I've been working with the aircrack-ng sweet a lot recently; maybe I can give some ideas...
It sounds like your WEP authentication is OPEN (not SHARED) which is good.I have been able to use aireplay-ng to do a fake authentication with the AP.
When i use aireplay-ng -3 -b <> mon0 , it waits for ARPs and then after a while it starts to send lots of packets.
Well , with this , the packet count increases , but #Data remains just the same
Usually the ARP-REPLAY attack (-3) requires packets to be sent over the air before they can be replayed...
...if there are no clients on the access point sending/receiving data, then you won't be able to replay any "real" packets (just beacons).
This attack is handy if there's activity already on the access point.
If injection works 90%, then you're definitely close enough to the Access Point to run some attacks...Further , with aireplay-ng -5 , i am not able to get any RELAYED PACKET. I have tried it for hours
When i test the packet injection capabilities ( using -9 i guess ) it gives me about 90% success rate on that AP.
I would recommend the Chop-chop Attack (-4). This has worked on many kinds of Access Points I've come up against, and normally doesn't require clients if you are already fake-authenticated.
There's other attacks you can try as well (-3 through -6, I believe), so try different techniques until you find one that works with your access point.
Also, if your injection rate isn't 100% (or close to it), you may need to lower your packet-injection rate using the "-o " argument. Lower packet-injection rates are good if you aren't very close to the router. I think the default injection rate is 500, so you could try "-o 150" when executing aireplay-ng.
I've whipped up a WPA/WEP cracker in my spare time, and have been getting people to test it. If you want to automate the airodump/aireplay/aircrack process, then you may want to check it out! It's called GrimWepa and it's been successful for quite a few people