Can use BackTrack 2 Linux cd-rom start guidance system, this kind of means is to CD Linux loaded into memory operate after, the need for test environment of makeshift attack others who can appear very convenient, but this approach relies on cd-rom stability and memory abundant.

Generally speaking, professional wireless security personnel will be installed to BackTrack 2 Linux hard disk, such not only start more convenient, as against other projects at the loading test when the wireless network card when also can more convenient. The specific installation method see book appendix A content. In addition, if use is similar to WUSB54G of USB mounting type wireless card, also can use a virtual machine VMware guided, we also do not need to install more operating system. Below to address the wireless WEP crack steps.

Step 1: before entering BackTrack 2 Linux system login screen upon entering the method will directly on the stated hint, by default, input screen name, and password to enter toor root to Linux shells.

Input: startx, wait for a while and then enter into to the graphics interface. In graphic interface, open a shells, as shown in figure 3-5, as shown ifconfig - a "enter" check the current network adapter.

Here we are to use USB wireless card WUSB54Gv4, for example, can see a called rausb0 of card, state is not loaded, here first load USB nic driver, type the command:

Ifconfig - a rausb0 up

After successfully loaded in Linux, can in ifconfig orders directly see wireless card, as shown in figure 3-5 below.

Figure 3-5 load USB wireless nic driver

Step 2: we can use as Kismet, AirSnort tools such as to scan the current wireless network AP, if use Kismet words, display the results as shown in figure 3-6 shows, the software can be seen clearly given AP channel, flow and encryption condition.

Figure 3-6 use Kismet detection network by finding the AP

Also can use AirSnort for wireless AP detects, as shown in figure 3-7 shows, can see, search to an AP, this AP is enabled WEP encrypted, write down its MAC and Channel, is this column shows any more. Figure 3-7 use wireless access points AirSnort search

Step 3: we need to activate into hand mode, network card before we can carry out the subsequent cracked, command is as follows:

Airmon - 6. Rausb0 start ng

One of the 6 is detected before the AP channel, can not input, but input will improve the accuracy. Then enter the following command began to grab wireless packet:

Airodump - ng - w ciw operates. Rausb0. 6 - any cap

One of the cap is the author j ciw operates set caught filename, carriage return after can see as shown in figure 3-8 shows interface.

Figure 3-8 use airodump - ng grab wireless packet interface

Step 4: here in order to accelerate IV (initialization vector) acquisition, can undertake ArpRequest between attack, which is very important for WEP attack, actual intrusion can use, can effectively improve caught quantity and cracked speed. Orders are as follows: