Results 1 to 2 of 2

Thread: Packet Replay Problem

  1. #1
    Just burned his ISO Blind-Summit's Avatar
    Join Date
    Jan 2010
    Norwich, England

    Question Packet Replay Problem


    First post on the forums - hope someone can point me in the right direction.

    I've been trying to use aireplay with the -2 option to generate some IVs. I got this working perfectly for one type of AP, but it seems to give different results for another.

    I've been using the Wiki as a reference: interactive_packet_replay [Aircrack-ng]

    My first attack got back the correct data eg:

     Read 4 packets...
          Size: 68, FromDS: 0, ToDS: 1 (WEP)
               BSSID  =  00:14:6C:7E:40:80
           Dest. MAC  =  FF:FF:FF:FF:FF:FF
          Source MAC  =  00:0F:B5:34:30:30
          0x0000:  0841 de00 0014 6c7e 4080 000f b534 3030  .A....l~@....400
          0x0010:  ffff ffff ffff 4045 d16a c800 6f4f ddef  ......@E.j..oO..
          0x0020:  b488 ad7c 9f2a 64f6 ab04 d363 0efe 4162  ...|.*d....c..Ab
          0x0030:  8ad9 2f74 16bb abcf 232e 97ee 5e45 754d  ../t....#...^EuM
          0x0040:  23e0 883e                                #..>
    Where the Destination mac is FF:FF:FF:FF:FF:FF

    When I do the same command on another AP, I seem to get a different Dest. Mac -> 01:00:5E:00:00:01 which seems to have something to do with a multicast if I have understood this correctly.

    On the first AP, this generated ~ 20,000 IVs and allowed me to break the 64bit WEP

    On the second AP, I tried several times - generating up to 200,000 IVs but still can't seem to crack the WEP key. I have toggled the -n option on aircrack incase it's 128bit but to no avail.

    Can someone shed any light on this? Perhaps I have overlooked something simple. Also, is it possible to tell if the WEP is encrypted with 64 or 128bit?


  2. #2
    Just burned his ISO addyall's Avatar
    Join Date
    Mar 2010

    Default Re: Packet Replay Problem

    When running aircrack-ng on the .cap file, try adding the -K argument because it is possible the key is longer than 128-bits. It may be possible to tell which bit type of encryption the AP uses by checking the plain-text dump file that is generated by Airodump-ng, but this is just a guess.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts