Hello world! I was wondering if anyone might be able help here. First of all, although I like to think I'm not a total newbie to backtrack, I've still got a long way to go I think. Therefore if at any time I seem confused or downright mistaken in my grasp of concepts or terminology... then feel free to set me straight, lol.

Anyway, onto the "problem".

I recently just signed up for another 18 month contract with my ISP and for some bizzare reason they have sent me another free Wireless ADSL Modem-Router (BThomeHub) as a customer loyalty "thank you" even though I already use a far more substantial 3rd party modem/router.

I'm interested in using this new router as a guinea pig practice AP for WiFi pen testing. It won't be connected to the internet, nor will there ever be any other Clients using it. So it's just a lone sitting duck on my desk.

I'm fairly sure (I think) it's set to: WEP Shared Key Authentication (SKA, Not OPEN / or enterprise whatever) and it also has NO clients as I say.

I've looked over the many good tutorials on the net for cracking WEP, but I've noticed that most seem to silently assume that there is to already be some reasonable amount of WiFi activity going on between "legit" clients and the AP in order to capture sufficient IVs etc.

The tutorials that I've found that DO cover clientless attacks sadly don't ALSO cover SKA I think, only Open or whatever. Perhaps I've not looked well enough, but I have yet to find one that covers both factors being present.

Could anyone be kind enough to point me in the right direction or guides that specifically focus on cracking a WEP key of an AP that is SKA, AND has ZERO CLIENTS?

I'm also planning to try the more usual scenarios too but I'm curious to really get a result for this specific test if I can, just because it's perhaps the road less travelled.

I'll be using a Linksys WUSB54GC USB dongle in VMware and probably BT3 unless anyone thinks earlier version might be better for this for some reason.

Thanks for reading!