Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Deauthentication via void11

You probably noticed that the IV count doesn't rise very quickly under normal traffic conditions. In fact, it could take several hours or even days, to capture enough data from most wireless LANs for a successful WEP key crack under normal conditions. But fortunately, there are a few tools at our disposal to speed things along.

The easiest way to speed up packet generation is for the Target WLAN to be a busy one. We can simulate this by running a continuous ping or starting a large file download on the Target. Keep airodump running on Auditor-A and notice the rate that the IV count is rising. Then start your file download via bittorrent or just download an .ISO file of your favorite Linux distribution or movie trailer.

Alternatively, a continuous ping can be done in Windows by entering the following into a command window:

ping -t -l 50000 ADDRESS_OF_ANOTHER_LAN_CLIENT

where ADDRESS_OF_ANOTHER_LAN_CLIENT is replaced by the IP address of the AP, router or any other pingable client on the LAN.

Either of these methods will cause the IV count to rise a bit faster. But since they require access to the very WLAN that you are trying to obtain the WEP key for, they're useful only to illustrate that more traffic = more IVs. What is needed is a traffic-generation method that requires only the information that we've obtained via Kismet.

This is where void11 comes in. Void11 is used to force a de-authentication of wireless clients from their associated AP,i.e. the clients are "kicked off" the AP. After being kicked off the wireless network, a wireless client will automatically try to reassociate with the AP. In the process of re-association, data traffic will be generated. This process is commonly referred to as a de-authentication or deauth attack. Here's how it's done.

void11 usage

Figure 6: void11 usage
(click image to enlarge)

Start Auditor-B with its Wi-Fi card and Auditor CD inserted. Once Auditor is up, open a shell and type in the following commands:

Commands for setting up a void11 deauth attack
switch-to-hostap
cardctl eject
cardctl insert
iwconfig wlan0 channel THECHANNELNUM
iwpriv wlan0 hostapd 1
iwconfig wlan0 mode master
void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0

NOTE!NOTE: Replace THECHANNELNUM with the channel number of your Target WLAN, and MACOFSTATION and MACOFAP with the MAC addresses of the Target WLAN client and AP respectively, i.e.

void11_penetration -D -s 00:90:4b:c0:c4:7f -B 00:c0:49:bf:14:29 wlan0

Tip! Tip: You may see an invalid argument error while running void11 on the Auditor Security Collection. Don't worry about this error, as void11 is working, which we'll verify next.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi everyone,Just recently connected 2 AX86U via 2.5GBE backhaul as AiMesh, and the connection quality appears as "Great" according to the firmware.How...
When inspecting the beacon frames from RT-AC86U, MU Beamforming is reported as "not supported".Although the relevant settings in web ui are at "enable...
Hi,I want to be able to fully leverage Diversion but also be able to manage my kids' devices to block them from certain websites on certain devices th...
I got a 1000 Mbps line since a couple of weeks and I use the Asus RT-N66U.But what strikes me is that the upload speed is constantly 940 Mbps while th...
Unbound install through amtm sets the path in service-event to /jffs/scripts/unbound_stats.sh , the correct path is /jffs/addons/unbound/unbound_stats...

Don't Miss These

  • 1
  • 2
  • 3