Hi all I'm new to backtrack and here I want to give you some tips to make work the edimax ew7318usg in backtrack 2 on a mackbook pro.

Pc: Macbook pro core 2 duo 2,5 Ghz
Wireless dongle: Edimax EW7318USg (Ralink chipset, RT73 driver)

Aircrack-ng: updated to 0.9.3
Drivers: rt73-k2wrlz-3.0.1.tar.bz2

Here is my configuration, that make me crack my 64 bit WEP key in about 10 minutes, and get the handshake on my WPA network.

First off all I run backtrack on vmware fusion: I have had problems with the boot and the cd didn't want to start.
I tried backtrack 3 (the vmware image), tried to update the drivers and aircrack version, but in all events I got "Malformed packets" for example in dehautentication attack (saw with wireshark). Conclusion is that I couldn't run properly backtrack 3.

After that I downloaded backtrack 2 final iso, run it on the vmware fusion and installed it on the same virtual machine.
I downloaded the latest aircrack, put it on desktop and updated it with these commands:
cd Desktop
tar -zxvf aircrack-ng-0.9.3.tar.gz
cd aircrack-ng-0.9.3
make install

Then I updated RT73 drivers with the latest version 3.0.1 and put them on desktop:
cd Desktop
ifconfig rausb0 down
tar -xjf rt73-k2wrlz-3.0.1.tar.bz2
cd rt73-k2wrlz-3.0.1/Module
make install
modprobe rt73

And verified drivers version:
modinfo rt73 | grep RT73

The very strange thing in backtrack 2 is that I have to force to 0 the forceprism flag to not have the "malformed packets" (and I don't know why: I'm sure that this problem is this flag if set to 1); in backtrack 3 I had always malformed packets; so, before starting to crack:
ifconfig rausb0 up
airmon-ng start rausb0
iwconfig (to verify that the dongle is in monitor mode)
iwconfig rausb0 rate 1M
iwpriv rausb0 forceprism 0

Then you can start to attack; I have tried with success:
-fake authentication with keep alive packets
-arp request attack

Thats all!

All these information are all in this forum!!
Thank you!

The fragmentation attack works too

Anybody can explin why I have to set forceprism to 0 to make it work?