let me introduce first:
Even though I always was interested into networking, security, encryption and the like, I never really got to dive too deep into those matters.
So I downloaded backtrack5 and first used it as a boot disk, shortly after that installed it on a VMWare machine.

So here is my Problem:
For starters I wanted to do something easy and decided that WEP cracking sounds fun.
I built up the following setup:
Netgear Router with WEP40 and MAC-Filter, my Netbook that is connected to this router.
I put a USB-WLAN-Stick (able to do promiscuous mode) into my desktop PC and started backtrack.

After some trial and error I really managed to find out what MAC-Address is allowed (without cheating) and crack my WEP password. Pretty simple when you get the hang of it.

So I told a friend of mine, who is more or less the same knowledge level like me and he was impressed but had a valid claim:

What, if there is no DHCP-Mode but a fixed subnet or even fixed IPs bound to a certain MAC-Address?

I decided to try the easier version first, disabled DHCP and set the subnet mask to, the router IP to and my netbooks IP to

But here is where I don't get any further... How can I see what subnet mask is used and what IPs are present on the network from outside, only having the MAC-Addresses and the WEP key?

Hope somebody can help me with this.