How To Crack WEP - Part 1: Setup & Network Recon

This article was updated in May of 2008 to reflect changes in software availability. For example, the Auditor Security Collection CD mentioned previously in this article is no longer readily available. Instead, we recommend using Backtrack, which is based on Auditor. We are sure you will be able to get through the instructions with a little creative interpretation, which is better than having to figure out alternatives to software that is not available. In addition to dealing with software, we also checked and updated all links.

Updated June 9, 2005

Hundreds, perhaps thousands of articles have been written about the vulnerability of WEP (W ired E quivalent P rivacy), but how many people can actually break WEP encryption? Beginners to WEP cracking have often been frustrated by the many wireless cards available and their distribution-specific commands. And things are further complicated when the beginner is not familiar with Linux.

In this three part series, we will give you a step by step approach to breaking a WEP key. The approach taken will be to standardize as many variables as possible so that you can concentrate on the mechanics of WEP cracking without being hindered by hardware and software bugs. The entire attack is done with publicly available software and doesn’t require special hardware - just a few laptops and wireless cards.

Figure 1: Gotcha!

This first article will help you set up your wireless lab and guide you through the scanning portion of WEP cracking. After all, you will need to find and document the wireless networks before you can crack them. The second article will describe the stimulation of the target WLAN to generate traffic and the actual process of capturing data and cracking the WEP key. After reading these two articles, you should be able to break WEP keys in a matter of minutes. A third article will turn things around and describe how to defend against multiple skill levels of wireless intruders


A description of the basic approach and techniques used in this How To can be found in The Feds can own your WLAN too.

You don’t need to be a networking expert to successfully follow this How To, but you need basic familiarity with networking terminology and principles. You should know how to ping, open a Windows Command Prompt, enter command lines and know your way around the Windows networking properties screens.

Create a new thread in the Off-Topic / General Discussion forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
  • Anonymous
    well, i'm still trying to get the monitor module on my screen but it seems that my wi-fi lan card (Broadcom 802.11/g) doesn't allow the Airpeek to do it. By the way, my OS is Windows vista. Is it possible u help me with this? any tip is welcome..
  • Anonymous
    U have to change ur lan card to Intel.Broadcom is not good working one.
  • Anonymous
    Huh, I'm an old fart, could you put it in a flow chart please with links to download the things I need.
    I run Winblows xp on this machine, not unix.

    Thanks a bunch.