troubles with wireless pentest

["zcrips xrabbitz" <zcrips_xrabbitz () hotmail com>]

hi everyone,
     i have been taking on my first large and blind wireless pentest and i 
have nearly become lost in the jaws of a wireless network and would 
appreciate any help. first i'lll state what i have so far done and seen

the network was encrypted but with wep and large traffic so i was able to 
bruteforce the key
The network in focus is quite large with multiple subnets and lots of 
“firewalls”

These I did.

Using kismet I sniffed a whole lot of packets. And decoded them with the 
found wep key

Then using my conventional ettercap and ethereal I looked through the 
packets.
i sniffed a lot more with ettereal and looked through them for a similar mac 
address but all packets
had i local (destination) ip and mac address

Now The Problem.

I tried to connect to the net work

I used a nice ip to match one on the network
(8.5) i changed mac addresses to match the host i was spoofing.

then i tried to route packets to another client
which failed with the network unreachable error
i tried a traceroute to my target client but it failed too with the same 
error

i used ettercap to passively watch traffic and came up with a comprehensive 
list of ip/mac addresses and tried to spoof most of them but still my 
packets didn't get routed
i tried using etterape to watch traffic flow and come up with a route but i 
figure out that nearly all traffic was internal most hosts were connecting 
to each other

HELP:
   HOW CAN I ROUTE PACKETS THROUGH  TO OTHER CLIENTS OR BECOME A CLIENT
OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
PLS ANY HELP WOULD BE APPRECIATED.


ZIPPERS CRIPS

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus