De-authentication but no handshake occurs

[atmporsh911]

Hello Everyone,

I was able to successfully retrieve my router's WEP key, but now I am having a difficult time hacking it with WPA-PSK protection. I am at the point where I use aireplay to de-authenticate a connected device and retrieve a handshake when it reconnects.

Code:

aireplay-ng -0 50 -a (BSSID) -c (connected device) wlan0

The deauthentication process seems to work, as I notice the computer being targeted gets momentarily disconnected. However, a handshake is never recovered, even though the targeted computer reconnects. I'm not sure if it's necessary for WPA, but I ran

Code:

aireplay-ng --test wlan0

and confirmed that injection is working. Does anyone know what could be causing this? Thanks in advance for your help.

Photos

Injection does work with my card


De-authentication attempts


But no handshake recovered :-(


Additional Information

1. Running BackTrack 4 on OSX 10.6.5 VMWare Fusion 3.1.1.
2. Using a USB Wifi adapter with the rt73 chipset.
3. Testing on a 2Wire 2701 HG-B router.

[spiky001]

It can take some time to get a handshake let it run longer

[christ044]

I had problems too with the aireplay command trying to de-auth. what i ended up doing was using aireplay-ng -0 2 -a{bssid} -c {mac}, looking at your output you are not getting many attacks (9/64, 8/64 etc) mine tends to be 64/64, then i run that about 2-3 times until the attacks come down to 0/64.

Also, from experience, it depends on the wireless card you are de-authing, one of our laptops is a sony with athroes wireless card built in, that needs a full reboot to get online again, where as a samsung we have with a belkin wireless dongle will re-connect no problem.

[atmporsh911]

I believe that I found the solution to my problem. I had been using a Pre release version of BackTrack, and after upgrading to BT4 R2 I was immediately able to capture a handshake. Thanks for the support!

[5cardcharlie]

I've found that often for me the deauth fails to produce a handshake for airodump or takes a long time when I run "--deauth 0", but works instantly when I run "--deauth 1" (which sends only one). I don't know why; perhaps the adapter misses some incoming packets when it's busy transmitting constantly.

[cnmlf]

is there like a CLEAR tutorial on aircrack ?
like do 1 - 2 - 3 ... etc ... ?

[Archangel-Amael]

Yes there are "About 168,000 results" according to google.
Might want to start with a look there. Further Going straight to the aicrack-ng website will provide more than enough info.