3

I'm using Mac OS X and I was able to sniff packet from my homeNetwork (in order to learn more about how things goes on).

I'm sending a deauth command to all my devices to disconnect them and then start sniffing. I've captured a handshake and I can tell that it's valid by testing it against aircrack-ng like on the image bellow.

But the problem is the missing ESSID that couldn't be verified even after using the suggested -e option.

Does anyone have an idea how to solve this?

enter image description here

This is the handshake .cap file if someone wanted to take a look at it. The ESSID is ooredooF00F62.

techraf
  • 9,141
  • 11
  • 44
  • 62
Med Abida
  • 211
  • 1
  • 7

1 Answers1

2

I just realized (with more research) that aircrack-ng needs a management frame containing the ESSID (it can be beacon/probe response/reassociation request) and two data frames containing the EAPOL messages. so i just captured a beacon frame from the AP and then used the wireshark's mergecap tool to merge the 2 .cap files (beacon.cap and eapol.cap) and that worked perfectly!

Med Abida
  • 211
  • 1
  • 7