How To Crack WEP – Part 1: Setup & Network Recon



What you Need

Although WEP cracking can be done from a single laptop, ideally you should have two. One laptop performs an active attack to stimulate data flow so that a sufficient number of packets can be captured in a relatively short amount of time, while the other laptop "sniffs" or captures the traffic produced by the attacking laptop. Figure 2 shows the basic idea.

You can actually run a WEP crack using one notebook equipped with a single wireless LAN card, but we don't recommend this configuration as a starting point. With only one notebook, its easy to get confused about what you're doing and we've found that the Auditor programs can get a bit unstable when used in this way.

Two Notebook WEP cracking setup

Figure 2: Two Notebook WEP cracking setup

Note that using an active attack vs. passively capturing traffic increases your chances of detection. But it can significantly speed a WEP key crack by forcing the generation of more packets than you would normally capture in a short time from a lightly-used WLAN.

Tip! Tip: Although we refer to laptops / notebooks throughout this series, you can also use desktop computers or a mixture of laptops and desktops. However, you may find using notebooks easier due their portability and the wider range of compatible PC Card wireless adapters available.

Here is a list of required hardware:

  • Wireless Access Point - This will be the "target" access point and can be any brand. We used a Netgear WGT624 v2

  • A laptop or computer with wireless capability - This will be the "target" computer and it doesn't matter which wireless chipset or card the computer uses. Our lab had a surplus Dell laptop with built-in wireless that worked just fine

  • Two 802.11b PC Cards based on the PRISM 2 chipset - Some of the programs (such as Kismet) we use in this series can support a wide variety of wireless cards. But we suggest you stick to using cards based on the PRISM 2 chipset, which are supported by all the programs we will use.
    Tip! Tip: We used two 2511CD PLUS EXT2 cards. The 2511-CD PLUS EXT2 has two MMCX connectors for external antennas and does not have an internal antenna.These cards are typically found under the Senao, Engenius or Wireless LAN brand names (Figure 3).You can also search this list compiled by Absolute Value Systems to find other PRISM 2-based cards.

Senao 2511 802.11 PC Card

Figure 3: Senao 2511 802.11 PC Card

If you purchase a wireless card that has an external antenna connector, you may want to buy an antenna and appropriate "pigtail". (The pigtail is a short cable, that connects the end of the antenna cable to your Wi-Fi card.) This isn't always necessary since some cards with external antenna connectors also have internal antennas. But note that the 2511CD PLUS EXT2 series of cards, do not have an internal antenna, so you must purchase an antenna if you're using that card.