Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: How do you speed up packet injection?

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default How do you speed up packet injection?

    What are some of the bottlenecks of arp packet injection using aireplay? I was recently at a client site performing a wireless security assessment, and could not get more than 20 packets per second, regardless of aireplay settings. The access point just wasn't having it. Several hours later, I have only about 150k IVs, not nearly enough for aircrack to get the key, and have to call it a night.

    The last several tests like these I did, I was getting 5-10 times the packets per second and was in and out of each sites in an hour, WEP key in hand. I haven't encountered this slowdown before..

    aireplay's docs say the actual arp packet which was originally captured may affect speed, but what else? Do I need two laptops?

    I'm using the ubiquiti 300mw abg card with a simple omni clip-on antenna. It's being done from inside my car. The only difference on this latest test is its a factory, rather than a small building, but they do have 6 separate access points, some which seem very close to where I parked my car.

  2. #2
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    5

    Default

    Sounds like you are performing an illegal activity. This forum does not condone that sort of behavior. Unless of course, you are the network administrator and you are trying to emulate an attacker's environment. But for some reason, I'd think otherwise.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by heyaz View Post
    What are some of the bottlenecks of arp packet injection using aireplay? I was recently at a client site performing a wireless security assessment, and could not get more than 20 packets per second, regardless of aireplay settings. The access point just wasn't having it. Several hours later, I have only about 150k IVs, not nearly enough for aircrack to get the key, and have to call it a night.

    The last several tests like these I did, I was getting 5-10 times the packets per second and was in and out of each sites in an hour, WEP key in hand. I haven't encountered this slowdown before..

    aireplay's docs say the actual arp packet which was originally captured may affect speed, but what else? Do I need two laptops?

    I'm using the ubiquiti 300mw abg card with a simple omni clip-on antenna. It's being done from inside my car. The only difference on this latest test is its a factory, rather than a small building, but they do have 6 separate access points, some which seem very close to where I parked my car.
    If this is truly a client, shouldn't you know for sure where the AP's are and how many?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Actually it's a client to which I am contracted. The wireless penetration test is ultimately part of a vulnerability assessment included under their yearly Sarbanes Oxley audit whereby an IT control mandates it. Their infrastructure is such that a wireless assessment was essential for a full audit....

  5. #5
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Quote Originally Posted by streaker69 View Post
    If this is truly a client, shouldn't you know for sure where the AP's are and how many?
    Nope. Unless the scope of the particular test is very large (such as a complex internal network), it is treated mostly as a black-box test where I am only given an address and told there may be wireless implemented there. This is the type of test they paid for.

  6. #6
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by heyaz View Post
    What are some of the bottlenecks of arp packet injection using aireplay?.
    Distance from the AP perhaps?

    Also see http://www.aircrack-ng.org/doku.php?...jection_speeds
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by heyaz View Post
    Several hours later, I have only about 150k IVs, not nearly enough for aircrack to get the key, and have to call it a night.
    With aircrack-ptw, 150k IVs gives you about 99.9% probability of cracking that WEP.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  8. #8
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    SNR will be a huge factor as well.

  9. #9
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Thanks guys. I will try aircrack-ptw against the IVs (I saved them on a usb drive) and see if I did indeed get enough to crack it. Some documentation for aircrack-ng was saying at least 400k could be needed for 108-bit or up to 1.5 million. I've done it before with 120k, but maybe that was luck?

  10. #10
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    yes with the good injection techs, and ptw attack....i manage to crack my ap in less 80 secs....

    i also manage to achieve 1200 pps /sec injection....
    with arp ampli
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •