SmallNetBuilder

Follow SmallNetBuilder
Follow SmallNetBuilder on TwitterConnect On Facebook Google+Get the SmallNetBuilder RSS Feed
You are here: Wireless Wireless How To How To Crack WPA / WPA2 - Finding the Four-way Handshake

How To Crack WPA / WPA2 - Finding the Four-way Handshake

Print E-mail
<< Prev - Page 4 of 7 - Next >>

Finding the Four-way Handshake

To make sure we captured a authentication handshake, we can use the network protocol analyzer Wireshark (formerly Ethereal). Wireshark allows us to view packet contents and sort by type of packet captured to pull out the WPA handshake.

Open up Wireshark (Backtrack > Privilege Escalation > Sniffers) and open the Kismet capture "dump" file (Kismet-<date>.dump) to view all the captured packets. The WPA four-way handshake uses the Extensible Authentication Protocol over LAN (EAPoL).

Using Wireshark, we can filter the captured packets to display only EAPoL packets by entering "eapol" in the filter field (Figure 7).

EAPoL filter applied to captured packets
Click to enlarge image

Figure 7: EAPoL filter applied to captured packets

Here, we're basically looking for four packets that alternate source, client-AP-client-AP (I've highlighted them in red in Figure 7).

Now that we've confirmed that we've captured a four-way handshake it's time to perform the crack.




Related Items:

How To Crack WPA / WPA2 (2012)
The Feds can own your WLAN too
How To Crack WEP - Part 2: Performing the Crack
How To Crack WEP - Part 1: Setup & Network Recon
WEP Cracking...Reloaded

Amazon Top-Selling Wireless Routers