I've been messing around with my wireless router lately, flashing it with DD-WRT, and doing some research on wireless networks in general. I've always used WPA encryption on my router because I knew it was more secure than WEP. What I didn't realize is just how vulnerable WEP is.
Most of the packets transferred between a client and AP contain an
initialization vector (IV). By capturing enough of these IVs, it is possible to crack WEP encryption in a matter of minutes. Being in the IT "bidness", I had to try this out to myself.
I could set up WEP on my router and attempt to crack it myself, but there are several WEP encrypted APs in my neighborhood just asking to be cracked. Using Aircrack-ng, I was able to obtain my neighbor's key in about five minutes. Again, I'm only doing this out of professional curiosity.
