I cannot find a way to get a Handshake from my own wireless network, which has a WPA2 encryption. Please, note that this is not the first time I do this at all. In fact, I've captured tons of Handshakes, even when I did not have any idea of what I was doing. My goal is to isolate every possible reason of the capturing failure.

I'm running Kali Linux OS, installed on my hard disk. My network card is an alfa awus036h, whose chipset is rtl8187. I execute the following commands:

airmon-ng start wlan1
ifconfig wlan1 down
airodump-ng -c 3 --bssid <my_router_mac> -w cap mon0
Obviously, my alfa card does support injection. Anyway, I check it by executing
aireplay-ng -9 mon0
Once I've started sniffing, I try to disconnect manually from the network either my laptop connection with wlan0 interface (which is an Atheros integrated card), my Android phone or a Windows computer.

However, airodump does not show the Handshake found notification at all, even I've been sniffing during more than an hour.

Additional precautions:
  • I've did those disconnection/connection test while I'm sniffing from several rooms. One of them gets a power range of [-25, -40], and the other room gets [-40,-55] approximately.
  • I've read is possible that airodump got a full Handshake but it doesn't show the notification. So, to be sure, it's recommended to check it by executing
    cowpatty -c -r <cap_file>
    . Its output says there is not a complete four-way handshake, so I believe I'm actually not getting the handshake.
  • Also tried to send deauthentication packets to the Android client with
    aireplay-ng -0 10 -a <my_router_mac> -c <android_phone_mac> mon0,
    which I did achieve to disconnect when the android phone was close enough to my pentesting laptop. I don' think the way of connecting/disconnecting (manually or by deauth packets) matters in this case.

Do you know any reason why it is not working?

Thank you!