Results 1 to 3 of 3

Thread: Bizarre airodump behavior

  1. #1
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Question Bizarre airodump behavior

    I have run some (clientless) WEP cracking successfully on my own home network. As I'm situated out in the woods and don't have many devices, it's fairly close to a clean-room for running aircrack. Having done that, I thought it time to move up to a similar, but slightly more complex situation. So, I brought my laptop out to my gf's place to try her network. She lives in a neighborhood with roughly six different wifi networks of varying strength running. I get as far as running the frag attack portion of the procedure, when something bizarre begins to happen in airodump. All traffic stops moments into listening for a packet, then all APs just drop from airodump. Her laptop, meanwhile, can still communicate just fine. I'm completely baffled. I assume that my card isn't receiving anything anymore, because this has happened multiple times, and it makes no sense why all traffic would cease on different networks all at once. The card, itself, seems to work just fine, as my other partition has no issues with running it, and I was able to successfully go through a clientless WEP attack on this network, so whatever the difference has to be with the different situation.

    FWIW, my pattern:
    airmon
    airodump (get the collection started as early as possible and useful for getting the AP's MAC)
    aireplay -1 (fake auth)
    aireplay -5 (frag) (airodump stops reading packets at the start of this, and aireplay reads only a few hundred packets before also freezing its count)
    packetforge
    aireplay -2 (replay the forged packed)
    aircrack

    Update: Moving about with the laptop seems to get things going again. But, it eventually stops if I stay still. Again, iit's only happening here.

  2. #2
    Just burned his ISO
    Join Date
    May 2007
    Posts
    11

    Default

    O.K. for one give us a little bit more technical information to go off of. Which version of Aircrack-ng are you using? Which wireless card are you using? Show us the syntax your pumping into aircrack-ng and get a packetdump using tcpdump of this happening. A little info can go a long way.

    sleepless

  3. #3
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Default

    I don't have my laptop with me and I'm nowhere near that network, so I'll try to answer as best as I can, then try to update later with more detailed information. I'm using Backtrack2, so the software is in every case the version that shipped with the release, with the exception of Firefox which seems to have updated itself.

    The card is a Netgear WG511, the one that was recommended in the "which card to buy" thread for doing the usual bands and being more affordable than one with an external antenna. It uses the Atheros chipset, so it loads the madwifi-ng drivers.

    Bearing in mind that the MAC addresses are different than I'm using, the syntax goes (from memory):

    airmon-ng start wifi0
    airodump-ng -w cap --ivs -c 1 ath1
    export AP=12:34:56:78:90:12
    export WIFI=27:45:56:84:45:38
    aireplay -1 0 -e MLD -a $AP -h $WIFI ath1
    aireplay -5 -b $AP -h $WIFI ath1

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •