WEP Cracking Packet Injection
What if the AP was idle, or had no clients associated with it? In this case, we have to inject packets into the traffic in order to force the router to create new packets with new IV's.
Before we can start injecting packets into the traffic, we have to authenticate our wifi card with the AP, because AP's ignore any requests that come from devices that are not associated with the AP. This can be done easily using airmon-ng like so
aireplay-ng --fakeauth 0 -a[target MAC] -h[your MAC] [interface]
If this fake authentication was successful the value under the "AUTH" column in airodump-ng will change to "OPN"
Packet injection - ARP request replay
In this method, after successfully associating with the target AP, we will wait for an ARP packet, we will then capture this packet and inject it into the traffic, this will force the AP to generate a new ARP packet with a new IV, we capture this new packet and inject into the traffic again, this process is repeated until the number of IV's captured is sufficient enough to crack the key.
aireplay-ng --arpreplay -b [target MAC] -h [your MAC] [interface]