Skip to main content

How To Crack WEP - Part 2: Performing the Crack

Verifying the deauth

While void11 is running on Auditor-B, let’s look at what’s happening on the Target client. Normally, anyone using a Target client will be happily be surfing websites or checking email, when suddenly the network will get very slow and eventually come to a halt. A few seconds later, the Target will be completely disconnected from the network.

You can check this out for yourself by running a continuous ping from TARGET to the wireless access point. Figures 7 and 8 show a ping before and during a void11 deauth attack.

Figure 7: Successful pings before void11

(click image to enlarge)

Figure 8 shows that the pings will time out while void11 is running. If you do a Control-C on Auditor-B to stop the void11 attack, the pings will come back to life after a few seconds.

Figure 8: Pings die after void11 is started
(click image to enlarge)

You can see if you are being deauthenticated from an AP by looking at your wireless client’s utility program, which usually indicates the connection status. Figures 9 and 10 show the wireless client utility built into Windows WP. Before the void11 attack starts, everything will seem normal, and Windows will show that you are connected to the AP (Figure 9).

Figure 9: Now you are connected

After void11 starts, the network status will change from connected to disconnected (Figure 10). After void11 is stopped on Auditor-B, the Target will reconnect back to the AP in a few seconds or so.

Figure 10: Now you aren’t!
(click image to enlarge)

If you look back at Auditor-A - which we last left running airodump - while void11 is running, the IV count in airodump should increase to around 100-200 with a few seconds. This is due to the traffic generated by the Target client as it repeatedly tries to reassociate with its AP.