Quote:
|
Originally Posted by joconnor
First i was wondering what packets should i be filtering for with ethereal that would be able to be decoded with chopchop? and produce a prga?
|
Any IP/ARP packet should work. You will have problem with Netbios/netware/appletalk packets. In that case the first five-eight bytes will remain encrypted, IIRC. You get a prga file for each iv, though the format is specific to chopchop. Look up the source. And you get the decrypted pcap file.
Quote:
Secondly i have a 100Mb file which i filtered for arp requests with ethereal
but it doesnt find a single one! is this a common thing on wireless networks and can you force arp requests with the aj0 driver to force dis-associations which might produce at least one arp request maybe?
|
I mentionned ARP packets at the beginning of the thread, but it doesn't matter. It's just they are just very fast to decrypt, since they are short, and full of 0's (0 being the first guess made by chopchop). Just take a short encrypted packet and try it. If you want to see ARP packets in your pcap file, you need to enter your wep key in ethereal preferences/protocols/ieee80211. They are encrypted, and unless you are using static arp tables, there should be quite a few.
ARP packets are used by devine's aireplay to generate traffic (which can be used to recover a key, with aircrack). chopchop doesn't care much about the traffic it generates, the goal is to decrypt a given packet (without the key).