I’ve just tried to learn hacking wifi with CommView. The first step is capture the handshakes. While listening to the AP, its SSID is shown but after capturing the packets and open the saved log file with Elcomsoft Wireless Security Auditor (EWSA), there are 4 entries of handshake data, but only 1 having Valid column of Yes. However this does not show the ssid (empty).
I’m not sure if that’s normal or simply there is something wrong with the captured handshake data (of course it’s due to the CommView)? Applying a dictionary attack on that data requires much time so I need to be sure that data is valid before spending much time attacking. As far as I know the SSID should be collected together with the captured handshake data because SSID is also used together with the user-friendly passphrase to create the WPA2 key on the AP.
I intend to rescan it for another handshake data but before doing so, I would like to get help from someone here. Thanks for your time.
What kind of protocol your attacking? Is it WEP or WPA/WPA2?
Generally in order to crack wireless password you should keep these things in mind:
1- you need a wireless card that supports packet injection alfa cards are awesome
2- microsoft windows is not a good platform for any kind of wireless hacking. Try to use kali linux instead, its even easier then windows
3- be ethical DO NOT attack to any access point that’s not yours.
If your target is not broadcasting ssid. You should find it during traffic capture. But it might not work some times because it will find ssid when a client associates with the AP. In this case you should send a deauth packet to the access point in order to force clients to re-associate.