In the world of cybersecurity, understanding how WiFi networks work and how to protect them is crucial. One of the most important processes in testing the security of a WiFi network is capturing the WPA/WPA2 handshake, which is used to evaluate how strong the network password is. In this article, we will discuss in detail and ethically how to capture a WiFi handshake using Aircrack-ng, a powerful tool commonly used in distributions like Kali Linux.

Disclaimer: This article is for educational purposes only and to audit the security of your own or authorized network. Attacking a network without authorization is against the law.

What is a WiFi Handshake?

A WiFi handshake is a two-way authentication process that occurs between a router and a client when the client attempts to connect to a WPA or WPA2-protected WiFi network. The handshake contains encrypted information that, if captured, can be analyzed to obtain the network password for security testing purposes only, of course.

Why Use Aircrack-ng?

Aircrack-ng is a very popular open-source suite of tools for performing security audits on WiFi networks. With Aircrack-ng, you can:

• Scan wireless networks
• Capture packets and handshakes
• Perform dictionary attacks on passwords
• Analyze WiFi encryption strength

Steps to Capture WiFi Handshake with Aircrack-ng

Here are the detailed steps you can follow to ethically capture WiFi handshakes using Aircrack-ng.

1. Prepare the Right Environment

Before you start, make sure you have:

• Kali Linux (or other distributions that support Aircrack-ng)
• WiFi adapter that supports monitor mode
• Administrator/root privileges
• Valid permissions to audit WiFi networks

Recommended adapters: TP-Link TL-WN722N (version 1), Alfa AWUS036NHA

2. Enable Monitor Mode

The first step is to enable monitor mode on your WiFi adapter.

sudo airmon-ng check kill
sudo airmon-ng start wlan0

Replace wlan0 with your interface name. Use iwconfig to check it.

Once activated, the interface usually changes to wlan0mon or wlan1mon.

3. Scan Nearby WiFi Networks

Next, use airodump-ng to see nearby WiFi networks.

sudo airodump-ng wlan0mon

Wait a few moments until a list of networks appears. Note the BSSID (router MAC address) and Channel (CH) of the WiFi target you want to audit.

4. Focus Scan on One Network

Once you know the BSSID and channel, tell airodump-ng to scan only the target network:

sudo airodump-ng -c <channel> --bssid <BSSID> -w handshake wlan0mon

Note:

• -c: channel
• --bssid: MAC Address of target router
• -w: output filename that will store the handshake
• wlan0mon: interface monitor

For example:

sudo airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w handshake wlan0mon

5. Force Client Reconnect (Optional)

If no devices are actively connected, you can send a deauthentication packet to force the client to reconnect so that the handshake can be captured.

sudo aireplay-ng --deauth 10 -a <BSSID> wlan0mon

• --deauth 10: send 10 deauth packets
• -a: target router MAC address

After successful deauth, a handshake will appear if there is a client reconnect.

6. Check Handshake Successful or Not

If the handshake is successfully captured, you will see a notification like:

WPA handshake: AA:BB:CC:DD:EE:FF

You can also make sure the captured .cap file contains a handshake with a tool like Wireshark or command-line:

aircrack-ng handshake-01.cap

7. (Optional) Crack WPA/WPA2 Password

This step is not mandatory if your goal is only to test the handshake. However, if you want to test the strength of your password:

aircrack-ng -w /path/to/wordlist.txt -b <BSSID> handshake-01.cap

Use a wordlist like rockyou.txt or a custom list according to the local context of your network.

Tips and Best Practices

1. Always use this tool for ethical purposes.
2. Do not attack public or unauthorized networks.
3. Use captured handshakes to analyze how strong your own network encryption and passwords are.
4. Maintain privacy and ethics when using hacking tools.

Conclusion

Capturing WiFi handshakes using Aircrack-ng is the first step in testing the security of a wireless network. This process helps network administrators identify weaknesses in encryption settings and password strength. By understanding and practicing these steps ethically and legally, you can improve the security of your personal or organizational network.

Always remember that security is a shared responsibility, and using tools like Aircrack-ng should be done in good faith and responsibly.