Results 1 to 3 of 3

Thread: problem capturing eapol handshake in wpa personal..

  1. #1
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default problem capturing eapol handshake in wpa personal..

    I'm running a pen-test at home against my wireless AP, and it is configure with wpa personal, but after running deauthentication with aireplay-ng I'm still unable to capture any eapol handshake from the client trying to re associate back to the access point...to verify this I opon wireshark and type eapol in the filter box and it shows nothing, also when I open aircrack-ng I get no eapol handshake captured... all this is using backtrack3..... how could I capture the handshake?

    any help appreciated

    thanks

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    You might want to check out some of the excellent and detailed tutorials about cracking WPA that we have on the forum if you are feeling uncertain about the steps. Here is a good one you can start with:
    http://forum.remote-exploit.org/showthread.php?t=8230

    A common miscomprehension is however that the deauthorization attack will automatically generate the WPA handshake. This is not the case, the 4-way handshake will only occur when a client is connecting to the AP. If there already are some clients connected you can force them to be de-associated from the AP by broadcasting deauth-packets using mdk3 or aireplay-ng. This will effectively force them to re-connect at which point the handshake will be exchanged.

    However, if there are no clients currently connected to the AP your only option is to wait for one to connect.
    -Monkeys are like nature's humans.

  3. #3
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    Quote Originally Posted by =Tron= View Post
    You might want to check out some of the excellent and detailed tutorials about cracking WPA that we have on the forum if you are feeling uncertain about the steps. Here is a good one you can start with:
    http://forum.remote-exploit.org/showthread.php?t=8230

    A common miscomprehension is however that the deauthorization attack will automatically generate the WPA handshake. This is not the case, the 4-way handshake will only occur when a client is connecting to the AP. If there already are some clients connected you can force them to be de-associated from the AP by broadcasting deauth-packets using mdk3 or aireplay-ng. This will effectively force them to re-connect at which point the handshake will be exchanged.

    However, if there are no clients currently connected to the AP your only option is to wait for one to connect.
    after watching the tutorial that's exactly what I've been doing, the only thing is that when use "airepaly-ng 0 1 <ap> <client> wlan", I'm not getting any hand shakes captured, I've done up to 20 deauth, during the deauth, the client is unable to connect, after deauth stops client is able to browse the internet again, but still no handshake, maybe this is not an exact science.....
    any help appreciated

    thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •