Page 22 of 25

IV packet count

PostPosted: Sat May 21, 2005 6:05 pm
by wirelesssguru
After many repeat airodumps.... it seems I can only get around 130,000 unique IV's.... i gathered bewteen 5 and 10 meg many times and only get 130k .... any ideas... thanks

PostPosted: Thu May 26, 2005 5:11 pm
by laptopguy
stephenb821 wrote:D-Link DWL G650 Rev C2 work well



Wish it worked with Rev B5.

PostPosted: Thu Jun 02, 2005 6:42 pm
by Cable Dog
fantasy2 wrote:I was wondering, how could I perform a ping flood when I'm not even connected to a wep encrypted router?

I'm using ICMP ping flood.

Is it just that I have to broadcast packages to get a response?




You can take any captured packet and send it back into the wireless network. The packet you capture and send back will be encrypted and if you analyze it,you should have a good guess to what it contains. ARP requests is best, you will usually get responses from other host's on the network. You can get a ton of responses like this and alot of IV's. If im not mistaking, I think Airplay uses this method.

By the way,you will need two cards and I "think" you need Prizm2 card to send for aireplay, but OpenBSD Wnet, reinj program does the same as aireplay but you only need one Prizm2 card.

DSL-122 Prism2 USB driver?

PostPosted: Fri Jun 03, 2005 3:37 am
by freddylocks
Hi everyone,

Does anyone have any suggestions how to get this USB card working?

I have tried installing the default dlink drivers which for windows allows the card to work fine, however when i try to run airodump it just says that it the drivers are not valid.
I tried downloading the drivers from the agere site, and when i try the install i can't work out which driver to install with, i tried with the agere 801 and 802 drivers, the dlink drivers only cover the 660, does anyone have any suggestions as to which driver to use for the DWL-122?

Many Thanks
Freddy

PostPosted: Sun Jun 05, 2005 10:52 pm
by Chillout
As far as I know, USB is not supported.

PostPosted: Tue Jun 07, 2005 6:52 pm
by NetNinja
http://img169.echo.cx/my.php?image=peekdlldebug2ud.jpg
There's no way for injection for now I think :(



[quote="HaxorMachine"]Devine -- I've been digging thru the peek drivers and would like to take a look at how your code is calling peek functions. I've studied airsnort's code, and assume you are doing something similar with airodump/Windows. I also noticed that the DLL has an interesting function "PeekPacketSend" that I'm wondering if anyone has played with. My first thought was that Airopeek NX used it for packet injection, but after playing with it a bit it appears that Airopeek "sends" are sent over any type of interface (and cannot be mgmt/control frames) -- ie it's using a normal NDIS TX method. Makes me wonder what the PeekPacketSend function is really for.....Perhaps it's a way to Windows 802.11 injection ]

PostPosted: Sat Jun 11, 2005 2:28 pm
by MrSandman.Net
Noob here.
I am using the RoamAbout card, how do i run airodump?
I guess i dont quite understand the syntax. I can run it in Linux by using
Code: Select all
iwpriv eth0 monitor 1 <AP channel> [mac]

and then running airopeek eth1 1 6 test.pcap {mac}

But i cant seem to do this in windows. im not sure im putting the proper
<nic index >

thanks, i got my firesuit on for the flames. :eek:

PostPosted: Wed Jun 15, 2005 3:39 am
by Chillout
Are you sure you've put the mac in like this:

xx:xx:xx:xx:xx:xx

I've had some problems with this in the past, hope it helps ya.

aircrack/win 2.2 beta coming soon??

PostPosted: Sun Jun 26, 2005 5:04 pm
by flakeys
any schedule devine?

meaning of "ENCryption" column of airodump 2.1

PostPosted: Mon Jun 27, 2005 12:07 am
by Joe42
Sometimes the encryption column of Airodump 2.1 will show "WPA" whereas I know for sure that the network is actually using WEP-128. Is the information unreliable?

If I see the IV count increasing, does it always mean that the network is WEP-crackable? Or should I try aircrack to see a warning of WPA-encrypted frames?

Thanks,

PostPosted: Mon Jun 27, 2005 12:40 am
by Dutch
Joe42 wrote:Sometimes the encryption column of Airodump 2.1 will show "WPA" whereas I know for sure that the network is actually using WEP-128. Is the information unreliable?

If I see the IV count increasing, does it always mean that the network is WEP-crackable? Or should I try aircrack to see a warning of WPA-encrypted frames?

Thanks,

If you read through all the posts in this thread, you would have your answer. It's been discussed before. We don't spoonfeed here.

Dutch

PostPosted: Tue Jun 28, 2005 2:51 am
by BLKMGK
Joe42 wrote:Sometimes the encryption column of Airodump 2.1 will show "WPA" whereas I know for sure that the network is actually using WEP-128. Is the information unreliable?

If I see the IV count increasing, does it always mean that the network is WEP-crackable? Or should I try aircrack to see a warning of WPA-encrypted frames?

Thanks,


I see the same thing in both Windows and Linux - including escalating numbers of IVs being collected. After a little head scratching I figured out what's going on although it's pretty odd. I am sniffing with 802.11b cards however my laptop and router happen to be capable of running 802.11G and are (duh). For some reason the G traffic looks like WPA encrypted traffic to the B card. How exactly the B card picks up G I dunno' but Aireplay will even show me packets (lol). I've yet to correct this and use Aireplay on Linux but I did correct this and whack my WEP key on Windows just fine. I will be duplicatnig this in Linux with Aireplay sometime soon.

One thing I also intend to try in the future is whacking my G traffic sniffing with an Orinoco B/G card and perhaps trying to de-auth with a B card. If I can capture a B packet and replay it back while G traffic is running I'll try that too. I suspect that the router will respond to the B traffic just fine but I wish to verify this. :cool:

PostPosted: Tue Jul 05, 2005 1:48 am
by RFC3457
Hi folks,

I need some help with driver problems. I have read the whole thread but couldn't find any hint for solving these issues.

I am using a Compaq nc4010 with a built in Intel Pro Wireless
2220 BG under XP. Haven't tried this card yet as I need it in operational mode and can't effort to "play" around with the config unless it's bulletproof to get it working.

I got also a Netgear WG511 (Version1) but it doesn't seem to be compatible with the Agere drivers. I also tried a Netgear WAG511T which is supposed to use the Atheros Chipset. However downloading appropriate drivers from Wildpacket just results in a error message "The system cannot find the file specified". This looks to me as XP tries to use the driver but finally fails to accept it for whatever reasons.

So I tried a DLINK AirPlus DWL-G650 rev.C. Same result although the brand and type is listed on the wildpacket website with the small difference that they tested rev.B.

I am wondering if somebody else got the above cards working with the driver necessary to run Peek ?

Anyone experience with the DLINK card - may be worth a thought to downgrade the firmware ?

Any help much appreciated.

Thanks. :)

PostPosted: Tue Jul 05, 2005 4:42 am
by King_Ice_Flash
Try getting airopeek working first. If AiroPeek doesn't work, then AiroDump won't work. I have little experience working with Atheros cards. You will probably have to contact WildPackets.

PostPosted: Wed Jul 06, 2005 3:55 am
by RFC3457
At least Aeropeek seems now to be happy accepting the driver under Windows 2000 (W2K). I guess some registry messup caused the problems under XP :-(

Anyay, now got the driver working under W2K, I can't use the D-LINK Wireless Utility anylonger :eek:

Is this because W2K doesn't have built in 802.11 support and the D-Link utility doesn't work with the Wildpacket driver ? :confused:

I am actually admin of the the network which I try to penetrate and I shuffled around huge amounts of datas across the whole broadcast domain. Also pinged the AP on a very frequent base but airodump doesn't come up with any IV's found.

Wondering if Aeropeek is actually collecting datas - just confused as the wireless card seems to have no Layer1 Link established ( refering to ipconfig /all Media state: Cable disconnected)

Regards,

[UPDATE :]

I managed to get the D-LINK Air Plus DWL-G650 card working under W2K with the Wildpacket driver. Airdump starts and seems to be working (No Iv's).

Like under W2K ipconfig output "Cable not connected" :confused:

Please can people give input who claimed they can't "use the card regulary" but can use it under Airdump for scanning IV's . :)