Quote:
|
Originally Posted by grcore
I noticed that the -3 "classic" attack now requires an associated client MAC (-h), I would not think that this is necessary, rather it should be optional.
|
Actually, aircrack can't just guess the MAC of a valid, associated station, because the source MAC in the ARP request often comes from a machine on the wired side. Hence the need for -h.
Quote:
|
Originally Posted by grcore
It seems the -1 fake association does not work an many APs, and with some it reports successful association but no ARPs are generated.
|
Sure, you need some traffic on the wired side so that the AP will re-transmit broadcast packets (such as arp requests).
Quote:
|
Originally Posted by grcore
With the -0 "deauth" function, it would be nice to be able to specify a single AP or BSSID to focus on.
|
That's option -a, although it doesn't disable the AP/station auto-detection.
Quote:
|
Originally Posted by grcore
nice work though!
|
Thanks!