Tkiptun-ng Description
Tkiptun-ng is the proof-of-concept implementation the WPA/TKIP attack. This attack is described in the paper, Practical attacks against WEP and WPA written by Martin Beck and Erik Tews. The paper describes advanced attacks on WEP and the first practical attack on WPA.
Source: Tkiptun-ng Wiki
Tkiptun-ng Homepage | Kali aircrack-ng Repo
- Author: Martin Beck and Erik Tews
- License: GPLv2
tkiptun-ng – inject a few frames into a WPA TKIP network with QoS
root@kali:~# tkiptun-ng --help
Tkiptun-ng 1.5.2 - (C) 2008-2015 Thomas d'Otreppe
https://www.aircrack-ng.org
usage: tkiptun-ng
Filter options:
-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length (default: 80)
-n len : maximum packet length (default: 80)
-t tods : frame control, To DS bit
-f fromds : frame control, From DS bit
-D : disable AP detection
-Z : select packets manually
Replay options:
-x nbpps : number of packets per second
-a bssid : set Access Point MAC address
-c dmac : set Destination MAC address
-h smac : set Source MAC address
-e essid : set target AP SSID
-M sec : MIC error timeout in seconds [60]
Debug options:
-K prga : keystream for continuation
-y file : keystream-file for continuation
-j : inject FromDS packets
-P pmk : pmk for verification/vuln testing
-p psk : psk to calculate pmk with essid
source options:
-i iface : capture packets from this interface
-r file : extract packets from this pcap file
--help : Displays this usage screen
Tkiptun-ng 1.5.2 - (C) 2008-2015 Thomas d'Otreppe
https://www.aircrack-ng.org
usage: tkiptun-ng
Filter options:
-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length (default: 80)
-n len : maximum packet length (default: 80)
-t tods : frame control, To DS bit
-f fromds : frame control, From DS bit
-D : disable AP detection
-Z : select packets manually
Replay options:
-x nbpps : number of packets per second
-a bssid : set Access Point MAC address
-c dmac : set Destination MAC address
-h smac : set Source MAC address
-e essid : set target AP SSID
-M sec : MIC error timeout in seconds [60]
Debug options:
-K prga : keystream for continuation
-y file : keystream-file for continuation
-j : inject FromDS packets
-P pmk : pmk for verification/vuln testing
-p psk : psk to calculate pmk with essid
source options:
-i iface : capture packets from this interface
-r file : extract packets from this pcap file
--help : Displays this usage screen
ALL NEW FOR 2020

Penetration Testing with Kali Linux (PWK)
2X THE CONTENT
33% MORE LAB MACHINES