1TKIPTUN-NG(1)               General Commands Manual              TKIPTUN-NG(1)
2
3
4

NAME

6       tkiptun-ng - inject a few frames into a WPA TKIP network with QoS
7

SYNOPSIS

9       tkiptun-ng [options] <replay interface>
10

DESCRIPTION

12       tkiptun-ng is a tool created by Martin Beck aka hirte, a member of air‐
13       crack-ng team. This tool is able to inject a few frames into a WPA TKIP
14       network with QoS. He worked with Erik Tews (who created PTW attack) for
15       a conference in PacSec 2008: "Gone in 900 Seconds, Some  Crypto  Issues
16       with WPA".
17

OPERATION

19       -H, --help
20              Shows the help screen.
21
22       Filter options:
23
24       -d <dmac>
25              MAC address of destination.
26
27       -s <smac>
28              MAC address of source.
29
30       -m <len>
31              Minimum packet length.
32
33       -n <len>
34              Maximum packet length.
35
36       -t <tods>
37              Frame control, "To" DS bit.
38
39       -f <fromds>
40              Frame control, "From" DS bit.
41
42       -D     Disable AP Detection.
43
44       Replay options:
45
46       -x <nbpps>
47              Number of packets per second.
48
49       -p <fctrl>
50              Set frame control word (hex).
51
52       -a <bssid>
53              Set Access Point MAC address.
54
55       -c <dmac>
56              Set destination MAC address.
57
58       -h <smac>
59              Set source MAC address.
60
61       -F     Choose first matching packet.
62
63       -e <essid>
64              Set target SSID.
65
66       Debug options:
67
68       -K <prga>
69              Keystream for continuation.
70
71       -y <file>
72              Keystream file for continuation.
73
74       -j     Inject FromFS packets.
75
76       -P <PMK>
77              Pairwise  Master  key  (PMK)  for  verification or vulnerability
78              testing.
79
80       -p <PSK>
81              Preshared key (PSK) to calculate PMK with essid.
82
83       Source options:
84
85       -i <iface>
86              Capture packets from this interface.
87
88       -r <file>
89              Extract packets from this pcap file.
90

AUTHOR

92       This manual page  was  written  by  Thomas  d'Otreppe.   Permission  is
93       granted to copy, distribute and/or modify this document under the terms
94       of the GNU General Public License, Version 2 or any later version  pub‐
95       lished  by the Free Software Foundation On Debian systems, the complete
96       text of the GNU General Public License can be found in  /usr/share/com‐
97       mon-licenses/GPL.
98

SEE ALSO

100       airbase-ng(1)
101       aircrack-ng(1)
102       airdecap-ng(1)
103       airdecloak-ng(1)
104       airdriver-ng(1)
105       aireplay-ng(1)
106       airmon-ng(1)
107       airodump-ng(1)
108       airolib-ng(1)
109       airserv-ng(1)
110       airtun-ng(1)
111       buddy-ng(1)
112       easside-ng(1)
113       ivstools(1)
114       kstats(1)
115       makeivs-ng(1)
116       packetforge-ng(1)
117       wesside-ng(1)
118
119
120
121Version 1.1                       April 2010                     TKIPTUN-NG(1)
Impressum