inject a few frames into a WPA TKIP network with QoS
see also :
airbase-ng - aircrack-ng - airdecap-ng - airdecloak-ng - airdriver-ng - aireplay-ng - airmon-ng - airodump-ng - airolib-ng - airserv-ng - airtun-ng - buddy-ng - easside-ng - ivstools - kstats - makeivs-ng - packetforge-ng - wesside-ng
[options] <replay interface>
add an example, a script, a trick and tips
no example yet ...
... Feel free to add your own example above to help other Linux-lovers !
is a tool created by Martin Beck aka hirte, a member of
aircrack-ng team. This tool is able to inject a few frames
into a WPA TKIP network with QoS. He worked with Erik Tews
(who created PTW attack) for a conference in PacSec 2008:
"Gone in 900 Seconds, Some Crypto Issues with
Shows the help screen.
MAC address of destination.
MAC address of source.
Minimum packet length.
Maximum packet length.
Frame control, "To" DS bit.
Frame control, "From" DS bit.
Disable AP Detection.
Number of packets per second.
Set frame control word (hex).
Set Access Point MAC address.
Set destination MAC address.
Set source MAC address.
Choose first matching packet.
Set target SSID.
Keystream for continuation.
Keystream file for continuation.
Inject FromFS packets.
Pairwise Master key (PMK) for verification or vulnerability
Preshared key (PSK) to calculate PMK with essid.
Capture packets from this interface.
Extract packets from this pcap file.
page was written by Thomas d’Otreppe. Permission is
granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License, Version 2
or any later version published by the Free Software
Foundation On Debian systems, the complete text of the GNU
General Public License can be found in