0002199: no handshake shown in airodump - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0002199	Kali Linux	Kali Package Bug	public	2015-04-03 15:05	2015-04-03 21:58

Reporter	mikepratt	Assigned To	muts
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	1.1.0

Summary	0002199: no handshake shown in airodump
Description	When running airodump - airodump-ng -c (channel) -bssid (bssid of AP) -w /root/Desktop (monitor ID) - no hand shake capture is identified (typically, this would be something like - WPA handshake: (station bssid) ), as typically appears at the end of the first line in the terminal output, replacing the - fixed channel (channel ID) -1 - text. Occasionally, the handshake text and station bssid will 'flash' on as expected for about 1/5 of a second, then return to the - fixed channel - text. Most times, nothing is shown but the - fixed channel text. The handshake is indeed captured and stored in the appropriate files, as it is available in subsequent aircrack-ng execution, as expected. So, handshakes are indeed getting captured, they are just not showing up in airodump as expected (except fro the occasional brief flash). This makes it difficult if not impossible to tell if you've actually captured a handshake, of course - at least while running airodump.
Steps To Reproduce	Just run airodump, as all documentation and video demos illustrate.
Additional Information	This is a Kali guest, running on a VMware Player Win7 pro host, on an i5 laptop. It was built with the "Official Offensive Security Kali Linux VMWare Image" - version 1.1.0b. Using an alfa AWUS036NHA adapter. No additional packages, or changes to the source.list. I see this issue in the community BB under searches for "handshake" in a couple of threads, but did not find a bug being tracked with a search for "handshake" in bug tracker, so I'm putting this in. I am surprised it's not previously been logged, but maybe I' just missed it somehow. If so, of course, merge/delete.

mikepratt 2015-04-03 17:31 reporter ~0003205	An Update: I have tried this very same execution on an xubuntu VM guest on the same VMware host, and have observed the same results. So, I would assume this means I have an issue with either the VMWare environment on this host, or an issue with the alfa AWUS036NHA adapter. I don't have a native linux box handy to test, but I will test the alfa AWUS036H adapter, which is the "recommended" adapter on the Offensive-Security website. Will post after that adapter test.

mikepratt 2015-04-03 17:57 reporter ~0003206	A further update: On a lark, I tried running airodump with the --ignore-negative-one option, and it now performs as expected! Although nothing in the airodump Docs, or any of the guides/demos I've been able to find suggests this would be an issue/solution, it does seem to work, with this option selected. So, maybe this points to an bug in the aircrack-ng app? Seems unlikely, as I don't think it's been changed in a while... When a wizard reviews this, I'm sure they'll know where the problem must lay...

muts 2015-04-03 21:58 reporter ~0003207	Sounds like this should be reported in the aircrack-ng bugtracker rather than the Kali Linux one. This is not something we are going to chase independently.

Date Modified	Username	Field	Change
2015-04-03 15:05	mikepratt	New Issue
2015-04-03 17:31	mikepratt	Note Added: 0003205
2015-04-03 17:57	mikepratt	Note Added: 0003206
2015-04-03 21:58	muts	Note Added: 0003207
2015-04-03 21:58	muts	Status	new => closed
2015-04-03 21:58	muts	Assigned To	=> muts
2015-04-03 21:58	muts	Resolution	open => no change required