scope

Ok. Tried it again, it worked. Sorry, really confused the different files, versions and stuff.

Thanks!

However the second issue persists:

ap, no client associated.

Two terminals on my desktop:

1. terminal:

aireplay -1 try2hackme -a apmac -h clmac eth2

clmac is the mac of a client usually connected.

aireplay says:

16:28:57 Sending Authentication Request
16:28:57 Authentication successful
16:28:57 Sending Association Request
16:28:57 Association successful

this is repeated every 30 seconds.

2. terminal:

aireplay -4 -a apmac -h clmac -r chop eth2

Will run for a while, successful guessing bytes, then break with:
"Failure: Got a deauth from..." (aireplay.c, line 1905 to 1912)

I noticed that this happens exactly when the other terminal sends a request sequence.
So if aireplay got lucky, guessing all the bytes beetween the 30 seconds auth interval, everything works.
Maybe the two aireplay instances disturb each other?

What does actually work is the following:
Start fake auth, let it auth and associate, immediately stop it again (so it can´t send another request after 30s). Then start aireplay.
My AP keeps thinking for a while that the station is connected, enough time for aireplay to decrypt the packet.

Well, if I associate by hand, aireplay -4 works, too.

I uncommented the above error message, then recompiled aireplay.c.
Now, when terminal 1 does another fake auth terminal 2 breaks with the next error: "Failure: the access point does not properly discard..." (aireplay.c line 1922 to 1928).
If I uncomment this, too, something weird happens:

aireplay -4 stops guessing bytes when terminal 1 send an auth, but will continue to guess for 2 seconds on every auth send after that.
So it kinda reversed now, aireplay guesses only when an auth is send.
This will take a lot of time, but is successful.
Not the way it should be used

The packet I tried to decrypt was just a simple ping to the ap from inside of the network.

Hope this helps,

scope