Is handshake capturing dead?

[Pilsener]

I have tried several tools for capturing handshakes, but it seems like it's not possible anymore.
Hours and days of listening still does not provide a handshake.

Are routers being protected against this nowadays?

[ZerBea]

Yes, a state of the art router is protected against stupid de-authentication attacks.
https://arubanetworking.hpe.com/techdocs...tures/pmf/
Old school tools that do not take care about this will fail, because their transmitted stupid de-authentication frames are ignored by router and client.

But attacking such state of the art targets (MFP activated, WPA2/WPA3 transition mode) is possible.
For my adapter tests I use state of the art routers (MFP activated, WPA2/WPA3 transition mode activated). It only takes a few seconds to retrieve the data hashcat can work on:
https://github.com/ZerBea/hcxdumptool/discussions/361

If a downgrade attack was successful, you will get a WPA2 EAPOL M2 (AP-LESS) from the client and hashcat can work on it:
https://wpa-sec.stanev.org/?search=00234ae8ef8e

A successful attack is highly dependent on:
- the Linux kernel and the supplied drivers with full monitor mode and full packet injection support (https://www.kernel.org/)
- the WiFi adapter (not all of them are working as expected)
- the tools to perform such an attack

In other words:
If you run an outdated Linux kernel (with outdated drivers) which is not longer part of this list https://www.kernel.org/ and a WiFi adapter which is known to have problems with full monitor mode and full packet injection (e.g. Intel chipset) and an attack tool that stupid injects de-authentication frames you will fail epically.

Unfortunately you didn't mention this:
- the version of your Linux kernel
- the type of your WiFi adapter
- the tool and the exact command line you have used

[Pilsener]

I use The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) 2025.2
Adapter is Alfa AWUS036NH.
So far, I have tried Wifite 1 and 2 and ye olde Aircrack-ng suite.
Airodump-ng -c 1 --bssid xx:xx:xx:xx:xx -w outputfile wlan0mon
Wifite has been run with/without WPS options, and different timing settings, but with the same result.

No expert setup, but I have been able to get some handshakes earlier.
Any advice is appreciated.

[ZerBea]

By default, K A L I Linux is not well configured and it is mandatory to customize it.

The ALFA AWUS036NH is a good adapter. Unfortunately it is EOL:
https://www.alfa.com.tw/products/awus036...2924052552
I've tested it and it is working as expected:
https://github.com/ZerBea/hcxdumptool/di...nt-7553504

airodump-ng and aireplay-ng have not received updates since two years:
https://github.com/aircrack-ng/aircrack-...irodump-ng
https://github.com/aircrack-ng/aircrack-...ireplay-ng

Most of these scripts are outdated since a long time and nearly all scripts (like wifite) are running airodump-ng/aireplay-ng in background to attack a target. If aireplay-ng fails, the scripts fail too:
https://github.com/derv82/wifite2

Additional several scripts are running outdated tools like iwconfig and ifconfig:
https://dougvitale.wordpress.com/2011/12.../#iwconfig
This outdated tools use WIRELESS EXTENSIONS (WEXT) which is not longer recommended:
https://wireless.docs.kernel.org/en/late...sions.html

If you want to use hashcat to recover the PSK of a WPA1/2 network, than this is a good starting point:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2


But to answer your initial question: "Is handshake capturing dead?"
Yes it is
- if you don't know what you are doing
- if you are running outdated tools
- if you use scripts that you don't know what they do
- if you use default settings or the default configuration

[Pilsener]

Thank you.
I'll start reading.