Captured > 1,000,00 IVs / aircrack ran forever?

rvella · 04-09-2005

Hello:

I've been on this forum off and on for reference and whatnot, but I finally have a legitimate request

I've recently setup my laptop with Auditor Linux on the hard drive (not live).

Here's my setup:
ath0 - Atheros based Card
wlan0 - PRISM2 Based Card

I've been trying to break my WEP here locally, and am running into difficulty.

I've injected packets on wlan0 to stimulate ARP traffic, and replayed the packets via wlan0 to generate around 1.5 million IVs (25 weak)... I would have though that this would be enough for aircrack, but it ran for about 8 hours (fudge factor 4) with no success. Can anyone recommend anything? And as for the fudge factor, could someone explain more as to what setting I could use to get a successful result ?

- Rob

FunkyChicken · 04-19-2005

has the wlan0 card got an external antenna? make sure that the two antennas of the cards are too close esle you may have issues with capturing your own transmitted data.

goto http://www.thebroken.org/ and watch video 1 (it has a section about this and says that the two cards must be atleast 0.5m apart.

Thorn · 04-19-2005

Why in god's name would anyone who pretends to know anything about wireless recommend thebroken? That is the worst piece of crap out there. It's mindless drivel, technically inaccurate and just plain wrong in so many areas.

rvella · 04-19-2005

I changed my card configuration, and now I have 2 PRISM2 based cards. One has an external antenna, and they're far apart. I'm not picking up my own packets now, and yes, thebroken is rediculous. But now I'm picking up very little traffic, and void11 doesn't soom to be working too well. Any thoughts?

The Others · 04-19-2005

Quote:

Originally Posted by FunkyChicken

has the wlan0 card got an external antenna? make sure that the two antennas of the cards are too close esle you may have issues with capturing your own transmitted data.

goto http://www.thebroken.org/ and watch video 1 (it has a section about this and says that the two cards must be atleast 0.5m apart.

You've got a card that only has a range of 50cm? I think CAT5 would be cheaper...

devine · 04-21-2005

Quote:

Originally Posted by rvella

I've injected packets on wlan0 to stimulate ARP traffic, and replayed the packets via wlan0 to generate around 1.5 million IVs (25 weak)... I would have though that this would be enough for aircrack, but it ran for about 8 hours (fudge factor 4) with no success.

Sometimes aircrack just fails, I don't know exactly why. Must be some shit happenning with the way I implemented KoreK's attacks.

Dutch · 04-21-2005

Quote:

Originally Posted by devine

Sometimes aircrack just fails, I don't know exactly why. Must be some shit happenning with the way I implemented KoreK's attacks.

'n stuff...

Dutch

Barry · 04-21-2005

Aren't we more interested in the weak packets? I thought the program used them and not the "normal" ones. If that's the case then you only have 25 packets to work with.

wrzwaldo · 04-21-2005

I was under the impression that Korek's attacks did not rely on the weak.

Dutch · 04-21-2005

Quote:

Originally Posted by wrzwaldo

I was under the impression that Korek's attacks did not rely on the weak.

Your impression is correct. The old algorithm used in previous versions of airsnort relied on weak IV's. KoreK's attacks don't rely on weak IV's.

Dutch

Barry · 04-21-2005

Ohhhhhh....

rvella · 04-21-2005

SecurityFocus had an article, and they had great success with cracking with various fudge factors...

Can someone explain the fudge factors to me, and generally when to increase it?

King_Ice_Flash · 04-22-2005

Quote:

Originally Posted by wrzwaldo

I was under the impression that Korek's attacks did not rely on the weak.

You been living in the bat cave too long?

zamba · 05-14-2005

Quote:

Originally Posted by FunkyChicken

has the wlan0 card got an external antenna? make sure that the two antennas of the cards are too close esle you may have issues with capturing your own transmitted data.

How can you see if you're capturing your own transmitted data? I'm using kismet for capturing, and from what I can see the increase in packages comes from the network in question. And aircrack reports 500k unique IVs. They wouldn't be unique if was the same packet over and over again, would they?

Generally speaking, how can you differentiate the two? Knowing wheather it's your own data or the reply you see?

I'm btw having the same problem as the thread starter. I've gathered lots of packets, but the work aircrack has to go through seems to increase as I gather packets.

Marius

Dutch · 05-14-2005

Quote:

Originally Posted by zamba

How can you see if you're capturing your own transmitted data? I'm using kismet for capturing, and from what I can see the increase in packages comes from the network in question. And aircrack reports 500k unique IVs. They wouldn't be unique if was the same packet over and over again, would they?

Generally speaking, how can you differentiate the two? Knowing wheather it's your own data or the reply you see?

I'm btw having the same problem as the thread starter. I've gathered lots of packets, but the work aircrack has to go through seems to increase as I gather packets.

Marius

Use ethereal or any other protocol analysis program to look at the data.

Dutch

04-09-2005	#1 (permalink)
rvella Registered Member Join Date: Jun 2003 Posts: 10	Captured > 1,000,00 IVs / aircrack ran forever? Hello: I've been on this forum off and on for reference and whatnot, but I finally have a legitimate request I've recently setup my laptop with Auditor Linux on the hard drive (not live). Here's my setup: ath0 - Atheros based Card wlan0 - PRISM2 Based Card I've been trying to break my WEP here locally, and am running into difficulty. I've injected packets on wlan0 to stimulate ARP traffic, and replayed the packets via wlan0 to generate around 1.5 million IVs (25 weak)... I would have though that this would be enough for aircrack, but it ran for about 8 hours (fudge factor 4) with no success. Can anyone recommend anything? And as for the fudge factor, could someone explain more as to what setting I could use to get a successful result ? - Rob __________________ Rig: Laptop Model: Dell Latitude C800 OS: Auditor Linux Processor: PIII 850 (700 on battery) Memory: 256MB Wireless Cards: - ZyXEL B-101 802.11B w/ External Antenna; HostAP) - SMC 2532W-B 200mW w/ External Antenna; HostAP) GPS Device: Magellan Map 330 Stumbling Software: Kismet / Airodump Mapping Software: GPSDrive

04-19-2005	#2 (permalink)
FunkyChicken Sharp MM10 Lover Join Date: Aug 2004 Location: Wales Posts: 58	has the wlan0 card got an external antenna? make sure that the two antennas of the cards are too close esle you may have issues with capturing your own transmitted data. goto http://www.thebroken.org/ and watch video 1 (it has a section about this and says that the two cards must be atleast 0.5m apart. __________________ Why play deathmatch when you can play dominoes?

04-19-2005	#3 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,096	Why in god's name would anyone who pretends to know anything about wireless recommend thebroken? That is the worst piece of crap out there. It's mindless drivel, technically inaccurate and just plain wrong in so many areas. __________________ Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

04-19-2005	#4 (permalink)
rvella Registered Member Join Date: Jun 2003 Posts: 10	I changed my card configuration, and now I have 2 PRISM2 based cards. One has an external antenna, and they're far apart. I'm not picking up my own packets now, and yes, thebroken is rediculous. But now I'm picking up very little traffic, and void11 doesn't soom to be working too well. Any thoughts? __________________ Rig: Laptop Model: Dell Latitude C800 OS: Auditor Linux Processor: PIII 850 (700 on battery) Memory: 256MB Wireless Cards: - ZyXEL B-101 802.11B w/ External Antenna; HostAP) - SMC 2532W-B 200mW w/ External Antenna; HostAP) GPS Device: Magellan Map 330 Stumbling Software: Kismet / Airodump Mapping Software: GPSDrive

04-21-2005	#8 (permalink)
Barry Managing the iTards. Join Date: Dec 2002 Location: Ohio Posts: 5,381	Aren't we more interested in the weak packets? I thought the program used them and not the "normal" ones. If that's the case then you only have 25 packets to work with. __________________ Atheism is a non-prophet organization.

04-21-2005	#9 (permalink)
wrzwaldo I amuse you? Join Date: Dec 2003 Posts: 9,127	I was under the impression that Korek's attacks did not rely on the weak.

04-21-2005	#11 (permalink)
Barry Managing the iTards. Join Date: Dec 2002 Location: Ohio Posts: 5,381	Ohhhhhh.... __________________ Atheism is a non-prophet organization.

04-21-2005	#12 (permalink)
rvella Registered Member Join Date: Jun 2003 Posts: 10	SecurityFocus had an article, and they had great success with cracking with various fudge factors... Can someone explain the fudge factors to me, and generally when to increase it? __________________ Rig: Laptop Model: Dell Latitude C800 OS: Auditor Linux Processor: PIII 850 (700 on battery) Memory: 256MB Wireless Cards: - ZyXEL B-101 802.11B w/ External Antenna; HostAP) - SMC 2532W-B 200mW w/ External Antenna; HostAP) GPS Device: Magellan Map 330 Stumbling Software: Kismet / Airodump Mapping Software: GPSDrive

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode