WEP and WPA Cracking in Kali

Download the official aircrack sample files:

  • test.ivs: a 128-bit WEP key file containing initialization vectors
  • wpa.full.cap: a file containing a successful connection/four-way handshake
  • wpa.cap: a file containing a WPA handshake
  • wpa2.eapol.cap: a file containing a WPA2 handshake
  • password.lst: a dictionary file

Analyze a Four-Way WPA Handshake in Wireshark

Verify that a four-way handshake is actually captured in the capture file.

wireshark wpa.full.cap

This opens the file in Wireshark. To crack WPA using a dictionary, the four critical packets required by aircrack-ng are the four handshake WPA packets. To find these in Wireshark, use the following as the filter:


Analyze these packets. Notice that the four-way handshake was initiated by the first packet. The first pair of packets has a replay counter of 1. The second pair has a replay counter of 2. Packets with the same replay counter value are matching sets. You must have matching pairs to be able to perform a dictionary attack.

WEP Cracking in Kali

Using the provided test.ivs file, run statistical (KoreK) attacks (no dictionary files needed).

aircrack-ng -K test.ivs

If there are multiple networks in the capture file, there is an option to select which one to try to crack. In the provided file, there is only one network, so this option is not displayed. By default, aircrack-ng assumes 128-bit encryption.

WPA Cracking in Kali

Run a dictionary attack on the wpa.cap packet capture file using aircrack.

aircrack-ng wpa.cap -w password.lst

WPA2 Cracking in Kali

Run a dictionary attack on the wpa2.eapol.cap packet capture file using aircrack.

aircrack-ng wpa2.eapol.cap -w password.lst