packetforge-ng

packetforge-ng [options]

-0
    ARP request mode (default). Forges an ARP request packet.

-a
    Access Point BSSID. The MAC address of the access point.

-h
    Source MAC address. The MAC address to use as the source in the forged packet.

-k
    Destination MAC address. The MAC address to use as the destination in the forged packet.

-l
    Source IP address. The IP address to use as the source in the forged packet.

-m
    Destination IP address. The IP address to use as the destination in the forged packet.

-n
    Number of packets to forge. Defaults to 1 if not specified.

-w
    WEP key (for encrypted networks). Use with caution. Only supports WEP encryption, not WPA/WPA2.

-y
    PRGA file (for encrypted networks). Use with caution. Only supports WEP encryption, not WPA/WPA2.

-f
    Set the fragmented bit. Useful in some attacks.

-t
    Set the TTL. Useful when using -f, else default value.

-s
    Set the Source Port. Default 0.

-d
    Set the Destination Port. Default 0.

-p
    UDP mode. This is required in order to use port (-s and -d) parameters.

-o

    Output pcap file. Writes captured packets to a pcap file.

-help
    Displays the help menu.

packetforge-ng is a tool within the Aircrack-ng suite designed for forging packets. It's primarily used in wireless network security testing and penetration testing to create custom packets for injection, often to stimulate ARP requests or other traffic. The forged packets can then be used to trigger responses from wireless clients or access points, which can then be captured and analyzed by other tools like airodump-ng or aircrack-ng.

It can be used to generate various types of packets, including ARP requests, UDP packets, and custom packets defined through command-line options. This allows testers to create highly specific traffic patterns for exploiting vulnerabilities or gathering information about a wireless network. packetforge-ng works on the principle of injecting packets into a wireless network, which requires understanding of wireless protocols and network architecture.

packetforge-ng is primarily used for WEP networks and has limited functionality with WPA/WPA2 networks. Incorrect usage can disrupt network operations. Requires appropriate permissions to inject packets. Injection may not work on all wireless cards or drivers.

Example 1: Forge an ARP request packet.
packetforge-ng -0 -a 00:11:22:33:44:55 -h 66:77:88:99:AA:BB -k CC:DD:EE:FF:00:11 -l 192.168.1.10 -m 192.168.1.1

Example 2: Forge a UDP packet.
packetforge-ng -p -a 00:11:22:33:44:55 -h 66:77:88:99:AA:BB -k CC:DD:EE:FF:00:11 -l 192.168.1.10 -m 192.168.1.1 -s 1234 -d 5678

Example 3: Forge multiple ARP request packets and save to a pcap file.
packetforge-ng -0 -a 00:11:22:33:44:55 -h 66:77:88:99:AA:BB -k CC:DD:EE:FF:00:11 -l 192.168.1.10 -m 192.168.1.1 -n 100 -o forged_arp.pcap

packetforge-ng is part of the Aircrack-ng suite, which has been developed and maintained by a team of security researchers and developers since 2006. The tool has evolved over time to adapt to changes in wireless security protocols and hardware. It is a widely used tool in the wireless security community.

aireplay-ng(8), airodump-ng(8), aircrack-ng(1)