No data# how to find WEP?

[naaitsab]

Hi,
I've successfully found the key to one of the test networks to find the wep keys from, but a sitecom router is a bit difficult to crack, it doesn't send out data# to use "Use aireplay-ng chopchop or fragmenation attack to obtain PRGA"

It hangs at

Code:

aireplay-ng -5 -b (bssid mac here) -h (hw mac here) wlan0                 
 Waiting for a data packet...
 Read xxx packets...

xxx goes on to 100.000 without a result, in other movies and tutorials it finds data around 100-200 read packets
Same goes with chopchop attack (aireplay-ng -4)

simple_wep_crack [Aircrack-ng] This worked fine on the first network but with the sitecom it doesnt get any data# but i can use aireplay-ng -1 0 to connect myself successfully to the AP.
Then using aireplay-ng -3 -a (bssid mac here) wlan0 the packets(amount on the left first in the row) is about 100.000 but rest remains 0
Using an alfa awus036h+BT4 and get 3.5 out of 5 bars signalstrength in windows from the network.
How must i proceed?

[zeroRyuki]

firstly, try to understand about ARP request replay attack..

u can read about that here arp-request_reinjection [Aircrack-ng]

[naaitsab]

Ah thanks will try that, at what step do i need to inject those arps?
1. airodump+channel select
2. aireplay-1 0
3. aireplay -3
4. aircrack the cap file from 1

I still get this:
I get 'Read XXXXX packets (got 0 ARP requests), sent 0 packets...(0 pps)' - Why it doesn't send any packets?
simply because there are no ARP packets being broadcast into the air and on the network, nothing to replay. If aireplay-ng doesn't find any of the right packets, it will not be able to replay anything. Don't forget that 'replay' imply that there's some packets are being broadcast, already sent by a legitimate client/AP

So it's not possible to find the key unless someone connects to the ap with a valid key?