how to understand a handshake
#1
Bug 
Im using wifite.py to get handshakes. Ive seen somewhere that people are using wireshark to check If they got googhandshake. I also used pyrit analyze command but still I dont know what should i expect... Maybe someone can explain. Ive already catched more than 50handshakes for different ssids but never cracked any of them. I think it is bad handshake rather than bad wordlist.
#2
What is the question exactly here? And please make it in reference to something about the hashcat program, you're on the hashcat forums after all.
#3
I thought it is easy question. I would like to know how to check if Handshake file Is actually good enough to Even have chance to use hashcat. I've been trying to use hashcat, oclhashcat and gui to find password in wpa handsqake but not matter what It always ends with nothing. That is why i think it is probably bad handshake file.
#4
What is the status report when you try to use hashcat to crack the handshake file?
Does the dictionary/mask that you're using contain the key that you want to crack?
#5
Status exhausted. Yes, dictionary contains key. So can anyone tell me how to recognize good and bad handshake file?
#6
A good handshake uses a firm, solid, but not overpowering grip. If it's all limp and sweaty then it's definitely a bad handshake.
#7
(12-30-2015, 11:57 PM)epixoip Wrote: A good handshake uses a firm, solid, but not overpowering grip. If it's all limp and sweaty then it's definitely a bad handshake.

hahaha.

(12-30-2015, 11:11 PM)12monkeys Wrote: Status exhausted. Yes, dictionary contains key. So can anyone tell me how to recognize good and bad handshake file?

assuming that you're using command line correctly for hashcat (which I have no way of knowing since you didn't provide any exact information about your problem, like actual status readings from the terminal or the actual command used to start the crack), then the only thing left to go wrong is that your .hccap file doesn't actually contain a handshake that can be cracked. so somewhere, something went wrong with the handshake capturing process.

there's only three elements to this problem 1) usage of the program 2) dictionary/mask 3) captured handshake. if two of them are correct and you're still getting bad results means the last is wrong.
#8
The only problem is handshake. When i use
Pyrit -r handshake.cap analyze
I always have different results. Im asking how many good and or workable results should i get. I wasthinking that at least first 2 pairs have to be good but i usually get 1good and 1 bad or 1 bad 1good and then 10 bad. Or justs bads...
So how many "good ones" do i need to get in handshake?
#9
this is a question for the pyrit forums (wherever they are), not here. your handshake question has nothing to do with hashcat.

but the short answer is as long as it shows 1 'good' handshake you should be good to go. if you see a lot of 'bad' handshakes but no 'good' then there's no guarantee that it'll work.
besides, when you run hashcat, the entire status update readout (which I asked you to provide but you seem very reluctant to) will also tell you which hash hashcat is trying to crack, as well as how many total hashes it found in the capture file you provide. that will give a big clue as to the quality and contents of your capture file.

if you want help, you're gonna have to give more useful information, especially when it's asked for.
#10
I didnt post status readout because i cant reach computer during week. Im writing from my phone. I might be able to give you that status tomorrow after work.
This is my first thread and posts here. I gotto tellyou guysthat you gave me hell of a welcome.