NetStumbler.org Forums - View Single Post

opr__ · 01-16-2005

Hi all,

here is my problem:
I have a wifi protected with WEP 128 bits key for testing. I first dumped about 300k packets with Kismet using regular traffic (ftp-data). Here is the output of the statistics with weplab:

# ./weplab -a ../Kismet-Jan-15-2005-1.dump
weplab - Wep Key Cracker Wep Key Cracker (v0.1.3).
Jose Ignacio Sanchez Martin - Topo[LB] <topolb@users.sourceforge.net>

Statistics for packets that belong to [00:05:5D:5C:21:9A]
- Total valid packets read: 321344
- Total packets read: 321344
- Total unique IV read: 321344
- Total truncated packets read: 0
- Total non-data packets read: 0
- Total FF checksum packets read: 0

The next day, I again dumped traffic but now using 'ping -f' to generate as much traffic as fast as possible on the wireless. The statistics output of weplab:

# ./weplab -a ../Kismet-Jan-16-2005-1.dump
weplab - Wep Key Cracker Wep Key Cracker (v0.1.3).
Jose Ignacio Sanchez Martin - Topo[LB] <topolb@users.sourceforge.net>

Statistics for packets that belong to [00:05:5D:5C:21:9A]
- Total valid packets read: 277546
- Total packets read: 277546
- Total unique IV read: 277546
- Total truncated packets read: 0
- Total non-data packets read: 0
- Total FF checksum packets read: 0

Now, I both ran weplab and aircrack (with default fudge factor) and even after 9 hours, the key of the first dump could not be found. When I ran weplab and aircrack on the second dump, he cracked it within 5 minutes. How is this possible? The first dump has even more unique IV's than the second dump ... anyone has a reasonable explanation for this?

btw, does anyone know a tool which can replay packets on the wifi interface on BSD? Because most of the tools like aireplay and chopchop use the netpacket interface which is nonexistant on BSD. I did manage to get weplab (only the cracking, not dumping of packets) and aircrack (again, only aircrack and 802ether, not dumping) working on OpenBSD.

regards

01-16-2005	#1 (permalink)
opr__ Registered Member Join Date: Sep 2004 Posts: 1	weplab/aircrack Hi all, here is my problem: I have a wifi protected with WEP 128 bits key for testing. I first dumped about 300k packets with Kismet using regular traffic (ftp-data). Here is the output of the statistics with weplab: # ./weplab -a ../Kismet-Jan-15-2005-1.dump weplab - Wep Key Cracker Wep Key Cracker (v0.1.3). Jose Ignacio Sanchez Martin - Topo[LB] <topolb@users.sourceforge.net> Statistics for packets that belong to [00:05:5D:5C:21:9A] - Total valid packets read: 321344 - Total packets read: 321344 - Total unique IV read: 321344 - Total truncated packets read: 0 - Total non-data packets read: 0 - Total FF checksum packets read: 0 The next day, I again dumped traffic but now using 'ping -f' to generate as much traffic as fast as possible on the wireless. The statistics output of weplab: # ./weplab -a ../Kismet-Jan-16-2005-1.dump weplab - Wep Key Cracker Wep Key Cracker (v0.1.3). Jose Ignacio Sanchez Martin - Topo[LB] <topolb@users.sourceforge.net> Statistics for packets that belong to [00:05:5D:5C:21:9A] - Total valid packets read: 277546 - Total packets read: 277546 - Total unique IV read: 277546 - Total truncated packets read: 0 - Total non-data packets read: 0 - Total FF checksum packets read: 0 Now, I both ran weplab and aircrack (with default fudge factor) and even after 9 hours, the key of the first dump could not be found. When I ran weplab and aircrack on the second dump, he cracked it within 5 minutes. How is this possible? The first dump has even more unique IV's than the second dump ... anyone has a reasonable explanation for this? btw, does anyone know a tool which can replay packets on the wifi interface on BSD? Because most of the tools like aireplay and chopchop use the netpacket interface which is nonexistant on BSD. I did manage to get weplab (only the cracking, not dumping of packets) and aircrack (again, only aircrack and 802ether, not dumping) working on OpenBSD. regards Last edited by opr__ : 01-16-2005 at 09:59 AM.