I have BackTrack 3 Final running from a 4GB SDHC card which resides in my 900's SD slot. It's handy having a live distro to call on and BT3 works well with both the 900 and the 701. Apart from the sound. There's no sound. Like I care.
Anyway, I tend to use it for testing WEP encrypted networks (purely for educational purposes, mind) and I've learned how to do it using the command line. Then someone pointed out that a utility called Spoonwep will do the job using a simple GUI.
So I gave it a go. You won't learn much from it, I would strongly recommend you learn the command line way (which is a lot more powerful), but it is a bit of a time saver.
Here's how to do it:
01) Open a terminal:
airmon-ng stop ath0
airmon-ng start wifi0
04) Choose the AccessPoint(AP) you want to hack and remember the channel number. The AP will need to have a PWR rating of above 20 to have any chance of this working.
05) Hit CTRL+C to stop
06) Then copy the AP MAC address
07) In the same terminal:
08) In Victim MAC, paste the AP MAC Address
09) Choose your network card. On the EeePC 701 and 900 it's Ath0
10) Set the AP Channel Number
11) Set the Injection Rate to maximum
12) Use Fragmentation and Forge Attack
13) Use 128 Bits Key Length
14) Click launch. It does take some time, usually between ten and twenty minutes. Just be patient.
15) If it works, the key will appear as a string of characters punctuated by colons. Remove the colons and your key is what remains.
Example: 12:34:56:78:90 should be read as 1234567890.
Here's some screen shots of Spoonwep in action on my brother's network:
Not bad, eh? Fifteen minutes to crack my brother's WEP key.
Wasn't he surprised!! Needless to say he's changed his encryption to WPA...