Results 1 to 4 of 4

Thread: Aircrack-ng - WPA2 - Missing Handshake

  1. #1
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    13

    Default Aircrack-ng - WPA2 - Missing Handshake

    Hey guys, I know yall are probably tired of answering questions about WPA(2) handshake capturing, but I have a question I cannot seem to find a straight forward answer to on google or on the forum.
    Lab setup:

    Wireless N router with 1GB Ethernet
    LT1 - Dell D630 running BT4
    - Intel 5100 internal wireless card (a/b/g/n)
    - PCMCIA Orinoco Gold card b/g (model:8470-FC)
    LT2 – Dell E6400 running XP
    - Dell wireless 1510 N

    I have gone through many of the walkthroughs/guides for cracking WPA/WPA2 and I seem to have an issue with the handshake capture. One of many guides I have read: cracking_wpa [Aircrack-ng] for reference

    Packet injection with either my Orinoco or Intel seems to work as I can see my LT2 become dis-associated with my AP, then re-associate. I can also see that in airodump my traffic between LT2 and the AP increases (#Data, packets, #/s, Lost), but for some reason I am not capturing the handshake. I know its there, but airodump isn’t seeing it.

    I have double checked my channels, BSSID, station ID, ESSID, etc. I have read the “I cannot capture the four-way handshake!” section of the link I posted on aircrack-ng.org, and forced my bit rates, ap, freq, mode, modulation, still same issue. I have also turned off the Wireless N radio on my router to eliminate any channel confusion.

    There are two things that elude me here:

    1. When I scan with airodump the MB for my route is showing 54e. What does the “e” stand for and is it a factor when trying to capture the handshake?
    - Doing some looking I believe the ‘e’ is shown when the router has QoS enabled? Please correct me if I am wrong.

    2. Am I using the correct drivers for my wireless cards?
    Interface Chipset Driver Card
    Wlan0 Intel 4965/5xxx iwlagn – [phy0] Intel 5100
    Mon0 Intel 4965/5xxx iwlagn –[phy0]
    Wlan1 Atheros ath5k – [phy1] Orinoco Gold

    I saw a post (Print Page - Can't capture WPA handshake) where there could be an issue with the ath5k driver and aircrack-ng.org had issued a patch (located here: http://patches.aircrack-ng.org/fix_a...tor_mode.patch) I have downloaded the patch and tried to apply it but I get the following error:

    Can’t find file to patch at input line 6

    File to Patch:


    Am I even moving in the right direction here by looking at the drivers?
    I normally wouldn’t post something this simple on the forum, but it’s been driving me nuts for days.
    Thanks for any comments in advance.

  2. #2
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    13

    Default Re: Aircrack-ng - WPA2 - Missing Handshake

    Ok, so I have been doing some troubleshooting with Wireshark to check to see if I am missing the handshake, and apparently the handshake IS there, but airodump doesn't see it.

    In the EAPOL handshake, I verified that the replay counter in packet 1 and 2 match, and 3 and 4 match. I also verified that the Nonce for Packet 1 and 3 match, along with the beacons.

    So my question is, if I am using the same interface for wireshark as I am for airodump, why doesnt airodump capture the handshake, but wireshark can see the key exchange?

    Thanks again!

  3. #3
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    13

    Default Re: Aircrack-ng - WPA2 - Missing Handshake

    Well, for those of you guys that are interested I finally got this issue fixed and I was able to capture the handshake in airodump-ng on the monitoring interface.

    The solution was just dumb luck as I figured as I was perplexed about how the interface could see the traffic but the application could not, so... i did what came to me and updated the application... well all of them

    Here are the commands I used to update the aircrack package and grab any other apps that needed updates:

    # apt-get update
    # apt-get upgrade all

    Yea pretty silly of me, but hey i would rather be luck than good sometimes.

    I hope this thread helps someone else out in the future.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    12

    Default Re: Aircrack-ng - WPA2 - Missing Handshake

    Quote Originally Posted by Souless View Post
    Well, for those of you guys that are interested I finally got this issue fixed and I was able to capture the handshake in airodump-ng on the monitoring interface.

    The solution was just dumb luck as I figured as I was perplexed about how the interface could see the traffic but the application could not, so... i did what came to me and updated the application... well all of them

    Here are the commands I used to update the aircrack package and grab any other apps that needed updates:

    # apt-get update
    # apt-get upgrade all

    Yea pretty silly of me, but hey i would rather be luck than good sometimes.

    I hope this thread helps someone else out in the future.
    Well I guess my response isn't going to matter now! I clicked the thread in hopes to help you out, but I guess you figured out your own problem. Hope you finally see some results!

Similar Threads

  1. Cuda enabled Aircrack is missing known WPA key
    By Loser3000 in forum Beginners Forum
    Replies: 2
    Last Post: 09-19-2010, 03:34 PM
  2. No handshake WPA2?
    By Spike in forum Beginners Forum
    Replies: 2
    Last Post: 04-03-2010, 12:43 PM
  3. WPA2 Capture Handshake - Only once?
    By wolf17 in forum OLD Newbie Area
    Replies: 7
    Last Post: 08-04-2009, 09:25 AM
  4. WPA2 handshake capture
    By whiterabbit7500 in forum OLD Newbie Area
    Replies: 11
    Last Post: 07-26-2009, 05:29 PM
  5. airbase-ng capture wpa/wpa2 handshake
    By rubics in forum OLD Wireless
    Replies: 2
    Last Post: 12-12-2008, 03:53 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •