let me introduce first:
Even though I always was interested into networking, security, encryption and the like, I never really got to dive too deep into those matters.
So I downloaded backtrack5 and first used it as a boot disk, shortly after that installed it on a VMWare machine.
So here is my Problem:
For starters I wanted to do something easy and decided that WEP cracking sounds fun.
I built up the following setup:
Netgear Router with WEP40 and MAC-Filter, my Netbook that is connected to this router.
I put a USB-WLAN-Stick (able to do promiscuous mode) into my desktop PC and started backtrack.
After some trial and error I really managed to find out what MAC-Address is allowed (without cheating) and crack my WEP password. Pretty simple when you get the hang of it.
So I told a friend of mine, who is more or less the same knowledge level like me and he was impressed but had a valid claim:
What, if there is no DHCP-Mode but a fixed subnet or even fixed IPs bound to a certain MAC-Address?
I decided to try the easier version first, disabled DHCP and set the subnet mask to 255.255.255.0, the router IP to 10.100.100.6 and my netbooks IP to 10.100.100.12
But here is where I don't get any further... How can I see what subnet mask is used and what IPs are present on the network from outside, only having the MAC-Addresses and the WEP key?
Hope somebody can help me with this.