trouble with wireless pentest

["zcrips xrabbitz" <zcrips_xrabbitz () hotmail com>]

hi everyone,
      i have been taking on my first large and blind wireless pentest
and i 
have nearly become lost in the jaws of a wireless network and would 
appreciate any help. first i'lll state what i have so far done and seen
 
the network was encrypted but with wep and large traffic so i was able
to 
bruteforce the key
The network in focus is quite large with multiple subnets and lots of 
"firewalls"
 
These I did.
 
Using kismet I sniffed a whole lot of packets. And decoded them with the

found wep key
 
Then using my conventional ettercap and ethereal I looked through the 
packets.
i sniffed a lot more with ettereal and looked through them for a similar
mac 
address but all packets
had i local (destination) ip and mac address
 
Now The Problem.
 
I tried to connect to the net work
 
I used a nice ip to match one on the network
(8.5) i changed mac addresses to match the host i was spoofing.
 
then i tried to route packets to another client
which failed with the network unreachable error
i tried a traceroute to my target client but it failed too with the same

error
 
i used ettercap to passively watch traffic and came up with a
comprehensive 
list of ip/mac addresses and tried to spoof most of them but still my 
packets didn't get routed
i tried using etterape to watch traffic flow and come up with a route
but i 
figure out that nearly all traffic was internal most hosts were
connecting 
to each other
 
HELP:
    HOW CAN I ROUTE PACKETS THROUGH  TO OTHER CLIENTS OR BECOME A CLIENT
OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
PLS ANY HELP WOULD BE APPRECIATED.
 
 
ZIPPERS CRIPS
 
_________________________________________________________________
 
The Zcrips Inc
-----------------------------------------------------------------
a man is only limited by his imaginative abilities