I've been working all week at cracking WEP. Had a problem for the first couple days about missing traffic. Things are moving along pretty well right now but it's still taking forever.
I'd like to compare notes with somebody that's done it if possible.
I have a LinkSys AP with 40 bit encryption enabled. I'm flood pinging from my Ipaq to the AP with a size of 1 (the key issue is the number of packets, not the size). I'm collecting them with kismet on an Linux RH72 box with a Cisco 350 card using the kernal pcmcia support. I'm getting about 3 weak packets a minute and the total throughput seems to be about 250 packets/second. I'm using crack from Airsnort 1.0 to process the *.weak files that Kismet puts out.
To run crack, I cat the files together and then run crack on the larger file. My number of samples per key goes up consistently - I'm currently up to about 165 - some higher, some lower but it still hasn't given me a key. I've been trying about every 2 hours.
I think the people that say WEP is trivial to crack haven't tried!