Handshake not recording

Question

I am trying to crack wireless WEP password of my wireless AP.

When I enable monitor mode and issue this command:

root#airodump-ng -w TESTFILE1 -c 1 --bssid 68:72:51:58:A3:14 wlan0mon

No handshake is recorded. I disconnect or connect any client with that AP, and when I start aireplay to deauthenticate client it simply disconnects the mentioned client and does not allow to connect until I stop aireplay.

What can be the reason for not recording handshake?

My wireless adapter is broadcom IEEE 802.11bgn.

my signal strength is good enough to capture handshake, as i created a test environment so all devices are place together. — Usman, May 03 '17 at 09:42

OscarAkaElvis · Answer 1 · 2017-05-02T11:57:42.783

Handshakes are different for WEP networks. The handshake you expect to capture is the "four way handshake" and that is only existing on WPA and WPA2 networks.

On WEP networks the handshake is different, is a challenge response handshake. This is how it works on WEP networks:

In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Any client can authenticate with the Access Point and then attempt to associate. In effect, no authentication occurs. Subsequently, WEP keys can be used for encrypting data frames. At this point, the client must have the correct keys.

In Shared Key authentication, the WEP key is used for authentication in a four-step challenge-response handshake:

The client sends an authentication request to the Access Point. The Access Point replies with a clear-text challenge. The client encrypts the challenge-text using the configured WEP key and sends it back in another authentication request. The Access Point decrypts the response. If this matches the challenge text, the Access Point sends back a positive reply.

On WPA/WPA2 networks is working in a different way. Look at this:

WPA

Extracted from here. On that link there are a lot of more info about it.

To crack a WPA/WPA2 key you need to capture the 4 way handshake, but for WEP is not needed. The WEP algorithm is bad designed and with enough captured traffic you can get the key. There are a lot of tools which can manage all of this (capturing WPA/WPA2, WEP decrypting, etc). I'll recommend to you this complete tool: airgeddon.

Hope it helps.

actually i also try to capture handshake with WPA and as well WPA2, but same result no handshake recorded. — Usman, May 03 '17 at 09:46

score 0 · Answer 2 · answered May 02 '17 at 20:34

0

Answering your question, you can't capture it because there is none (At least not the one in WPA/2 called Four-way Handshake).

Given the tag and your description you want to crack the WEP key for your own AP, so the best way to do this is to capture the Initialization Vectors (IVs) and use any crack tool to get it.

You can try something like this root#airodump-ng -w TESTFILE1 --ivs -c 1 --bssid aa:bb:cc:dd:ee:ff wlan0mon

Then in another console (You can also pipe it) you can try to crack it.

root#aircrack-ng -a 1 TESTFILE1.ivs

answered May 02 '17 at 20:34

Azteca

1,116
7
16

dear i am doing the same way already as you mentioned above but nothing happened. – Usman May 03 '17 at 09:51
You need to get enough IVs, the more you get, the more chances on cracking the key, one way to generate more keys is with more traffic, you can force ARP request with an ARP replay attack `aireplay-ng -3 -b aa:bb:cc:dd:ee:ff -h 00:11:22:33:44:55 wlan0mon` where the mac with the numbers is an auth client (spoof someone already associated) and the one MAC with the letters is the AP. – Azteca May 03 '17 at 16:06

score 0 · Answer 3 · edited May 30 '17 at 06:49

0

Some wifi routers are very strict they create trouble during capturing handshake as I also have experience this problem. You should try again with proper network coverage (50%+) or if you want, there are many apps to crack wifi password mainly for WEP as this encryption is not strong and you can easily get password of WEP protected wifi.

edited May 30 '17 at 06:49

schroeder

123,438
55
284
319

answered May 30 '17 at 06:45

Abhi Singh

1

your 2 answers both have links that point to the same blog - please note that we frown upon promoting personal blogs here - put your relevant points in your answer – schroeder May 30 '17 at 06:50
:( that link is relevant :( – Abhi Singh May 30 '17 at 07:14
Then include the relevant points from the link *in your answer*. Do not use this site as a forwarder for your own personal blog. – schroeder May 30 '17 at 08:12

Handshake not recording

3 Answers3