aireplay-ng -9 test says that attack -5 fails BUT injection is working ok with attack -5 (rt2570 chipset)

[Krampo]

I own two cards: ipw2200 and rt2570.

For the rt2570 chipset there is a driver patched to be able to do the fragmentation attack and I've installed this patched driver.

Then I CAN do the attack. These are the relevant lines:

aireplay-ng -5 -b <bssid> -h <mac_from_authenticated_client> rausb0

(some content removed...)


Use this packet ? y


Saving chosen packet in replay_src-0102-010849.cap
01:09:46  Data packet found!
01:09:46  Sending fragmented packet
01:09:46  Got RELAYED packet!!
01:09:46  Thats our ARP packet!
01:09:46  Trying to get 384 bytes of a keystream
01:09:46  Got RELAYED packet!!
01:09:46  Thats our ARP packet!
01:09:46  Trying to get 1500 bytes of a keystream
01:09:46  Got RELAYED packet!!
01:09:46  Thats our ARP packet!
Saving keystream in fragment-0102-010946.xor
Now you can build a packet with packetforge-ng out of that 1500 bytes keystream

All this is OK, but if I try to test my card with -9 option, this is the result:

aireplay-ng -9 -b <bssid> -h <mac_from_authenticated_client> -i eth2 rausb0


(some content removed...)

01:21:24  Trying card-to-card injection...
01:21:24  Attack -0:        OK
01:21:24  Attack -1 (open): OK
01:21:24  Attack -1 (psk):  OK
01:21:24  Attack -2/-3/-4:  OK
01:21:26  Attack -5:        Failed
''

Notes:

1.- Both cards are in monitor mode.

2.- I don't need to do the -1 attack, because I use a second computer authenticated with the AP.

3.- I've a little pcap file with the attack that ended OK, so I could upload it if necessary.

4.- I don't have a pcap with the failed test, but I think that it should be easy to capture this if necessary.

Any ideas to try?