Troubleshooting Tips I Cannot Capture the Four-Way Handshake!
Troubleshooting Tips
I Cannot Capture the Four-way Handshake!
It can sometimes be tricky to capture the four-way handshake. Here are some troubleshooting tips to address this:
Your monitor card must be in the same mode as the both the client and Access Point. So, for example, if your card was in “B” mode and the client/AP were using “G” mode, then you would not capture the handshake. This is especially important for new APs and clients which may be “turbo” mode and/or other new standards. Some drivers allow you to specify the mode. Also, iwconfig has an option “modulation” that can sometimes be used. Do “man iwconfig” to see the options for “modulation”. For information, 1, 2, 5.5 and 11Mbit are 'b', 6, 9, 12, 18, 24, 36, 48, 54Mbit are 'g'. Sometimes you also need to set the monitor-mode card to the same speed. IE auto, 1MB, 2MB, 11MB, 54MB, etc. Be sure that your capture card is locked to the same channel as the AP. You can do this by specifying ”-c ” when you start airodump-ng. Be sure there are no connection managers running on your system. This can change channels and/or change mode without your knowledge. You are physically close enough to receive both access point and wireless client packets. The wireless card strength is typically less then the AP strength. Conversely, if you are too close then the received packets can be corrupted and discarded. So you cannot be too close. Make sure to use the drivers specified on the wiki. Depending on the driver, some old versions do not capture all packets. Ideally, connect and disconnect a wireless client normally to generate the handshake. If you use the deauth technique, send the absolute minimum of packets to cause the client to reauthenticate. Normally this is a single deauth packet. Sending an excessive number of deauth packets may cause the client to fail to reconnect and thus it will not generate the four-way handshake. As well, use directed deauths, not
I Cannot Capture the Four-way Handshake!
It can sometimes be tricky to capture the four-way handshake. Here are some troubleshooting tips to address this:
Your monitor card must be in the same mode as the both the client and Access Point. So, for example, if your card was in “B” mode and the client/AP were using “G” mode, then you would not capture the handshake. This is especially important for new APs and clients which may be “turbo” mode and/or other new standards. Some drivers allow you to specify the mode. Also, iwconfig has an option “modulation” that can sometimes be used. Do “man iwconfig” to see the options for “modulation”. For information, 1, 2, 5.5 and 11Mbit are 'b', 6, 9, 12, 18, 24, 36, 48, 54Mbit are 'g'. Sometimes you also need to set the monitor-mode card to the same speed. IE auto, 1MB, 2MB, 11MB, 54MB, etc. Be sure that your capture card is locked to the same channel as the AP. You can do this by specifying ”-c ” when you start airodump-ng. Be sure there are no connection managers running on your system. This can change channels and/or change mode without your knowledge. You are physically close enough to receive both access point and wireless client packets. The wireless card strength is typically less then the AP strength. Conversely, if you are too close then the received packets can be corrupted and discarded. So you cannot be too close. Make sure to use the drivers specified on the wiki. Depending on the driver, some old versions do not capture all packets. Ideally, connect and disconnect a wireless client normally to generate the handshake. If you use the deauth technique, send the absolute minimum of packets to cause the client to reauthenticate. Normally this is a single deauth packet. Sending an excessive number of deauth packets may cause the client to fail to reconnect and thus it will not generate the four-way handshake. As well, use directed deauths, not