Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

Wireless How To

Finding the Four-way Handshake

To make sure we captured a authentication handshake, we can use the network protocol analyzer Wireshark (formerly Ethereal). Wireshark allows us to view packet contents and sort by type of packet captured to pull out the WPA handshake.

Open up Wireshark (Backtrack > Privilege Escalation > Sniffers) and open the Kismet capture "dump" file (Kismet-<date>.dump) to view all the captured packets. The WPA four-way handshake uses the Extensible Authentication Protocol over LAN (EAPoL).

Using Wireshark, we can filter the captured packets to display only EAPoL packets by entering "eapol" in the filter field (Figure 7).

EAPoL filter applied to captured packets

Figure 7: EAPoL filter applied to captured packets

Here, we're basically looking for four packets that alternate source, client-AP-client-AP (I've highlighted them in red in Figure 7).

Now that we've confirmed that we've captured a four-way handshake it's time to perform the crack.

More Wireless

Featured Sponsors

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Top Performing Routers

AC3200
AC2600
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

I know Merlin doesn't touch the Dual Wan Code, but I still want to ask if someone could help me here. I simply can't get Dual Wan to work. The Seconda...
Hello, i run the following setup at home Thomson THG571 (cable modem) Linksys e4200 (router) ASUS EA-N66 (one floor below router for living room pc) ...
I have an RT-AC88U with a VDSL ISP (primary on WAN) and a cable ISP (secondary on ethernet 1) connection in failover mode. I have found that it doe...
Hi, So when built my house I went crazy with the wired cabling. I put multiple ports in each room and ran them to a central closet. There are 36 wi...
Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credent...

Don't Miss These

  • 1
  • 2
  • 3