Provided by: aircrack-ng_1.1-6_amd64
tkiptun-ng - inject a few frames into a WPA TKIP network with QoS
tkiptun-ng [options] <replay interface>
tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS. He worked with Erik Tews (who created PTW attack) for a conference in PacSec 2008: "Gone in 900 Seconds, Some Crypto Issues with WPA".
-H, --help Shows the help screen. Filter options: -d <dmac> MAC address of destination. -s <smac> MAC address of source. -m <len> Minimum packet length. -n <len> Maximum packet length. -t <tods> Frame control, "To" DS bit. -f <fromds> Frame control, "From" DS bit. -D Disable AP Detection. Replay options: -x <nbpps> Number of packets per second. -p <fctrl> Set frame control word (hex). -a <bssid> Set Access Point MAC address. -c <dmac> Set destination MAC address. -h <smac> Set source MAC address. -F Choose first matching packet. -e <essid> Set target SSID. Debug options: -K <prga> Keystream for continuation. -y <file> Keystream file for continuation. -j Inject FromFS packets. -P <PMK> Pairwise Master key (PMK) for verification or vulnerability testing. -p <PSK> Preshared key (PSK) to calculate PMK with essid. Source options: -i <iface> Capture packets from this interface. -r <file> Extract packets from this pcap file.
This manual page was written by Thomas d'Otreppe. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
airbase-ng(8) aircrack-ng(1) airdecap-ng(1) airdecloak-ng(1) airdriver-ng(8) aireplay-ng(8) airmon-ng(8) airodump-ng(8) airolib-ng(1) airserv-ng(8) airtun-ng(8) buddy-ng(1) easside-ng(8) ivstools(1) kstats(1) makeivs-ng(1) packetforge-ng(1) wesside-ng(8)