Aircrack/Packet Injection Testing
From charlesreid1
Basic Injection Test
In order to confirm that packet injection works, you can use aireplay-ng in packet injection test mode (mode 9). The command looks like this:
$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon
where -9 or --test tells it to operate in packet injection test mode, -a AA:BB:CC:DD:EE is the MAC address of the target access point, wlan2mon is the wireless device that has already been put into monitoring mode with airomon-ng.
Here's what the output should look like:
$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon 12:47:05 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 7 12:47:05 Trying broadcast probe requests... 12:47:06 Injection is working! 12:47:07 Found 1 AP 12:47:07 Trying directed probe requests... 12:47:07 AA:BB:CC:DD:EE - channel: 7 - 'Walrus' 12:47:08 Ping (min/avg/max): 0.891ms/15.899ms/32.832ms Power: -21.72 12:47:08 29/30: 96%
Attack Tests
Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset).
Look for it in the list:
$ airmon-ng
In my case it was called wlan3. Now bring it online:
$ airmon-ng start wlan3
This will rename the device to wlan3mon. List wireless devices again:
$ airmon-ng
Now get both cards listening on the same channel. Run a quick airodump-ng command for the new wireless card to ensure it's listening on the right channel:
$ airdoump-ng -bssid AA:BB:CC:DD:EE -c 7 -w /tmp/junk wlan3mon
and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel.