Acer One Netbook with Atheros Wifi Card Not pucking up Handshakes with airodump-ng

[Cyrus]

I am sure you guys have had tons of questions on this topic, I have read how tos until im blue in the face, here is the issue I am attempting to Crack my own Linksys WRT54GS Router, I have it set to WPA-PSK TKIP (Standard WPA not WPA2) or "WPA Personal" in the router settings, my SSID is Cyrus_Network and PSK of "Whitew0lf@2083" however in Backtrack 4 I can manage to use airmon-ng and get the Wifi running in monitor mode I am filtering my BSSID and locked onto channel 11 which is the same as my router band G as well however no matter what I do I can't seem to get airodump-ng to give me a handshake verification, with or without a client, I have even read somewhere i have to use macchanger with the atheros card to get it to function, ive tried that and still no dice, I have checked if the card supports injection with aireplay-ng --test wlan0 and it states injection is working my drivers are athk5 and Interface is wlan0, any suggestions at all im not new to linux but to the cracking tools ... im lost ill be happy to pose any output from the screen if needed
Thanks a million
Cyrus

[hypervista]

Cyrus - The basic steps of capturing a WPA handshake are as follows:

1) set your card in monitor mode

Code:

airmon-ng start <interface> <target channel>

2) airodump-ng on target channel, filtering on target BSSID, and writing capture to a specific file

Code:

airodump-ng -c <target channel> -w <capture file name> --bssid <target MAC> <interface>

Note: It's important that there be a client associated to the target because to speed the collection of the WPA handshake you're going to deauthenticate the client and capture the WPA handshake when they re-associate. Otherwise, you're going to be waiting until a client associates to capture a WPA handshake.

3) deauthenticate the associated client (I like to use a deauthentication packet number of 15)

Code:

aireplay-ng -0 15 -a <target MAC> -c <associated client MAC> <interface>

4) once you get the WPA handshake, stop airodump-ng and run aircrack-ng on the .cap file using one of the test password files or John the Ripper

Code:

aircrack-ng -0 -w <path to password file> <your capture filename.cap>

Note: make sure you include your passphrase (Whitew0lfe@2083) in the test password file, otherwise you won't find it. There are a couple of test password files included in BT4 (look in the /pentest/wireless directory.

[Cyrus]

Thank you for the steps, ill try one more time at this, all of the steps so far i have followed, ill see if I can get my neighbour to connect as the client for me, Ive heard if you have 2 cards you can be your own client, but I dont at the time, ill post the results, thanks
Cyrus

I managed to get this working by first connecting to my router and then (Without an second wireless card) I put my card into monitor mode it created "mon0" with that I monitored my AP and then I used command iwconfig wlan0 ap off with that it forced me to reconnect as I was running wicd and then lo and behold I got a handshake and was able to proceed all without ever buying a second wifi card

and FYI for some reason the aireplay-ng -0 -1 -a XXXXXXXXX -h (or -c) XXXXXXX mon0 doesnt ever seem to deauthenticate a client