Page 19 of 23

Minimum IV keys needed

PostPosted: Fri Jul 01, 2005 7:24 am
by flakeys
Does anyone have a clue?
I have 100,000 and it runs for hours.

PostPosted: Sat Aug 20, 2005 1:18 am
by MainSail
Is there a way to see wich version of aircrack you are using ?
I installed the 2.23 version but it still shows 2.2 :confused:

PostPosted: Sun Aug 21, 2005 8:11 am
by Weifei
MainSail,

yes, there is a way:

Apply this patch and you are done from now on...

Cheers
Weifei

PostPosted: Sun Aug 21, 2005 8:36 pm
by Bubster
Hi,
I'm using a DWL-650 V.P1 Prism2 based card and everything seems to work fine until I try aireplay. There is no traffic on this router as it is my personal network. When I start aireplay, it reads and sends packets yet I hardly ever get any ARP's/IV's.

I'm using the new Whax iso.

Anybody have the same problem or some enlightenment? Thanks

PostPosted: Mon Aug 22, 2005 1:11 am
by Dutch
Bubster wrote:Hi,
I'm using a DWL-650 V.P1 Prism2 based card and everything seems to work fine until I try aireplay. There is no traffic on this router as it is my personal network. When I start aireplay, it reads and sends packets yet I hardly ever get any ARP's/IV's.

I'm using the new Whax iso.

Anybody have the same problem or some enlightenment? Thanks


No traffic = no ARP request for aireplay to pick up, and reinject.
Read the Aircrack suite documentation, in order to find out what options you have for generating traffic, which can then be used to get an ARP to reinject. It's quite clearly explained there.
We don't spoonfeed, when it is explained clearly in the documentation.

Dutch

PostPosted: Mon Aug 22, 2005 8:38 am
by MainSail
Weifei wrote:MainSail,

yes, there is a way:

Apply this patch and you are done from now on...

Cheers
Weifei


He Thanks !!!! :) :)

aireplay... curious results

PostPosted: Tue Aug 23, 2005 4:56 am
by Taran
I'm a bit confused by the results I get when I use aireplay. I am using one notebook with a Prism2 card to run aireplay and another notebook with an Intel 2200 B/G card running Kismet for capture. I capture an appropriate ARP packet and replay it without issue, however Kismet does not see any unique IV's being captured. For every "Cryptd" packet it shows captured for the network, it shows a "Dupe IV" packet as well. I'm sure there is something obvious I'm missing, but I've read this entire thread and the documentation and cannot determine what I'm doing wrong. Any help would be appreciated. Thank you.

PostPosted: Tue Aug 23, 2005 5:02 am
by devine
Taran wrote:For every "Cryptd" packet it shows captured for the network, it shows a "Dupe IV" packet as well.


This is normal. It shows that the packet is being injected. You don't get a response, either because your source MAC is not associated, or the destination IP doesn't respond.

PostPosted: Tue Aug 23, 2005 5:12 am
by Taran
devine wrote:This is normal. It shows that the packet is being injected. You don't get a response, either because your source MAC is not associated, or the destination IP doesn't respond.


So, just to clearify for me, the aireplay ARP attack is meant to get 1 Dupe IV (the replay packet) for every 1 Unique IV (the ARP response), correct?

PostPosted: Mon Aug 29, 2005 9:33 am
by thezerogorup
airodump collects many packets but no WEP keys using the ipw2200 drivers. . . any ideas on where I can start looking to find out why. My card is defiantly working in monitor mode. . . hence the packets I’m collecting. I tried everything on my home network to generate as much traffic as possible, but after 3 days of collecting no IVs

PostPosted: Mon Aug 29, 2005 10:08 am
by wham
thezerogorup wrote: My card is defiantly working in monitor mode

Did you tell it not to?

PostPosted: Thu Sep 15, 2005 12:41 pm
by magicmilo
OK - first post... let's see if I got my ducks in order.

- I searched and searched for a similar issue and could find none.
- I read threads that may have addressed my situation, ditto.
- I own the AP, the wireless card and computer I was running airodump/aircrack against.
- The network I was testing was my own, and I alone selected the WEP key for my AP.

I use the newest version of Auditor (auditor-200605-02-ipw2100), and have updated my version of aircrack to 2.3. I used a HP tc1100 PC for the "auditing". The AP is a Linksys WRT54G.

I captured three separate .ivs files of 549k, 1.45M, and 7.7M IVs. I used packet injection in one instance and downloading files for the other two. Since I know what the WEP key is, aircrack incorrectly guessed the first key-byte and goes to only 10 key-bytes before it starts doing it's thing. I would think it would go to 12, but i may be wrong.

I've tried all of the korek cracks, -k1 though 17. I've tried raising and lowering the fudge factor. Should I just try this on another AP? I've heard that Linksys is difficult to crack for some reason. Anyways, I hope that covers my question - i feel like George Castanza asking the Soup Nazi for bread! Thanks, folks!

PostPosted: Thu Sep 15, 2005 1:17 pm
by Thorn
magicmilo wrote:... Anyways, I hope that covers my question - i feel like George Castanza asking the Soup Nazi for bread! Thanks, folks!
Who (what) are George Castanza and Soup Nazi?

PostPosted: Thu Sep 15, 2005 1:19 pm
by wrzwaldo
Thorn wrote:Who (what) are George Castanza and Soup Nazi?



No soup for you. One year!

http://www.stanthecaddy.com/the-soup-nazi.html

PostPosted: Thu Sep 15, 2005 2:50 pm
by streaker69
Thorn wrote:Who (what) are George Castanza and Soup Nazi?


You really don't watch TV up there do ya?