Yes, it's not exactly cut & dry. First you have to make sure your wireless device can inject data to speed up the process. Some reading is required in both the page link provided and the forums, I had to compile a new driver with a patch for my ipw2200 to have it inject. Because you need at least 100.000 IV's, without injection capability it could take a day or two to collect that many, but with aireplay-ng and injection capability, it takes me no more than 10 minutes to extract a key from start to finish.
Steps for setting up your card to inject will be different from one card to another, this is where research in the forums will come in handy. I have Debian which has tons of Debian packages and also installed macchanger to spoof my mac as a mac address to any network device is unique and can be used to track you down, so spoofing your mac with macchanger keeps you anonymous. Here are the steps I take:
Code:
1: rmmod ipw2200
2: modprobe ipw2200 rtap_iface=1
3: iwlist eth2 scan
4: macchanger -m 00:61:2a:ab:04:c4 eth2
5: iwconfig eth2 ap <access point bssid>
6: iwconfig eth2 key s:fakekey
7: iwconfig eth2 mode managed
8: ifconfig eth2 up
9: ifconfig rtap0 up
10: airodump-ng --channel 6 --bssid 00:0B:85:7A:7D:2D -w dumpfile rtap0
11: aireplay-ng --arpreplay -b 00:0B:85:7A:7D:2D -h 00:61:2A:AB:04:C4 -i rtap0 eth2
12: aircrack-ng -z -b 00:18:3F:18:0F:D9 dumpfile*.cap
The first two steps are required for me to inject, as I can't do it from the ipw2200 driver, I have to use rtap which is part of the patch to the driver. Step three lists all networks and information. Ipw2200 cannot inject in monitor mode like most others so step 7 puts it in managed mode. Step 10 starts collecting data, step 11 injects data in a replay cycle to collect data packets really fast, once I get over 100.000 data/IV's, which only takes a couple three minutes, step 12 cracks it and produces a key. All these commands are issue from in /home and that's where the data packets (dumpfile) are stored. It is best to delete them before restarting or changing network.
In step 10, RXQ needs to be around 90> which is relative to signal strength, the injection can take up to 30 or so seconds to start after issuing the command. I also pumped up my TXP power in the driver's makefile for my card from 20 to 30 to give my card better range, but the instructions for doing so are ipw2200 specific and were found in the aircrack-ng forums. I'm very successful with wep and have not found a need to look for a GUI. Steps 10, 11, 12 commands are issued in separate terminal sessions.
EDIT: Make sure to use aircrack-ng-0.9 which has pwg or whatever, otherwise you will need at least 500.000 packets/IV's.
Remember: You cannot use the key without permission from the network owner/administrator.
