Kudos..... this worked wonderfully on my Dell 1350 Mini-PCI card with BCM4306 chipset.
Your step-by-step was perfect and I cracked my 128 WEP in 30 minutes... (because this is my first time I'd tried all this out to test my security so I was going slow).
Running BT3 "as is" with no modifications whatsoever off my laptop hard drive which is a dual boot with XP
INjection worked just like you said.
Once this card got an ARP... couple minutes.... Aireplay would grab about 10,000 packets swiftly and then fault.... just pressed Up Arrow and <Enter> to restart and same thing... wait a couple minutes for ARP, then away it flies... took just over 40,000 to get what I wanted.
The fault I get is:
Write failed: Cannot allocate memoryests and 2661 ACKs), sent 3169 packets...(499 pps)
wi_write (): Illegal seek
The numbers varied and were:
... and then Aircrack coughed up the WEP Key
Very cool! Thanks a bunch for the help!!