Man Linux: Main Page and Category List

NAME

       tkiptun-ng - inject a few frames into a WPA TKIP network with QoS

SYNOPSIS

       tkiptun-ng [options] <replay interface>

DESCRIPTION

       tkiptun-ng  is  a  tool  created  by Martin Beck aka hirte, a member of
       aircrack-ng team. This tool is able to inject a few frames into  a  WPA
       TKIP  network  with  QoS.  He  worked  with  Erik Tews (who created PTW
       attack) for a conference in PacSec 2008: "Gone  in  900  Seconds,  Some
       Crypto Issues with WPA".

OPERATION

       -H, --help
              Shows the help screen.

       Filter options:

       -d <dmac>
              MAC address of destination.

       -s <smac>
              MAC address of source.

       -m <len>
              Minimum packet length.

       -n <len>
              Maximum packet length.

       -t <tods>
              Frame control, "To" DS bit.

       -f <fromds>
              Frame control, "From" DS bit.

       -D     Disable AP Detection.

       Replay options:

       -x <nbpps>
              Number of packets per second.

       -p <fctrl>
              Set frame control word (hex).

       -a <bssid>
              Set Access Point MAC address.

       -c <dmac>
              Set destination MAC address.

       -h <smac>
              Set source MAC address.

       -F     Choose first matching packet.

       -e <essid>
              Set target SSID.

       Debug options:

       -K <prga>
              Keystream for continuation.

       -y <file>
              Keystream file for continuation.

       -j     Inject FromFS packets.

       -P <PMK>
              Pairwise  Master  key  (PMK)  for  verification or vulnerability
              testing.

       -p <PSK>
              Preshared key (PSK) to calculate PMK with essid.

       Source options:

       -i <iface>
              Capture packets from this interface.

       -r <file>
              Extract packets from this pcap file.

AUTHOR

       This manual page  was  written  by  Thomas  d’Otreppe.   Permission  is
       granted to copy, distribute and/or modify this document under the terms
       of the GNU General Public License,  Version  2  or  any  later  version
       published  by  the  Free  Software  Foundation  On  Debian systems, the
       complete text of the  GNU  General  Public  License  can  be  found  in
       /usr/share/common-licenses/GPL.

SEE ALSO

       airbase-ng(1)
       aircrack-ng(1)
       airdecap-ng(1)
       airdecloak-ng(1)
       airdriver-ng(1)
       aireplay-ng(1)
       airmon-ng(1)
       airodump-ng(1)
       airolib-ng(1)
       airserv-ng(1)
       airtun-ng(1)
       buddy-ng(1)
       easside-ng(1)
       ivstools(1)
       kstats(1)
       makeivs-ng(1)
       packetforge-ng(1)
       wesside-ng(1)