tkiptun-ng - Man Page

inject a few frames into a WPA TKIP network with QoS

Synopsis

tkiptun-ng [options] <replay interface>

tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS. He worked with Erik Tews (who created PTW attack) for a conference in PacSec 2008: "Gone in 900 Seconds, Some Crypto Issues with WPA".

Operation

-H, --help: Shows the help screen.
Filter options:
-d <dmac>: MAC address of destination.
-s <smac>: MAC address of source.
-m <len>: Minimum packet length.
-n <len>: Maximum packet length.
-t <tods>: Frame control, "To" DS bit.
-f <fromds>: Frame control, "From" DS bit.
-D: Disable AP Detection.
Replay options:
-x <nbpps>: Number of packets per second.
-p <fctrl>: Set frame control word (hex).
-a <bssid>: Set Access Point MAC address.
-c <dmac>: Set destination MAC address.
-h <smac>: Set source MAC address.
-e <essid>: Set target SSID.
-M <sec>: MIC error timeout in seconds. Default: 60 seconds
Debug options:
-K <prga>: Keystream for continuation.
-y <file>: Keystream file for continuation.
-j: Inject FromFS packets.
-P <PMK>: Pairwise Master key (PMK) for verification or vulnerability testing.
-p <PSK>: Preshared key (PSK) to calculate PMK with essid.
Source options:
-i <iface>: Capture packets from this interface.
-r <file>: Extract packets from this pcap file.

Author

This manual page was written by Thomas d'Otreppe. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.

tkiptun-ng - Man Page

Synopsis

Description

Operation

Author

See Also

Referenced By