To configure WEPKR, click Tools => Options:
WEP key sizes allows you to specify the expected key size. For every key size, the recovery process must be performed separately. That's why limiting the number of possible key sizes can noticeably reduce the time needed to find the key. If the key size is unknown, you may want to try the most popular key sizes first, 64 and 128 bits. Also, if the AP vendor is known, you can base your assumption on that information, as some vendors don't support all four WEP key sizes. For example, D-Link access points don't support 256-bit keys.
Session settings allows you to configure WEP recovery session parameters. Use packets needed to start a new session to set the minimum number of packets required for initiating packet collection for a new WEP key recovery session. The session start timeout field sets a time period for inactivity; if the number of collected packets during that period for the given session is below the number set in the Packets needed to start key recovery field, the session is deleted. For WLANs with low utilization, collecting a few hundred thousand packets may take a long time, so you may want to increase the default value.
Packets needed to start key recovery sets the number of packets required for starting a key recovery process. WEP key recovery is a probabilistic process the result of which largely depends on the number of collected packets; the higher the number, the higher the probability of successful key recovery. The default values ensure about 60% probability of successful key recovery. If you cannot collect the required number of packets, you may want to decrease the default values, but this will also diminish the success probability. If you can easily collect many packets, you may want to increase the default values, as this will speed up key recovery.
Port to listen on allows you to specify the TCP port that will be used for communicating locally with CommView for WiFi. If the default port (11333) is occupied by another application, you can change the port number.
Send decrypted packets back to the application if this box is checked, WEPKR will "inject" the packets it has collected so far into CommView for WiFi once the key is recovered. The application uses the following mode of operation:
|1.||Encrypted WEP packets are captured by CommView for WiFi and passed to WEPKR in real time.
|2.||When enough packets are collected, WEPKR starts key recovery.
|3.||When the key is recovered, WEPKR decrypts the packets accumulated in the buffer and passes them back to CommView for WiFi, where they are displayed.
This option may be a good choice if you don't log packets in CommView for WiFi, or if you are monitoring several WLANs at the same time. Since CommView for WiFi can use only one WEP key set at any given time, you can use WEPKR for automatic decryption of the data collected from several WLANs that use different WEP keys.
|4.||All subsequent encrypted packets captured by CommView for WiFi and passed to WEPKR are immediately decrypted and passed back.
Assume high percentage of ARP traffic if this box is checked, the application will apply a different mathematical method for the key recovery, specially aimed at ARP packets. This method is different from the one used for "natural" traffic, so you need to "tell" the application how the traffic was generated. Check this box if you use the pro-active, artificial traffic generation technique described in the Traffic Generation chapter.