Finding the Four-way Handshake
To make sure we captured a authentication handshake, we can use the network protocol analyzer Wireshark (formerly Ethereal). Wireshark allows us to view packet contents and sort by type of packet captured to pull out the WPA handshake.
Open up Wireshark (Backtrack > Privilege Escalation > Sniffers) and open the Kismet capture "dump" file (Kismet-<date>.dump) to view all the captured packets. The WPA four-way handshake uses the Extensible Authentication Protocol over LAN (EAPoL).
Using Wireshark, we can filter the captured packets to display only EAPoL packets by entering "eapol" in the filter field (Figure 7).
Figure 7: EAPoL filter applied to captured packets
Here, we're basically looking for four packets that alternate source, client-AP-client-AP (I've highlighted them in red in Figure 7). 
Now that we've confirmed that we've captured a four-way handshake it's time to perform the crack.
Related Articles
-
How To Crack WPA / WPA2 (2012)
- The Feds can own your WLAN too
Support Us!
If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!Don't Miss These
-
Wi-Fi 6 Performance Roundup: Five Routers Tested
Read More
We take a look at how five Wi-Fi 6 routers perform with a Wi-Fi 6 client. -
First Peek At Wi-Fi 6: ASUS RT-AX88U & NETGEAR RAX80
Read More
Updated - Our first look at the performance of NETGEAR's RAX80 and ASUS' RT-AX88U shows little benefit functioning as AC routers. -
160 MHz Wi-Fi Channels: Friend or Foe?
Read More
Updated - 160 MHz channel bandwidth is an essential feature of 802.11ax. We take a look at whether it means trouble for your 11ac network. -
Wi-Fi Roaming Secrets Revealed
Read More
Ever wonder what happens behind the scenes when Wi-Fi devices roam, or more likely don't? We'll show you why the "seamless" roaming Wi-Fi gear makers promise is still as elusive as a Yeti.
- 1
- 2
› ‹ - The Feds can own your WLAN too