Results 1 to 2 of 2

Thread: IPW2200 and Aircrack

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008

    Default IPW2200 and Aircrack

    Here's my info:
    IPW 2200
    Dell Inspiron 6000
    BT3 final live cd version

    Here's my problem.

    I run aireplay:

    aireplay-ng -0 10 -a 001CDF402A01 (BSSID of target) -c 000102030405 (fake mac) eth1

    Before I run it though I open a new shell and:
    aireplay-ng -3 -b 001CDF402A01 (BSSID of target) -h 000102030405 eth1

    I start this 2nd shell and then the 1st.

    The 1st shell says sending 64 directed deauth. stmac: [00:01:02:03:04:05] [0] 0 ACKS]

    The 2nd shell says: read 123456 packets (number increasing) (got 0 arp requests and 0 ACKs), sent 0 packets...(0 pps)

    Before all of this I am also running airodump to capture the packets.

    By the looks of it I'm not injecting any packets....I think....can someone please help?? Or at least point me in the right direction.. I had this same problem using Xubuntu. Under that distro I downloaded and installed the patched ipw2200 drivers and had this same problem. That is why I got BT3....I thought the IPW drivers were ready to inject.....are they?? Or am I doing something else wrong.

    Thanks for any help you can give to this noob.

  2. #2
    Just burned his ISO
    Join Date
    Oct 2008


    I know this post is now a month old so the OP may have found the answers elsewhere, but I figured I would reply with some help anyway. Also note that while I am not completely new to Backtrack, Linux, and security, I'm still learning.

    One big thing I want to bring up before I start is that there is a ton of information on using ipw2200 cards with the aircrack suite, so if you haven't already done so, try Google.

    Some Help:

    1. When you post, try to clarify things as much as possible. For instance, when you say:

    aireplay-ng -0 10 -a 001CDF402A01 (BSSID of target) -c 000102030405 (fake mac) eth1
    I'm not sure if "fake mac" means your own spoofed MAC address, or the MAC address of an authed client on your network/network you have permission to audit. If "fake mac" refers to your own MAC address, then you are running the deauth against yourself.

    2. Check the command for your ARP replay attack. Normally this would be alright, but since you're using the ipw2200 you'll need to go about it differently:

    aireplay-ng -3 -b <TARGET_AP> -h <ASSOCIATED_MAC> -i rtap0 eth1
    The -b switch right, but you want to make sure the MAC address specified in -h is that of a client that is already associated with the targeted access point. Since you've got an ipw2200 card you cannot actively monitor and inject at the same time, so we use the -i switch to monitor on the rtap0 interface. I noticed you haven't mentioned rtap0 at all yet, and this is essential to speedy WEP cracking using an ipw2200, so if you don't know about it, find out what it is, what it does, and how to use it to make your life easier.

    3. When you're running airodump-ng you have to tailor your syntax to the ipw2200 workarounds. Again, research the rtap0 interface.

    Additional Stuff

    It would be best to do some research on the ipw2200 because there are a lot of limitations to it. That's not to say it's useless hardware, but the more you know, the less trouble you'll have solving these problems.

    • I didn't mention it above, but ipw2200 doesn't allow for injection of management frames, so the deauth attack will not work.
    • Check aircrack-ng's site for documentation on the techniques that are used, as well as for ipw2200 specific information.
    • Remember that Google is your best friend.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts