EH-Net

So a co-worker of mine gave me permission to try to crack his wireless network until my router gets here. so Far I've found his SSID (had it hidden) and thought it would be cake because his network was open. I spoofed his MAC and tried to connect and I wasn't able to. I ran a deauth and still no connection. I'm not sure what I'm missing here. As far as my knowledge goes he's running an open wifi with MAC filtering. I'm fairly sure he's using a dynamic IP config.

Does anyone have any ideas as to what could be holding me up?

Password profiling tools like WYD, CUPP will help creating a custom password list against a target.

http://kaoticcreations.blogspot.com/2011/06/wordlists-password-profiling-with.html

I'm pretty sure he's not using a password but I won't rule it out. His network is open I just can't connect to him even while spoofing a client MAC.

Could signal strength be an issue?

I had a fairly good signal, around -31db. I was only about 30-40m away from his AP.

Are you running airodump-ng? That should tell you if he's using WEP, WPA, OPEN...whatever.

I agree with Dragon. You need to study the legitimate traffic to see what works. Capture the traffic. Packets don't lie.

Yes, I ran airodump-ng and filtered it by channel. It comes up as an open network on there. I tried to connect via Wcid as well as using the command line, neither has worked yet. I may go try it again today but I wasn't having much luck. I'm not sure if he even knows why I can't connect. He got the wireless router from a Polish soldier he replaced when he got here.

It might be some incompatibility with your card (Alfa?) and his router? I have an Alfa and while it can see both 2.4 and 5 ghz bands of my dual band router it cannot connect to the 5 ghz band. Maybe his router is using N and your Alfa is b/g only?

The way I see it, if his router is open, i.e no wep/wpa/wpa2, then you should be able to connect with any wireless laptop (providing it's compatible). Try a different wifi card.

Something I've seen, working with Linux connecting to some AP's...

Check the adapter's wireless preamble settings, if you can.  Sometimes if it's set a certain way, on some cards, they don't like to connect, especially if using DHCP, and when dealing with 'normally' hidden / non-broadcast SSID's.

Used to give me fits, a lot, before I figured that out.

DragonGorge: I've tried using both my internal (Atheros Ath9k) and a Rosewill USB card with no success.

Hayabusa: I didn't think to check that, I'll have to give it a look. You may have solved my million dollar question lol.

In your study of the legitimate wireless traffic, was it using dhcp? If he's trying to lock you out, it's possible that he's using dhcp and is only allowing a dhcp range of one address. The packet capture should give you a clear idea of why you can't connect.

or he may have static IPs and have no DHCP what so ever

I agree about the IP thing.
the router may not issue a new IP address which is why you cant connect. most of the time 192.168.1.0/24 is the network range. try social engineering his ip address from him then use that.

or guess and check. start with .1, .2 etc..

in wcid you can add your own IP address. this has worked for me in the past.

I think you have problem with wireless signal because the network sounds open.

if he had a problem with the signal he would not be able to tell it was open let alone know the network existed if he can identify the encryption (or lack there of) then chances are he is getting a good enough signal to pick up whole packets