1TKIPTUN-NG(8)               System Manager's Manual              TKIPTUN-NG(8)
2
3
4

NAME

6       tkiptun-ng - inject a few frames into a WPA TKIP network with QoS
7

SYNOPSIS

9       tkiptun-ng [options] <replay interface>
10

DESCRIPTION

12       tkiptun-ng is a tool created by Martin Beck aka hirte, a member of air‐
13       crack-ng team. This tool is able to inject a few frames into a WPA TKIP
14       network with QoS. He worked with Erik Tews (who created PTW attack) for
15       a conference in PacSec 2008: "Gone in 900 Seconds, Some  Crypto  Issues
16       with WPA".
17

OPERATION

19       -H, --help
20              Shows the help screen.
21
22       Filter options:
23
24       -d <dmac>
25              MAC address of destination.
26
27       -s <smac>
28              MAC address of source.
29
30       -m <len>
31              Minimum packet length.
32
33       -n <len>
34              Maximum packet length.
35
36       -t <tods>
37              Frame control, "To" DS bit.
38
39       -f <fromds>
40              Frame control, "From" DS bit.
41
42       -D     Disable AP Detection.
43
44       Replay options:
45
46       -x <nbpps>
47              Number of packets per second.
48
49       -p <fctrl>
50              Set frame control word (hex).
51
52       -a <bssid>
53              Set Access Point MAC address.
54
55       -c <dmac>
56              Set destination MAC address.
57
58       -h <smac>
59              Set source MAC address.
60
61       -e <essid>
62              Set target SSID.
63
64       -M <sec>
65              MIC error timeout in seconds. Default: 60 seconds
66
67       Debug options:
68
69       -K <prga>
70              Keystream for continuation.
71
72       -y <file>
73              Keystream file for continuation.
74
75       -j     Inject FromFS packets.
76
77       -P <PMK>
78              Pairwise  Master  key  (PMK)  for  verification or vulnerability
79              testing.
80
81       -p <PSK>
82              Preshared key (PSK) to calculate PMK with essid.
83
84       Source options:
85
86       -i <iface>
87              Capture packets from this interface.
88
89       -r <file>
90              Extract packets from this pcap file.
91

AUTHOR

93       This manual page  was  written  by  Thomas  d'Otreppe.   Permission  is
94       granted to copy, distribute and/or modify this document under the terms
95       of the GNU General Public License, Version 2 or any later version  pub‐
96       lished  by the Free Software Foundation On Debian systems, the complete
97       text of the GNU General Public License can be found in  /usr/share/com‐
98       mon-licenses/GPL.
99

SEE ALSO

101       airbase-ng(8)
102       aireplay-ng(8)
103       airmon-ng(8)
104       airodump-ng(8)
105       airodump-ng-oui-update(8)
106       airserv-ng(8)
107       airtun-ng(8)
108       besside-ng(8)
109       easside-ng(8)
110       wesside-ng(8)
111       aircrack-ng(1)
112       airdecap-ng(1)
113       airdecloak-ng(1)
114       airolib-ng(1)
115       besside-ng-crawler(1)
116       buddy-ng(1)
117       ivstools(1)
118       kstats(1)
119       makeivs-ng(1)
120       packetforge-ng(1)
121       wpaclean(1)
122       airventriloquist(8)
123
124
125
126Version 1.6.0                    January 2020                    TKIPTUN-NG(8)
Impressum