Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Cracking Wi-Fi Protected Access (WPA), Part 2

Cracking Wi-Fi Protected Access (WPA), Part 2

Article Description

Concluding his two-part series, Seth Fogie describes in detail how WPA-PSK can be cracked.

Like this article? We recommend

Network Security Fundamentals

Network Security Fundamentals


Finding the SSID

In typical wireless networking, learning the SSID is as easy as enabling your wireless network card. Most wireless client programs include a rudimentary scanner that can detect open wireless networks, and most include more advanced detail about the type of encryption and signal strength. However, if the wireless network is not broadcasting is SSID, you'll need to do one of three things:

  • "Social engineer" the SSID from a user. This method isn't technical in nature; many people love to help others in need.
  • Using a program such as Kismet, monitor the traffic for an extended period of time. Assuming that the WLAN has numerous users, the SSID will be passed the next time a user sends out a probe for the network. This can take some time if there's only one user, who is already connected to the WLAN.
  • Use a program such as such as void11, wlan_jack, or essid_jack that causes the user to be completely disconnected (de-authenticated) from the network. If disconnected, a wireless device automatically attempts to re-authenticate, which causes the SSID to be sent over the air in plaintext.

Regardless of how you obtain the SSID, it's essential to the cracking process due to its use in converting the PSK into a PMK.

5. The Achilles Heel | Next Section Previous Section