I recently started coding and messing with BT5. I have had many successful cracking of WEP keys and used TKIP exploit on one or another WPA networks to gain access. I found something very odd the other day. During my airodump capture both signals said WEP WEP for the victim network. When I stopped the capture and tried to crack it; it asked for a wpa handshake. I restart the capture and then get shown WPA WEP40? So I tried to capture a handshake, nothing. I was having trouble injecting packets using aireplay -1/-2. In the end I monitored the packets incoming with aireplay -2 and found one from a source MAC not of my machine or the victim station. When I chose to replay that packet, the data IVS skyrocketed and at 91k I stopped and cracked it in 4sec..and it DIDNT ask me again for a WPA handshake. Is this a flaw in the router or from my end in monitoring? I've used the same techniques on various networks and had no problems, this one took me 3 days and waiting for an auth station to connect before being able to inject the packets and crack.

Mainly asking, why would it switch from WEP WEP to WPA WEP40 and ask me for a handshake, but with persistence at 90k IVS upon successful injection it cracked using the normal WEP method without a handshake confirmation?

New to the forums, hope to have many discussions. Thanks to all who read/reply.