For WPA dictionary attacks, you need to capture the authentication
handshake between a valid client and the access point. I have done
this for wireless assessments by sending a deauthentication packet
targeted to the specific client BSSID. Once the client disconnects
and reconnects to the AP, you have your WPA handshake.
Erik
On Jun 14, 2006, at 12:59 AM, Daren wrote:
So what is the min # of data packets before you can start a bruteforce wordlist attack?
Thanks
Daren
PS has anyone successfully been able to break a wpa with a wordlist attack....using Kismac that is.