Handshaking is done when the client connects to the network.Īlthough not absolutely true, for the purposes of this tutorial, consider it true. The only thing that does give the information to start an attack is the handshake between client and AP. That is, because the key is not static, so collecting IVs like when cracking WEP encryption, does not speed up the attack.
Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. This is the approach used to crack the WPA/WPA2 pre-shared key. There is another important difference between cracking WPA/WPA2 and WEP. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, don't bother trying to crack it. aircrack-ng can ONLY crack pre-shared keys. WPA/WPA2 supports many types of authentication beyond pre-shared keys. The WPA Packet Capture Explained tutorial is a companion to this tutorial. This is the link to download the PDF directly. The best document describing WPA is Wi-Fi Security - WEP, WPA and WPA2. The Wiki links page has a WPA/WPA2 section.
I recommend you do some background reading to better understand what WPA/WPA2 is. This tutorial walks you through cracking WPA/WPA2 networks which use pre-shared keys.
