Quote:
|
Originally Posted by devine
Could be extreme bad luck. Sometimes aircrack just doesn't find the key, no matter what.
|
we have somehow a similar problem.
here's some little description, maybe it helps, maybe you've got some ideas for us :-)
software used: (thanks to devine :-) aireplay, aircrack, airodump
operating system: auditor linux embedded
wlan devices: two prism 2.5 running hostap (for capture and inject), HP iPAQ 4150 to generate potential arp-packets, netgear 108mbit wlan card for generating ordinary traffic
first scenario:
one ap gets pingflooded from the first notebook
the second notebook captures with airodump
-> 45 min., 600000 IVs found, 500000 usable "unique" IVs in aircrack -> we get the correct key..
second scenario:
same accesspoint not getting pingflooded this time
same "second notebook" tries to inject the dumpfile from above (the one with 500000 uniques) with aireplay and can only find 1 (!) usable potential arp-packet. -> okay, we thought, let's try it anyways
third notebook captures with airodump
-> 45 min., 600000 IVs found, 500000 usable "unique" IVs in aircrack -> we get the correct key..
third scenario:
same accesspoint not getting pingflooded
my HP iPAQ 4150 tries to connect to the ap without knowing the wep-key
"second notebook" captures 300 IVs (about 5-10 min.) and tries to inject resulting 32 arp-packets
third notebook captures with airodump
-> 2h., 2000000 IVs found, 1800000 usable "unique" IVs in aircrack -> we
don't get the key..
-> we keep on injecting and capturing and switch the ap off in between -> the amount of IVs still raises and we give up (useless try)
fourth scenario:
same accesspoint not getting pingflooded
"first notebook" just surfes the net to generate some little traffic (no download!)
"second notebook" captures 300 IVs (about 3 min.) and tries to inject resulting 130 arp-packets
third notebook captures with airodump
-> 2h., 7000000 IVs found, 6900000 usable "unique" IVs in aircrack -> we
don't get the key..
-> we guess it's just another useless try
can someone explain that to us? no matter how often we repeat scenario 1 and 2 we
always get the key round about at the same amount of IVs.
if aircrack shows xxxxxxxxxx (in our case 7000000) "unique IVs", are all of them really usable for cracking?
it seems for us, that we always only capture our own re-injected files and almost none of the ap's replies. these files are shown as uniques but don't help for cracking (thats at least what we think)
what kind of arp-packets are needed to make the ap reply
really interesting IV's? how can we generate them?
last but not least how many potential-arp-packets would you inject? would you take exactly 1, or maybe 30 or 130 or 3000? maybe there's our mistake.
anyways thanks for reading and sunny greetings from snowy germany
-rytox