Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

Wireless How To

Finding the Four-way Handshake

To make sure we captured a authentication handshake, we can use the network protocol analyzer Wireshark (formerly Ethereal). Wireshark allows us to view packet contents and sort by type of packet captured to pull out the WPA handshake.

Open up Wireshark (Backtrack > Privilege Escalation > Sniffers) and open the Kismet capture "dump" file (Kismet-<date>.dump) to view all the captured packets. The WPA four-way handshake uses the Extensible Authentication Protocol over LAN (EAPoL).

Using Wireshark, we can filter the captured packets to display only EAPoL packets by entering "eapol" in the filter field (Figure 7).

EAPoL filter applied to captured packets

Figure 7: EAPoL filter applied to captured packets

Here, we're basically looking for four packets that alternate source, client-AP-client-AP (I've highlighted them in red in Figure 7).

Now that we've confirmed that we've captured a four-way handshake it's time to perform the crack.

Amazon Top-Selling Wireless Routers

More Wireless

Featured Sponsors

Top Performing Routers

AC3200
AC2350
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

Will AC87U refresh CFE how to operate? What precautions! Which friends will say something in detail, CFE if the update fails, the router how to save?
I have strange issues with my new router and wan ip it gets. I live in MN and have comcast with Arris 722G modem. For some reason my wan gets an IP fr...
I am new to Merlin. It is a great firmware, simple and fast. Right now, I am trying to add a sound card to my router. I am wondering where could I fo...
Hi, I'm running john927's fork v12 (latest) on my good old rt-n16 and experiencing 100% CPU load: Mem: 74200K used, 52252K free, 0K shrd, ...
I am having a lot of packet loss and general outages on my internet. I currently have comcast and any hopes of having them fix this issue have been sh...

Don't Miss These

  • 1
  • 2
  • 3