Aireplay-ng -5 impossible to grab and save packet

[Zarachenko]

Hello,

I've just installed BT4 RC2 on a vmware virtual machine (vmware image downloaded on the Backtrack website), I've successfully plugged () my USB wifi card, Alfa AWUS0H36H and it seems to work like a charm, I can put it in mon mode :

Code:

airmon-ng start wlan0

Interface       Chipset         Driver

wlan0           RTL8187         rtl8187 - [phy0]
                                (monitor mode enabled on mon1)
mon0            RTL8187         rtl8187 - [phy0]

However, while I'm trying a fragmentation attack on my box, I come with a weird error :

Code:

aireplay-ng -5 -b A2:8E:9C:1E:B0:60 -h 00:C0:CA:40:E9:33 mon0
04:13:12  Waiting for beacon frame (BSSID: A2:8E:9C:1E:B0:60) on channel 11
04:13:12  Waiting for a data packet...
Read 19576 packets...

        Size: 120, FromDS: 1, ToDS: 0 (WEP)

              BSSID  =  A2:8E:9C:1E:B0:60
          Dest. MAC  =  33:33:00:00:00:16
         Source MAC  =  00:07:CB:43:9E:07

        0x0000:  0842 0000 3333 0000 0016 a28e 9c1e b060  .B..33.........`
        0x0010:  0007 cb43 9e07 8073 ee83 c700 04fe 85f8  ...C...s........
        0x0020:  b39e 873d 6856 e36a 5e70 4b2d 9211 e099  ...=hV.j^pK-....
        0x0030:  4eea 410a cc4c 0521 a1ce 781a 4776 6916  N.A..L.!..x.Gvi.
        0x0040:  b568 de1c df91 27a5 681a 0e6c 2748 899e  .h....'.h..l'H..
        0x0050:  334b 5198 aada 27e6 1a15 7a60 6618 560a  3KQ...'...z`f.V.
        0x0060:  1882 2a9a 6761 c379 bab9 fc75 b615 59c0  ..*.ga.y...u..Y.
        0x0070:  6c3c da83 5c3c d1b9                      l<..\<..

Use this packet ? y

Saving chosen packet in replay_src-1214-041505.cap
04:15:08  Data packet found!
04:15:08  Sending fragmented packet
04:15:10  No answer, repeating...
04:15:10  Trying a LLC NULL packet
04:15:10  Sending fragmented packet
04:15:11  No answer, repeating...
04:15:11  Sending fragmented packet
04:15:11  Not enough acks, repeating...
04:15:11  Sending fragmented packet
04:15:11  Not enough acks, repeating...
04:15:11  Sending fragmented packet
04:15:13  No answer, repeating...
04:15:13  Trying a LLC NULL packet

(I launched a fakeauth in the same time )

Code:

aireplay-ng --fakeauth 6 -e dc -a A2:8E:9C:1E:B0:60 -h 00:C0:CA:40:E9:33 mon0

I don't understand while the framengmentation of the packet doesn't work, any idea ? hardware incompatibility ? (here is my lsusb)

Code:

lsusb
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

and my iwconfig after airmon-ng start wlan0 :

Code:

 iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11bg  Mode:Monitor  Frequency:2.462 GHz  Tx-Power=20 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

mon0      IEEE 802.11bg  Mode:Monitor  Frequency:2.462 GHz  Tx-Power=20 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

I thank you all in advance for your futur answers

Zara

[TheFlyingDutchMan]

I am not the most advanced user, but I have never seen this error before. I can tell you, that NOT every data packet is good for injection, out of experience. Solution: try another one.

[Jimmy87]

Also not advanced at this but a few points;

Have you tried an injection test first?
Did you authenticate before you started the fragmentation attack?

I can't quite remember how aireplay works but looking at your output, you had to wait for 19000+ packets before you received a data packet? (what I can't remember is whether aireplay resets that counter each time you use a packet) So why does it take so long for you to receive a data packet, too far?

Can you try the chopchop attack?

[Citruspers]

^ What he said. The attack doesn't work with every single packet (like broadcasts, I believe). Just lurk around on your network a bit more.

Also, the not-enough-acks might mean that your router is being overloaded and can't reply to every SYN sent?

[Zarachenko]

Ok, I tested the injection function it worked, so you might be right, it's not a problem of hardware incompatibility.

I will try to use another packet when I have some free time ^^

Also, the not-enough-acks might mean that your router is being overloaded and can't reply to every SYN sent?

I see, maybe I must stop keeping sending fakeauths

I will try a bit more and I will come back for feedbacks, thanks a lot