Crack More Secure WPA Networks-Page-3
Obtaining the WPA hand shake
This is the most important part of the process, as it is the only thing that involves the users of the network. What we are trying to do is disconnect a client from the access point and then wait for them to reconnect. When they do this they have what is called a 4 way handshake; what we are trying to do is witness the handshake so that we can crack it and obtain the network key.
We do this by using aireplay-ng to kick the user offline and then wait for them reconnect. By doing this we can capture and analyse the handshake. Use the following command:
aireplay-ng --deauth 10 -a <bssid of access poin> -c <mac address of client> <interface>
In my example the bssid of my access point is 00:23:4E:55:B3:84 and the client i want to kick of is DE:03:74:C7:33:8E
--deauth means "deauthenticate" [kick off] the number after it defines how many times to do this, i set it at 10, but you only really need one.
So i will open a new window and leave airodump-ng running and in the new window type
aireplay-ng --deauth 10 -a 00:23:4E:55:B3:84 -c DE:03:74:C7:33:8E mon0
It will look like this:
If it is successful the airodump windows will be displaying the wpa handshake in the top right of the screen. You can see this in the image below.
If not successful, wait for a while, for the client to reconnect. If they do not reconnect then try deauthenticating a different client.