Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Finding the Four-way Handshake

To make sure we captured a authentication handshake, we can use the network protocol analyzer Wireshark (formerly Ethereal). Wireshark allows us to view packet contents and sort by type of packet captured to pull out the WPA handshake.

Open up Wireshark (Backtrack > Privilege Escalation > Sniffers) and open the Kismet capture "dump" file (Kismet-<date>.dump) to view all the captured packets. The WPA four-way handshake uses the Extensible Authentication Protocol over LAN (EAPoL).

Using Wireshark, we can filter the captured packets to display only EAPoL packets by entering "eapol" in the filter field (Figure 7).

EAPoL filter applied to captured packets

Figure 7: EAPoL filter applied to captured packets

Here, we're basically looking for four packets that alternate source, client-AP-client-AP (I've highlighted them in red in Figure 7).

Now that we've confirmed that we've captured a four-way handshake it's time to perform the crack.

More Wireless

Featured Sponsors




Top Ranked Routers

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

As an exercise, I put the latest 380.7266 on my AC88U.It seems very stable and I have no issues with it - except for the lack of Merlin features.Espec...
with merlin 380.65 it seems trendmicro is going out to asus.trendmicro.com or similar several times an hour every hour. no I have all the trendmico st...
Just want to say thanks to @thiggins for hosting this community - also to the frequent and not-so-frequent posters..We've shared a lot of knowledge an...
I have an Asus RT-AC66U router with the latest 380.65 Asuswrt-Merlin FW installed. I want to use VPN server functionality of the router.I configured O...
So tonight I turned on logging BOTH in the firewall menu and I am receiving this approx every 15-20 min. When I start surfing the web (like researchin...

Don't Miss These

  • 1
  • 2
  • 3