If you use the -f switch, however, William picks the first handshake message by working forwards from the start of the capture.
Park that problem for now and note the WPA Key MIC value above instead.We can close both windows at this point, and open a new one.(In my experiments, using Airbase against clients as opposed to sniffing legitimate 4-way handshakes tended to make noisier dragon ball z games tpb capture files.) As a client-side attack, only the first 2 of the 4 messages in the 4-way handshake were captured (but thats enough for Aircrack to work.Now that we know the password, lets test.For our next step we type in, airodump-ng c channel -w name bssid bssid mon0.out_file in_file 2) it picks the 2nd instance of a second handshake message and works backwards to find the first handshake message.So open up a new terminal window and type this command out: aircrack-ng -a2 -b router bssid -w path to wordlist /root/Desktop.cap -a is the method aircrack will cleanmymac 2 cracked version use to crack the handshake, 2WPA -b stands for bssid, replace router bssid with the bsid.Type ls; that should list the files in the current directory.More OS and platforms supported.If no card is listed, try disconnecting and reconnecting the card and check that it supports monitor mode.So even if you have the correct first and second handshake packets, without the correct ssid Aircrack will fail.The number is an ordinal reflecting the position of the first message in the capture file so, as William works backwards from the second message, the number starts high and counts down.As noted above, its possible that your capture file contains duplicate messages.The (monitor mode enabled on mon0) message means that the card has successfully been put into monitor mode.A wordlist to try and crack the handshake password once it has been captured.So my complete command will look like this: aircrack-ng -a2 -b 02:13:37:A5:0E:6D -w /root/wpacrack.mth_packet_2 nth_packet_1 -f -a -A dict_file -d m mth second packet of 4-way handshake (default 1) n nth first packet of 4-way handshake that precedes the chosen second packet (default 1) -f seek first message from start of capture working forwards -a pair up ALL.
For those of you who didnt understand that reference, #GameOfThrones!