From: Joshua Wright (jwright@hasborg.com)
Date: Mon Feb 07 2005 - 07:06:22 EST
Arvind,
Arvind Sood wrote:
> The problem relates to creating traffic on a wireless network in case
> you dont find a lot of traffic for a good capture. Is there any way
> you can create traffic on a WEP network without knowing
> - the IP Address (address range) the Access Point and wireless clients
> are using
> - the WEP key being used (makes sense - that is why you are running a WEP crack)
Besides aireplay (not sure why you are getting a SEGFAULT, it worked OK
for me - maybe check the Aircrack documentation?), you could use
WEPWedgie. This tool was written by Anton Rager a few years ago, and
allows you to inject packets into the network after determining PRGA
from the WEP challenge/response mechanism.
http://www.sf.net/projects/wepwedgie/
The current version relies on the Airjack drivers for operation, meaning
you'll have to run it on a Linux 2.4 kernel system. I wrote a small
patch to add an option to send ICMP echo requests to the broadcast
address (since you might not know any internal addresses), which is
available at http://home.jwu.edu/jwright/code/ww-broadcasticmp.diff.
Unfortunately, Airjack has some timing issues which makes it somewhat
ineffective for injecting large quantities of packets, but this will get
you started. While at Shmoocon (you guys rock!) I started re-writing
WEPWedgie to port it to a more reliable packet injection framework (and
code cleanup) for another project, I'll make that available when I get
it finished.
Good luck,
-Josh
-- -Joshua Wright jwright@hasborg.com http://home.jwu.edu/jwright/ pgpkey: http://home.jwu.edu/jwright/pgpkey.htm fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 Today I stumbled across the world's largest hotspot. The SSID is "linksys".
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT