Ethical Hacking

Cracking WPA | Capturing the four way handshake | 1/2

Start monitor mode

Boot up Kali Linux. Go to the terminal to begin running the aircrack-ng tool suite. Put your wifi adapter into monitor mode.

airmon-ng start wlan0

Where wlan0 is the name of your interface card. Check this by running,


When connected to a wireless network. There may be processes interfering in this starting. The program will inform you if there might be issues. Or run,

airmon-ng check kill

Start monitoring the frequencies

Start monitoring the radio frequencies around you by running,

airodump-ng wlan0mon

Where wlan1mon is your renamed wifi adapter. Check this again by running,


Select a channel

Select a channel, your own or someone else’s if you have permission,

airodump—ng -c [channel] –bssid [mac-address of intereface] wlan0mon -w [newFile]

Insert your chosen channel and MAC into the bracketed text. You will be saving the log for later analysis using the -w option. Insert the file name you would like to choose into the bracket text of newFile. Your current file location you started terminal in will be the location these files will be saved in.

Disconnect all clients

Now to check to see if your can disconnect clients, forcing them to re-authenticate.

aireplay-ng -0 0 -a [bssid] wlan0mon

Insert the MAC address of the broadcasting interface again. The beacons indicator will drop to 0, try to increase and then drop again. You will be looking for the message in the top right corner,

WPA handshake: 12:34:56:78:90:AB

Not successful? Sometimes it depends on the clients connected. Or, you may need to disconnect a specific client. In that case issue,

aireplay-ng – 0 0 -a [bssid] -c [mac-target address] wlan0mon -w [newFile]


You should now have a .cap file containing the hashed four way handshake. The next article will discuss using the aircrack-ng suite again to see if it can be cracked.

Leave a Reply

Your email address will not be published. Required fields are marked *