Most people run into trouble when they try to crack wep. I did.
Here's how I got the #data/s up to an average of about 5. This should get you about one million IVs/24h. One million ivs should be enough to crack 104bit wep.
Waiting 24h is alot more than needed, but after being pissed off for two weeks with an average of aboot 0.1ivs/s and the friggin' shell freezing up so I have to start all over ffs!, I decided to forget about injection, chopchop etc and make my own way.
If the router you wanna crack on is busy, you'll have the ivs fast anyway, so this method is for idle routers, but I guess it will speed up a busy router some more as well.
What I did was this,
I set up my bt shell as usual, capturing ivs. The iv count would stay at 0 for hours, so I borrowed a vista laptop, put it close to the ap so I got at least three bars in xp (good) and connected to the ap. Of course, when I did this, it asked me for the key... I entered FFFFFFFFFFFFFFFFFFFFFFF (doesn't really matter, you just have to feed it something that fits the profile of any wep key length) and hit connect. Looking at the iv counter, I saw that this connection attempt had caused the ap to transmit, and gave me 1000ivs! Disconnecting and reconnecting manually eventually gave me 200000ivs and I was gonna try to crack, but then for some reason the shell acted up and lost sight of the network... Had to reset the adapter and start over... jeez.
What I did was simply clicking reset on the wzc windows zero configuration service. This makes the adapter lose connection and reconnect, thus generating traffic. Doing this manually is hellish in the long run, so I made a batch file. code again.bat
net stop wzcsvc
net start wzcsvc
The ping localhost is to give it some time to generate traffic, I don't know of any other way to delay the script. If you put net start and stop in a loop you will have little or no traffic generated as windows needs about 10seconds to communicate with the ap. You can add more ping localhost commands or remove some, depending on your needs... Too many will guarantee that it works, but slow it down. Too few won't let it get around to communicating at all, choking things.
I guess I have reinvented the fakeauth attack, but the fakeauth did not work for me although it said successful :-).
Do you know of a similar approach that will produce ivs faster? This is slow, because it is not a steady stream of data. The ARP replay injection never worked for me, it gets lots of arp requests and sends a heapload of packets, but the ap ignores them all.
Btw, your success is gonna depend on how the box you are using to associate to the net behaves, you have to use xp to connect and not a 3rd party prog, and make sure it stays connected in the limited or no connectivity mode. So long as you have good signal strength, xp should not try to renew ip and reconnect. If you see the connected icon with the exclamation mark, you are good to go.