Download the official aircrack sample files:
- test.ivs: a 128-bit WEP key file containing initialization vectors
- wpa.full.cap: a file containing a successful connection/four-way handshake
- wpa.cap: a file containing a WPA handshake
- wpa2.eapol.cap: a file containing a WPA2 handshake
- password.lst: a dictionary file
Analyze a Four-Way WPA Handshake in Wireshark
Verify that a four-way handshake is actually captured in the capture file.
wireshark wpa.full.cap
This opens the file in Wireshark. To crack WPA using a dictionary, the four critical packets required by aircrack-ng are the four handshake WPA packets. To find these in Wireshark, use the following as the filter:
eapol
Analyze these packets. Notice that the four-way handshake was initiated by the first packet. The first pair of packets has a replay counter of 1. The second pair has a replay counter of 2. Packets with the same replay counter value are matching sets. You must have matching pairs to be able to perform a dictionary attack.
WEP Cracking in Kali
Using the provided test.ivs file, run statistical (KoreK) attacks (no dictionary files needed).
aircrack-ng -K test.ivs
If there are multiple networks in the capture file, there is an option to select which one to try to crack. In the provided file, there is only one network, so this option is not displayed. By default, aircrack-ng assumes 128-bit encryption.
WPA Cracking in Kali
Run a dictionary attack on the wpa.cap packet capture file using aircrack.
aircrack-ng wpa.cap -w password.lst
WPA2 Cracking in Kali
Run a dictionary attack on the wpa2.eapol.cap packet capture file using aircrack.
aircrack-ng wpa2.eapol.cap -w password.lst