Hi. I'm having a bit of a problem. I've researched this for a while on here with no luck so far.

To date, I've cracked 64 bit wep using airodump-ng, aireplay-ng, and aircrack. I had the ssid, and I had a client on the ap downloading a large file. Worked great.

My problem now is two-fold. I've set up an ap with no clients. I know the ssid but I still can't crack it. I'm using a fragmentation attack with a card that supports injection(I also tested it via wireshark). It will read packets searching for a data packet. It found 1, I entered y then pressed enter. It sent the fragmented packet....got no answer....still nothing, repeating....
Still nothing, trying another packet....
No answer, repeating....etc.

So I let it read packets again, found another. Entered "y" and still nothing. Read more packets, nothing.

Is fragmentation ever going to work?

Also another big question of mine is, how can I crack Wep with no clients and no ssid??? Kismet never catches the ssid. I can't deauth any clients because there are none.

Thanks for any help, Evo.

I had a similar issue, however, 1st mistake was, I mistyped my mac address while doing it (I suggest not actually using yours, but a spoofed one using macchanger). My second issue was that I was doing this before I did a fake auth. The fake auth attack created a working packet that I could use with packetforge to create an arp-request packet, that I could then inject succsesfully. If you want to check it out, heres what I did;

tazforum.thetazzone.com/viewtopic.php?t=6611

Put it into a fragmentation attack...go have an espresso...come back...and it will have it set up for you..."use this fragment? yes or no?

May take some time. I pulled down 2000 packets before it had a fragment ready.

I also run both a chop chop and a fragmentation attack at the same time in two different terminals on the same laptop.

You gotta love this stuff.

Do the no ssid next. But first do the no cllient first...which is a pretty typical situation.

Thank me later.

you can't just use the fragment, you have to use the fragment to put into packetforge to create the right kind of packet to inject, alacityathome is pretty wrong.

If you have no client connected ( wlan or lan ) you have no data to collect thus cannot attack the AP unless you have previously collected data.

If you have no client connected ( wlan or lan ) you have no data to collect thus cannot attack the AP unless you have previously collected data.
This is not correct. There are a number of tutorials available on clientless WEP cracking using the fragmentation attack. Also, a LAN client even if connected will not produce any wireless traffic.

The tutorials are about the situation when you see no client :
http://www.aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients
but to do the fragmentation you need the WEP encrypted data thus either it is from previous session or from a nonvisible client, as there is no data obtain from fakeauth. When you read any tutorial look at the MAC's in collected packets used to frag attack.
LAN client can send data through wireless when addressing wireless client.

The tutorials are about the situation when you see no client :
but to do the fragmentation you need the WEP encrypted data thus either it is from previous session or from a nonvisible client, as there is no data obtain from fakeauth. When you read any tutorial look at the MAC's in collected packets used to frag attack.
LAN client can send data through wireless when addressing wireless client.

Thanks. This link has gotten me farther than anything so far.