Aircrack/Packet Injection Testing

From charlesreid1

Basic Injection Test

In order to confirm that packet injection works, you can use aireplay-ng in packet injection test mode (mode 9). The command looks like this: 

$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon

where -9 or --test tells it to operate in packet injection test mode, -a AA:BB:CC:DD:EE is the MAC address of the target access point, wlan2mon is the wireless device that has already been put into monitoring mode with airomon-ng.

Here's what the output should look like: 

$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon 
12:47:05  Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 7
12:47:05  Trying broadcast probe requests...
12:47:06  Injection is working!
12:47:07  Found 1 AP 

12:47:07  Trying directed probe requests...
12:47:07  AA:BB:CC:DD:EE - channel: 7 - 'Walrus'
12:47:08  Ping (min/avg/max): 0.891ms/15.899ms/32.832ms Power: -21.72
12:47:08  29/30:  96%

Attack Tests

Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset).

File:TwoWirelessDongles.jpg

Setup

Look for it in the list: 

$ airmon-ng

In my case it was called wlan3. Now bring it online: 

$ airmon-ng start wlan3

This will rename the device to wlan3mon. List wireless devices again: 

$ airmon-ng

If you want to test your new wireless card really quick, you can do: 

$ aireplay-ng -9 wlan3mon

Get Wireless Devices on Same Channel

Now get both cards listening on the same channel. Run a quick airodump-ng command for the new wireless card to ensure it's listening on the right channel: 

$ airdoump-ng -bssid AA:BB:CC:DD:EE -c 7 -w /tmp/junk wlan3mon

and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel.

Run Attack Test

Now you can run the attack test: 

$ aireplay-ng -9 -i wlan3mon wlan2mon

And the output: 

$ aireplay-ng -9 -i wlan3mon wlan2mon
13:05:50  Trying broadcast probe requests...
13:05:50  Injection is working!
13:05:51  Found 3 APs

13:05:51  Trying directed probe requests...
13:05:51  AA:BB:CC:DD:EE - channel: 7 - 'Walrus'
13:05:52  Ping (min/avg/max): 1.273ms/20.986ms/33.943ms Power: -26.67
13:05:52  30/30: 100%

13:05:52  34:95:3B:84:5C:18 - channel: 7 - ''
13:05:53  Ping (min/avg/max): 5.004ms/28.884ms/64.336ms Power: -30.13
13:05:53  30/30: 100%

13:05:53  F7:71:85:13:6A:4B - channel: 7 - 'Dee'
13:05:54  Ping (min/avg/max): 1.262ms/8.353ms/31.431ms Power: -60.40
13:05:54  25/30:  83%

13:05:54  Trying card-to-card injection...
13:05:54  Attack -0:           OK
13:05:54  Attack -1 (open):    OK
13:05:54  Attack -1 (psk):     OK
13:05:54  Attack -2/-3/-4/-6:  OK
13:05:58  Attack -5/-7:        Failed
Retrieved from "https://charlesreid1.com/w/index.php?title=Aircrack/Packet_Injection_Testing&oldid=7346"