Quote:
|
Originally Posted by sylvain
I have a question about traffic generation :
How can I generate traffic when I don't have an IP address for my wireless card and can not use aireplay ?
is there any option in the ping command to specify the broacast ping from a wireless interface ? ping -b but how to precise I want to use my eth1 interface.
Moreover if I can send ping over the air without having any IP address , will the replies be encrypted ?
I'm a bit confused about the generation of traffic when we just know the SSID.
|
Well... you can't.
I mean, if the wlan is wep-protected, then the packets you send must be encrypted in order to be accepted by the other hosts.
So you cannot use tools like ping because as your wlan card driver does not know the wep key, the ICMP won't be encrypted and therefore will be ignored by other hosts.
It's clear that without the wep key you cannot create custom packets, but you can REINJECT logged ones. You can sniff the network and get an encrypted packet. You do not know what kind of packet is, it's headers or it's payload as it is encrypted, but you can reinject it in the network.
So, if you can capture a packet, for example an arp-request, and reinject it in the network, destination host will believe that is was sent by the original sender and will produce a response. That happens with arp, tcp-SYN, icmp, and so on.
Finally as you do not know which packets are usefull (arp, icmp) because they are encrypted, the only way to guess them is using their size. As far as I know that's what aireplay uses.
But I have one question... Is there any way to know if a specific packets have been replayed... in other words... can an IDS manage to detect the attack?