WEP

WEP (Wired Equivalent Privacy) shipped with the original IEEE 802.11-1997 standard as the only link-layer confidentiality option. It encrypts each frame with the RC4 stream cipher, keyed by concatenating a 24-bit initialization vector (IV) with the static, shared WEP key. Integrity is a CRC-32 checksum the standard calls the ICV, computed over the plaintext and encrypted alongside it.

Every weakness flows from those two choices. RC4 is a stream cipher, so the keystream must never repeat under the same key; yet the IV is only 24 bits and is sent in cleartext, so on a busy network IVs recur within hours and let an attacker recover keystream by XOR. The CRC-32 ICV is linear and unkeyed, so a forged frame's checksum can be fixed up without the key, defeating integrity and replay protection entirely. Because the secret key never changes and rides along inside every per-frame RC4 key, statistical analysis of enough frames recovers it outright. WEP provides obfuscation and nothing more.

WEP has no weakness toggle: the protocol is broken by design, so there is nothing to downgrade. The only protocol-specific judgment is the key itself. The Passphrase input becomes a WEP Key field where a valid key is 5 or 13 ASCII characters (40-bit or 104-bit) or 10/26 hex digits; any other length is fitted to a valid 13-character key automatically, and the Effective key shown is what you type on test clients.

For the full New-Network walkthrough, see Networks.

The goal is always the same: collect enough unique IVs to recover the static key. The attacks below either capture traffic passively or generate it actively to speed that up. Put an adapter in monitor mode and lock onto the target first:

airmon-ng start wlan0
airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w wep wlan0mon

FMS (2001)

The original statistical break exploits "weak" IVs that leak information about the key bytes through biases in the RC4 key schedule. With enough captured frames, aircrack-ng recovers the key directly from the IV/keystream relationship.

aircrack-ng -K wep-01.cap

Judgment: historically important, but slow and now superseded; use it only to show the original 2001 attack.

KoreK / PTW

KoreK extended FMS with many more statistical correlations, and the 2007 PTW technique cuts the data requirement dramatically: roughly 20,000 to 80,000 IVs crack a 104-bit key in minutes. PTW is aircrack-ng's default, so you simply point it at the capture as IVs accumulate.

aircrack-ng wep-01.cap

Judgment: the modern default and fastest path; this is the one you actually run.

ARP replay injection

A quiet network produces IVs too slowly. Capture a single ARP request and replay it endlessly; the AP re-encrypts each replay under a fresh IV, flooding the air with the unique IVs PTW needs.

aireplay-ng -1 0 -a AA:BB:CC:DD:EE:FF wlan0mon
aireplay-ng -3 -b AA:BB:CC:DD:EE:FF wlan0mon

Judgment: the standard accelerator; turns a multi-hour passive wait into a minutes-long crack.

ChopChop / fragmentation

When you cannot wait for an ARP, these attacks recover keystream without knowing the key by abusing the linear CRC-32 ICV. ChopChop strips one byte at a time off a captured frame; the fragmentation attack rebuilds keystream from a small known header. Either yields a keystream you feed to packetforge-ng to craft an injectable ARP and bootstrap the IV flood.

aireplay-ng -4 -b AA:BB:CC:DD:EE:FF wlan0mon
packetforge-ng -0 -a AA:BB:CC:DD:EE:FF -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y replay_dec.xor -w arp.cap

Judgment: the no-traffic path; proves integrity is forgeable and gives you injection from nothing.

Caffe-Latte / Hirte

These flip the target from the AP to an isolated client. A device that remembers a WEP network will answer gratuitous ARPs even with no real AP present; you stand up a rogue AP with the same SSID, coax the client into emitting encrypted frames, and recover the key from the client alone.

airbase-ng -c 6 -e "OldOffice" -L -W 1 wlan0mon
aircrack-ng caffe-latte-01.cap

Judgment: the client-side attack; recovers a key when the AP is nowhere in range.

Once enough IVs are captured by any route, the crack itself is a single command, often finishing while injection is still running.

Genuine WEP is nearly extinct on modern infrastructure, but it lingers exactly where it is most damaging: legacy industrial and building-automation gear, old barcode scanners and handheld inventory terminals, medical and lab instruments with decade-old radios, and forgotten "temporary" access points nobody re-provisioned. These are slow, low-traffic networks, which is precisely why the ARP-replay and fragmentation attacks matter: you have to manufacture the IVs yourself. Treat any live WEP SSID as fully compromised the moment you see it.

There is no safe configuration of WEP; the only fix is to retire it. Migrate every device to WPA2-Personal (AES-CCMP) at minimum, and to WPA3-Personal (SAE) where clients support it. RC4 itself has been deprecated for TLS by RFC 7465 for the same class of keystream-bias weaknesses, and the 802.11 working group removed WEP from the standard outright; there is no remaining legitimate use. If a device truly cannot do anything better than WEP, it does not belong on a network that carries anything you care about - isolate it on its own segment with no route to sensitive systems, or replace it. See WPA2-Personal and WPA3-Personal for the modern replacements.

• IEEE 802.11-1997 / 802.11-2007 - the original WEP definition and the later editions that deprecated and removed it
• IEEE 802.11i-2004 - the amendment that replaced WEP with CCMP and TKIP
• RFC 7465 - Prohibiting RC4 Cipher Suites - IETF deprecation of RC4 over keystream-bias weaknesses
• RFC 8247 - context on retiring weak/legacy cryptographic algorithms