NetStumbler.org Forums - View Single Post - New tool to crack WEP keys under GNU/Linux

topolb · 06-09-2004

ICMP are also encrypted, yes.
The error you have capturing packets with weplab is because of the DATA LINK type that libpcap detects in this interface is not the rigth one (for weplab). Have you enabled the interface with ifconfig wlan0 up? have you initialized it and set up in the rigth channel? What DATALINK type gives you tcpdump sniffing in this interface? what wireless chipset do you have?

About the other error analyzing the pcap file created by ethereal it can be produced because:
a) your card (chipset) is prepending some "header" in each packet. For example, in the case of prism2 card, depending on how have put your card in monitor mode, a special header in added before each packet. --prismheader should be used to inform weplab about that.
b) Sometimes the wireless card's driver does not set propertly the WEP flag bit on encrypted logged packets so weplab does not know that is was encrypted.

Could you please send me a 3 or 4MB file in pcap format with some logged encrypted packets? I would like to see what's wrong.

I will be pleased if you post or send me by email your suggestions about the command line syntax (I know it sucks) or any other feature of the problem.

A new version with some improvements will be released today (If the final tests go fine) in sourceforge.

Thank you very much for your tests and opinions.

06-09-2004	#11 (permalink)
topolb Registered Member Join Date: Jun 2004 Posts: 67	ICMP are also encrypted, yes. The error you have capturing packets with weplab is because of the DATA LINK type that libpcap detects in this interface is not the rigth one (for weplab). Have you enabled the interface with ifconfig wlan0 up? have you initialized it and set up in the rigth channel? What DATALINK type gives you tcpdump sniffing in this interface? what wireless chipset do you have? About the other error analyzing the pcap file created by ethereal it can be produced because: a) your card (chipset) is prepending some "header" in each packet. For example, in the case of prism2 card, depending on how have put your card in monitor mode, a special header in added before each packet. --prismheader should be used to inform weplab about that. b) Sometimes the wireless card's driver does not set propertly the WEP flag bit on encrypted logged packets so weplab does not know that is was encrypted. Could you please send me a 3 or 4MB file in pcap format with some logged encrypted packets? I would like to see what's wrong. I will be pleased if you post or send me by email your suggestions about the command line syntax (I know it sucks) or any other feature of the problem. A new version with some improvements will be released today (If the final tests go fine) in sourceforge. Thank you very much for your tests and opinions.