Handshake capture with Airodump-ng and Aireplay-ng
You can easily view the Handshake with the help of Airodump and Airplay programs pre-installed on Kali Linux.
The process is relatively easy. It will be done with Airodump through which we will monitor all the wireless access points in the area, to do deauthenticate, and then we will use the programs Airodump-ng and Aireplay.
Your computer has many network adapters, so to scan one, you need to know its name. Here are the basic adapters you need to know:
- lo - loopback. (you do not need it at the moment)
- eth0 - ethernet (wired connection)
- wlan0 - Wireless connection (what we really need)
Now, to see the configuration of your wireless adapter, type “iwconfigAt the same terminal.
If wlan0 does not appear while you have a Wi-Fi card installed, then you are more likely to use Kali as a virtual machine. Unfortunately, virtual machines cannot use internal wireless network cards, and you will need to use an external card such as Alfa or Tp-Link.
Now the first step is to create a virtual interface for wlan0 that will monitor all packages.
Mandate: airmon-ng start wlan0
A new interface i.e. Wlan0mon will be created in monitoring mode.
Now, we will use airodump-ng to capture packets. This tool collects data from wireless packets within our Wi-Fi range. So you find the Wi-Fi name you want to check.
Mandate: airodump-ng wlan0mon
The next step is to save the downloaded packages to a file using the same airodump tool by typing the following command:
Mandate: airodump-ng mon0 -w
Now copy the bssid address of your target network (from the airodump-ng ng screen) and launch a deauthentication attack by typing the aireplay-ng command as shown below:
Mandate: aireplay-ng –deauth 0 -a wlan0mon0
In case you have problems with the monitoring function from one channel to another or a problem with the beacon, then fix wlan0mon on a specific channel by typing:
Mandate: airodump-ng mon0 -w -c
Replace it number > with the channel in which your target AP is located.
Once a client is disconnected, the handshake will appear in the previous terminal as shown below:
You can even confirm this by typing the following command: