inject a few frames into a WPA TKIP network with QoS


tkiptun-ng [options]


tkiptun-ng is a tool created by Martin Beck aka hirte, a member of air‐ crack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS. He worked with Erik Tews (who created PTW attack) for a conference in PacSec 2008: "Gone in 900 Seconds, Some Crypto Issues with WPA".


-H, --help Shows the help screen. Filter options: -d MAC address of destination. -s MAC address of source. -m Minimum packet length. -n Maximum packet length. -t Frame control, "To" DS bit. -f Frame control, "From" DS bit. -D Disable AP Detection. Replay options: -x Number of packets per second. -p Set frame control word (hex). -a Set Access Point MAC address. -c Set destination MAC address. -h Set source MAC address. -e Set target SSID. -M MIC error timeout in seconds. Default: 60 seconds Debug options: -K Keystream for continuation. -y Keystream file for continuation. -j Inject FromFS packets. -P Pairwise Master key (PMK) for verification or vulnerability testing. -p Preshared key (PSK) to calculate PMK with essid. Source options: -i Capture packets from this interface. -r Extract packets from this pcap file.


airbase-ng(8) aireplay-ng(8) airmon-ng(8) airodump-ng(8) airodump-ng-oui-update(8) airserv-ng(8) airtun-ng(8) besside-ng(8) easside-ng(8) wesside-ng(8) aircrack-ng(1) airdecap-ng(1) airdecloak-ng(1) airolib-ng(1) besside-ng-crawler(1) buddy-ng(1) ivstools(1) kstats(1) makeivs-ng(1) packetforge-ng(1) wpaclean(1) airventriloquist(8)


This manual page was written by Thomas d'Otreppe. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version pub‐ lished by the Free Software Foundation On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/com‐ mon-licenses/GPL.

Copied to clipboard
free 100$ digital ocean credit