burned his ISO
    Join Date
    May 2006
    Posts
    6

    Default

    Thanks for the reply, I tried the -x command too but it made no difference really, that's one thing I can imagine is limited by my MA401 as for setting monitor mode, after I have confirmed details of the network with kismet it's the first thing I do:

    iwconfig eth1 mode monitor

    Any other ideas please?

  4. #4
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    12

    Default

    did you check to see if your card is in fact injecting properly because it should be collecting ivs pretty darn fast. I would see the post for packet injection do a search and you will find it. Because it honestly sounds like you are not injecting the packets, my .02

    ---EDIT---

    Another note i got a netgear wg511t and it injects and captures ivs pretty fast, i bought mine for 22.50 on ebay after shipping. If you cant get it working then maybe try one of those cards, its cheap and it does work

  5. #5
    Junior Member
    Join Date
    Dec 2006
    Posts
    27

    Default

    try --fakeauth or -3 as the attack,no client needed.
    be sure to auth to the AP too...you should get a better iv count.. deauth is an attack to force a client off the AP to make it reconnect and force a handshake from a WPA encryption
    BT3 Beta
    HDD dual boot install
    Toshiba Equium
    Atheros 5004x

    wilkosplus.co.uk

  6. #6
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    23

    Default

    Make sure your card is injecting properly by following the simple tutorial named "Simple check for proper injection" in Remote Exploit Forums > BackTrack v2.0 Final > Tutorials & Guides.

    I can't link to it directly because I don't have enough posts yet. Stupid rule.

  7. #7
    Junior Member
    Join Date
    Dec 2006
    Posts
    42

    Default

    Mmmmh, are you also doing throwing some injection?

    The way you describe it, it sounds like you are only deassociating the station from the AP, but not doing anything when it reassociates. The point of this attack is to force the station to reassociate so you can capture the ARP request it sends and inject it over and over (thus quickly producing new IVs). So one session monitors with airodump, another session is prepared to inject with aireplay (attack 3) and then a third one does the deauth attack (attack 0), also with aireplay.

    Hope it helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •