1. It depends on the physical pieces of the ehternet network. If your LAN is composed of hubs, then you are correct, a hub recieves traffic on one port, and sends it out to all ports. If your network uses switches, then this is not correct, the default behavior of a switch is to recieve traffic on one port, and then send that traffic on to only the port which is connected to the device for which the traffic is destined, although "broadcast traffic" are destined for all machines so are sent out on all ports.

2. This also depends on the actual hardware and how they are configured. If you have a wireless access point which is configurured to simply act as a wireless hub, then yes, it will send all the traffic accross the wireless, which it recieves from the network( I configured either an airport, or a linksys to do exactly this once, when testing something) if it is functioning as a nat router, then it will not do this. Again, it also depends osmewhat on whether the rest of your network is a hub or switch network how much traffic could be sent this way.

3


4. One of the things about breaking WEP on a wireless network is that there needs to be traffic on the network in order for you to get enough weak packets to crack it. This means that unless the wireless network in question has lots of stuff hooked up to it all the time, which are used all the time, trying to capture enough packets to break WEP at 3 am when no one is using the network is likely not going to be easy. However, you certainly could sit in the parking lot at any time when the wireless netowkr in question is at a high usage level, and collect enough data. It does need to be a high usage level though, I tried using airsnort to break WEP on a wireless network which I set up for a test once, and after leaving it running for several hours sniffing the network which only had one wireless machine on it, it was only slightly down the road to capturing enough weak packets. I figured out that it would take more than a month to get enough data on that wireless network with only one node, which was only active only a little bit. If you have a high number of wireless users, that time decreases by a lot.

There are other ways of securing wireless authentication which get arround the weakness of WEP to a certain extent( radius with EAP/TLS or EAP/TTLS, or EAP/MD5 perhaps, even WPA which is something new ........) so simply finding a wireless network and sniffing it for a long time might not even be anough to crack it.