2

When I'm testing packet injection with aireplay-ng I can witness a strange behaviour on my Lenovo T510i. Several blogs report my wireless device to be capable of packet injection. But then look at this:

$> sudo airmon-ng start wlan0
$> sudo aireplay-ng -9 mon0
09:58:05  Trying broadcast probe requests...
09:58:06  No Answer...
09:58:06  Found 3 APs

09:58:06  Trying directed probe requests...
09:58:06  22:4E:7F:XX:XX:XX - channel: 6 - 'AP1234_Guest1'
09:58:13   0/30:   0%

09:58:13  64:XX:XX:XX:XX:54 - channel: 6 - 'SOMEOTHERAP'
09:58:19   0/30:   0%

09:58:19  22:4E:7F:XX:XX:XX - channel: 6 - 'AP1234'
09:58:25   0/30:   0%

However, when I do it another way it works:

$> sudo ifconfig wlan0 down
$> sudo iwconfig wlan0 mode monitor
$> sudo ifconfig wlan0 up
$> sudo aireplay-ng -9 wlan0
10:02:43  Trying broadcast probe requests...
10:02:43  Injection is working!
10:02:45  Found 3 APs

10:02:45  Trying directed probe requests...
10:02:45  22:4E:7F:XX:XX:XX - channel: 6 - 'AP1234_Guest1'
10:02:45  Ping (min/avg/max): 2.920ms/11.290ms/45.006ms Power: -41.47
10:02:45  30/30: 100%

10:02:45  22:4E:7F:XX:XX:XX - channel: 6 - 'AP1234'
10:02:45  Ping (min/avg/max): 2.988ms/9.768ms/34.242ms Power: -41.37
10:02:45  30/30: 100%

10:02:45  64:XX:XX:XX:XX:54 - channel: 6 - 'SOMEOTHERAP'
10:02:46  Ping (min/avg/max): 1.208ms/12.228ms/29.528ms Power: -66.75
10:02:46  28/30:  93%

Does someone know what is causing this behaviour?

kaidentity
  • 2,634
  • 13
  • 30
  • This would be a question for your wireless card's kernel module's developers and has nothing to do with security. The issue is that airmon-ng doesn't enable monitor mode correctly for your particular card. – André Borie Nov 04 '16 at 14:01
  • ok. Please make sure you add the same comment to the 50 other questions that are asking the same thing. – kaidentity Nov 04 '16 at 14:07
  • I will do so as I come across them. – André Borie Nov 04 '16 at 14:08

1 Answers1

0

Edit:

First, be sure that you're close enough to the AP. This question had almost the same problem and it fixed by that.

But if it didn't work, then the problem isn't from the injection itself, but from monitor mode option!

From your question, I can see that the problem was solved by replacing

$> sudo aireplay-ng -9 mon0

with 

$> sudo iwconfig wlan0 mode monitor
$> sudo ifconfig wlan0 up
$> sudo aireplay-ng -9 wlan0

In most cases, the first way causes some troubles, and some people suggest airmon-ng check kill to solve it, but it will lead to another issues.

So, the problem is within the airmon-ng package, and the solution is to set the monitor mode using a proper way.

Community
  • 1
Eibo
  • 2,485
  • 3
  • 19
  • 32
  • Okay but many many tutorials and introductions to the matter tell students to use airmon-ng and now it turns out it isn't working properly? Quite confusing... – kaidentity Sep 04 '16 at 13:02
  • The main problem is from check kill command, it's also causing problems when using airodump-ng to sniff packets. – Eibo Sep 04 '16 at 13:14
  • I was next to the AP, so distance was not the problem. – kaidentity Sep 05 '16 at 08:56