Results 1 to 9 of 9

Thread: ARP Problems

  1. #1
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default ARP Problems

    Everytime I try to do an ARP request replay attack on my router I don't know what happens but airodump-ng seems to freeze and I have to restart my computer for everything to start working again. I am using an older laptop so I think it could be the problem and my wireless adapter is an ALFA with the RTL8187L.


    Ok I am using the command aireplay-ng -3 -b (AP Mac) -c (Client connected Mac) mon0 , do I need to include the -h even though I didn't do a fake auth?

    I did this and I got back (got 5000 ARP requests and 9000 ACKS), set 10000 packets, but I am not getting any #Data increase.
    Last edited by Mortifix; 07-27-2010 at 10:25 PM.
    I hate Google.

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: ARP Problems

    As to the freezing, are you running live or persistent, and where are you saving the data?
    Last edited by Gitsnik; 07-27-2010 at 11:22 PM. Reason: s/fake/de-/ ; you know what, it's too darn early for me to be answering questions. If you saw it, ignore it :)
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default Re: ARP Problems

    Persistent and the files are being saved to the root.
    I hate Google.

  4. #4
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    8

    Default Re: ARP Problems

    I'm pretty new to backtrack so if I'm off base, let me know. I'm going to assume your doing simple WEP cracking, and after you bring up airodump-ng and start running aireplay-ng for an ARP replay attack is when your experiencing the problem.

    You want to use the '-h' option when doing an ARP replay attack and specify your MAC address. The '-c' option specifies the Destination MAC address, you just want to specify your MAC and the BSSID of the AP. The command you should run should be
    Code:
    aireplay-ng -3 -b <bssid of ap> -h <your mac> mon0
    Check out this tutorial for more info on ARP replay attacks and aircrack-ng, and check here for the "man" page to aireplay-ng.

    Also, on the destination AP try and hook up a second wireless device and do some casual internet browsing, and start a few pings. You'll notice that your #Data and ARP packets will start to increase rapidly. You should get anwhere between 100 to 500 #/sec in airodump-ng.

  5. #5
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default Re: ARP Problems

    I've experienced similar problems:

    1. When using a LiveCD on an old Dell Latitude D820, this happens sometimes.
    2. When using a persistent USB install on a cheap xPatriot 4GB USB drive (same laptop), this happens consistently.

    I spent a lot of time trying to troubleshoot the problem, then finally decided to install BackTrack natively on the old laptop. Everything works like a charm. Also, I decided to do my research and learn how to crack wireless using a BT4 VM with a USB antenna that supports packet injection. That's now my preferred method of doing it.

    Regarding the 2nd part of your question about the command you are using; it sounds like you might want to use another laptop or wireless device to try to authenticate with the access point while you're capturing packets, then give it a minute and you'll see the numbers increase. It just depends on your lab setup; there are plenty of posts and webpages that give you information about which commands and options to use in different situations.

    Hope this helps.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Default Re: ARP Problems

    Hi Mortifix,
    This link from aircrack-ng.org should help you with the arp-request_reinjection.
    hxxp://www.aircrack-ng.org/doku.php?id=arp-request_reinjection

    As for airodump-ng freezing it's can be due to the injecting starting in aireplay-ng.
    If airodump-ng freeze, stop airodump-ng with Ctrl+Z in the airodump shell. then restart airodump-ng again. You should see after that, airodump-ng and aireplay-ng will work without having to reboot your computer to get them working again.

  7. #7
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default Re: ARP Problems

    Ok after playing around with it a bit the problem still happens, but I just unplug my USB wireless device and give it a minute then plug it back in and it seems to work fine until I do it again. If I don't unplug it and try to start everything over it tells me that the device has timed out. I have also tried fake auth and targeting my MAC, but I get the same results. Also, the computer I am using is an old Dell laptop as well. I think I might just try the VMware route on my good laptop and see if that makes a difference.
    I hate Google.

  8. #8
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Default Re: ARP Problems

    try
    aireplay-ng -3 -a <Access Point MAC address> -h <Source MAC address> -x 100 mon0

    With the -x option you can set the number of packets reinjected per second.

  9. #9
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default Re: ARP Problems

    OK I am going to give that a try and see what happens.
    I hate Google.

Similar Threads

  1. Replies: 2
    Last Post: 07-19-2010, 11:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •