Results 1 to 2 of 2

Thread: Aircrack-ng (-2) issue

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009

    Default Aircrack-ng (-2) issue

    Hello everybody,

    I'm new to this forum (and quite a noob, but not totally ignorant ) and I hope I can get some help with an issue that is really driving me crazy...
    I couldn't find any similar issues with google or on the forum.

    A while ago I decided to crack an old (WEP) router with BT4 beta.
    everything worked juist fine , I made airodump write a capture file,
    used aireplay -1 to commit fake authentication:
    (aireplay-ng -1 0 -e [ESSID] -a [BSSID] -h [CLIENTMAC] mon0)

    used aireplay -3 to commit an ARP replay attack:
    (aireplay-ng -3 -b [BSSID] -h [CLIENTMAC] mon0)

    ...and aireplay-ng -2 to commit interactive packet replay.
    (aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [BSSID] 0 -h [CLIENTMAC] mon0)

    ...about a month ago, this worked like a charm. As soon as I started the aireplay-ng -2 attack, the data indicator was at 50.000 packets in about 2 minutes.
    but when I tried to do exactly the same thing a few days ago, with exactly the same configuration on the router and the same WIFI USB dongle I used before, the "aireplay-ng -2" attack doesn't work anymore. it just keeps reading packets without ever catching one for replay.

    -WIFIcard: linksys compact wireless USB-adaptor (WUSB54GC)
    -AP: Sitecom 54G WL535
    -PC: Acer Aspire 5920G (laptop)
    -It's not a BT configuration issue, since I use a live USB distribution
    -It doesn't seem AP related since I have the same issue an other AP of a friend of mine, wich I also cracked before with succes.
    -Its not an USB-dongle issue since I have an similar one with exactly the same issue

    ...maybe I'm overlooking something?

    I tried BT4 pre-final, but the same problem here.
    The thing that is driving me crazy is that it all worked just fine a month ago.
    I hope someone can help me!

  2. #2
    Join Date
    Jan 2010


    Sometimes the aireplay -4 (chopchop) doesn't complete the xor file and tells you to use another packet. This happens if the AP drops packets that are shorter than 42 bytes, aireplay then tries to guess the rest of the data (the workaround) if the headers are predictable. If it caches an IP packet it will check if the checksum of the header is correct after guessing the missing parts.

    If non of this works it will fail and tell you to use another packet.
    SecurityTube has two new sections. Questions & News

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts