Aircrack/Packet Injection Testing: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
==Basic Injection Test== | |||
In order to confirm that packet injection works, you can use aireplay-ng in packet injection test mode (mode 9). The command looks like this: | In order to confirm that packet injection works, you can use aireplay-ng in packet injection test mode (mode 9). The command looks like this: | ||
| Line 21: | Line 23: | ||
12:47:08 29/30: 96% | 12:47:08 29/30: 96% | ||
</pre> | </pre> | ||
==Attack Tests== | |||
Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset). | |||
Look for it in the list: | |||
<pre> | |||
$ airmon-ng | |||
</pre> | |||
In my case it was called <code>wlan3</code>. Now bring it online: | |||
<pre> | |||
$ airmon-ng start wlan3 | |||
</pre> | |||
This will rename the device to <code>wlan3mon</code>. List wireless devices again: | |||
<pre> | |||
$ airmon-ng | |||
</pre> | |||
Now get both cards listening on the same channel. Run a quick <code>airodump-ng</code> command for the new wireless card to ensure it's listening on the right channel: | |||
<pre> | |||
$ airdoump-ng -bssid AA:BB:CC:DD:EE -c 7 -w /tmp/junk wlan3mon | |||
</pre> | |||
and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel. | |||
Revision as of 20:01, 30 July 2015
Basic Injection Test
In order to confirm that packet injection works, you can use aireplay-ng in packet injection test mode (mode 9). The command looks like this:
$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon
where -9 or --test tells it to operate in packet injection test mode, -a AA:BB:CC:DD:EE is the MAC address of the target access point, wlan2mon is the wireless device that has already been put into monitoring mode with airomon-ng.
Here's what the output should look like:
$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon 12:47:05 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 7 12:47:05 Trying broadcast probe requests... 12:47:06 Injection is working! 12:47:07 Found 1 AP 12:47:07 Trying directed probe requests... 12:47:07 AA:BB:CC:DD:EE - channel: 7 - 'Walrus' 12:47:08 Ping (min/avg/max): 0.891ms/15.899ms/32.832ms Power: -21.72 12:47:08 29/30: 96%
Attack Tests
Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset).
Look for it in the list:
$ airmon-ng
In my case it was called wlan3. Now bring it online:
$ airmon-ng start wlan3
This will rename the device to wlan3mon. List wireless devices again:
$ airmon-ng
Now get both cards listening on the same channel. Run a quick airodump-ng command for the new wireless card to ensure it's listening on the right channel:
$ airdoump-ng -bssid AA:BB:CC:DD:EE -c 7 -w /tmp/junk wlan3mon
and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel.