Okay. I was hesitant to edit the original post any in case I altered it and made it illegible, so I went through it and listed the questions in this post (an "*" precedes each question):
In the original post, these first 3 questions are actually towards the end, but since they're the most important ones of the bunch, I've included them here as the first ones ( go to http://imgur.com/a/0RmjL and then scroll down to the 4th pic)...
* Looking at packet3... Is the "WPA Key Data: 12bfb55a99d08b44136c7fbf84075cebbec1d67fbf6b1f22.. ." entry the encrypted key that needs to be cracked before it can then be used to access the network?
* This is a continuation of the above question... The entry just above that one shows its data length to be 56. Using that info along with the fact that the WPA Key Data seems to be incomplete (because it ends with "...") prompts me to look at Wireshark's bottom pane where the Hex dump is. There, the WPA Key Data seems to be listed in its entirety. Unless I'm mistaken, isn't that WPA Key Data what I'll want (and need) to crack, to get the ASCII form of the password???
* This is also a continuation of the above question... If that's not the encrypted password that I'm wanting, to be able to successfully authenticate with the router, then where should I look for the correct one (this question and the above 2 questions are the most important two in the entire post)???
===
* This question is from the 1st paragraph in the OP (original post). There're no explicit "?"'s in that paragraph, but as I looked at it just now, I figured that I'd better fix any mis-understandings of them now if I can.
I nearly always see only WPA2-PSK & WPA networks while scanning. I have seen one WEP network, but it was rare (probably around 1 in 40 or 50), and I would think that I'll probably see less and less of those as time goes by, so I only concern myself with the WPA2-PSK & WPA networks.
In literature, nearly all of the sources that I've read list the two networks as being called either WPA2-PSK or WPA. So, after I was confident that I would be using the correct terms, I tended to use only the two terms "WPA2-PSK" & "WPA" to describe those two types of security.
But then just the other day, I was reading an article and it gave a broad description of those two types of security that left me scratching my head a bit. Knowing what little bit I knew as of then, and also trying to reconcile what the article was saying, I began questioning the types of network security that do exist.
So, those questions would be:
Is there such a network security type that is termed "WPA" (without the "-PSK" suffexed to it)?
Is there such a network security type that is termed "WPA-PSK"?
Is there such a network security type that is termed "WPA2" (without the "-PSK" suffexed to it)?
Is there such a network security type that is termed "WPA2-PSK"?
The above four questions probably seem trivial to experts. The reason I ask them in the manner that they are written is because sometimes it seems as if some sources use network security terms either just a little bit incorrectly, or I am just mistaken in the way that I've interpreted things so far. See, I was of the impression that there is just WPA2-PSK or WPA but, once I seen an article put it as "WPA-PSK", I began to wonder if I had had it all wrong up to that point, because I've never seen a network security listed as being "WPA-PSK" in all of the captures that I've done (quite a lot of captures to me, but that amount would probably seem like a drop in the bucket to veterans). So, I'm just trying to poke holes in my understanding of them, so that I can get rid of any mistaken perceptions.
* This question is mostly one of curiosity, but I don't think that it's a real important one. While writing the OP, I just noticed myself wondering about it for about the 10th time and wanted to know the answer to it if I could find one (sort of like swatting a bee that keeps hovering around you but not really doing any harm - it's just annoying after awhile).
In the OP, at around the 7th paragraph down, where it reads, "...Destination field is empty for those four packets..." - Why is the Destination field for those four packets empty?
What I mean is that when I navigate to http://imgur.com/a/0RmjL and then look at the top image (the one with the caption "The screenshot of an initial WPA2-PSK handshake."), I keep noticing that the four packets (# 167,168,169,&170) have an empty "Destination" field (the 3rd column from the left). For instance, the "Source field list has entries in it but the "Destination" field is emtpy for those four packets. I would expect the "Destination" field for those four packets to contain the same entries that're in the "Source" field, just in the opposite alternating order, but for some reason the "Destination" field is empty for those packets even though they are showing up in the Wireshark capture. Why is the "Destination" field for these four EAPOL packets empty?
* This is the question in the OP that starts around the 8th paragraph ("So, after looking through the Wireshark capture..."). By looking at the pic captioned "packet1" (> http://imgur.com/a/0RmjL > 2nd pic down captioned "packet1").
Looking at the middle pane in that pic, at the "WPA Key Nonce: f2ba914be4b17a807d7b2db61e1f814e47f97d334e6bf718.. ." entry... Is that the part of the handshake process where the AP sends a nonce value to the STA, and then the STA can make a pairwise transient key?
* Taking a look into the second packet (> http://imgur.com/a/0RmjL > 3rd pic down, where caption = packet2)... Is the "WPA Key Nonce: d28cd01c5983d08156ffb305cf86d01810e5ac804e0f4d6c.. ." entry (the 6th entry above the highlighte entry, in the middle pane)... Is that entry the nonce value that the STA sends to the AP (along with an MIC - but the MIC is not included in this particular entry)?
* Also looking at the pic where caption = packet2... Looking at Wireshark's top pane, I'm thinking that the Source = 86:1b:5e:42:b3:27 must be the router (since that's the AP), and that Source = IntelCor_e0:85:dd must be the device that I was authenticating on (since that's the STA)?
This question arises because I'm just wanting to confirm or deny if my thinking is correct that the AP is often times the router, and the STA is the client (or the machine that you deauthenticate, so that it then reauthenticates allowing you to capture a handshake).
* Also looking at the pic where caption = packet2... Is the "WPA Key MIC: 9679ad0d48a613488e68577dadc970cf" entry (in the pic, it's 2 up from the highlighted entry, in the middle pane) the MIC that's referred to in the following excerpt?
[excerpt --->] "2) The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code: (MAIC)."
* Also looking at the pic where caption = packet2... Is the "WPA Key Data: 30140100000fac040100000fac040100000fac020000" entry (the highlighted one in the middle pane) the PTK?
I was thinking that it might be, although I don't remember ever reading that the PTK gets exposed over the airwaves? Or, maybe I'm just confusing the PTK with the PMK, and the PMK doesn't get shared over the network much, whereas the PTK might?
* Finally, we reach the 3rd packet (caption = packet3). From what all I've learned about it so far, I think that this packet might be the encrypted key that needs to be cracked in order to gain access to the network (correct me if I'm wrong)?
* Also looking at packet3... Is this the step in the handshake process where the AP sends the GTK (and a sequence number together with another MIC)?
* Also looking at packet3... Is the "WPA Key Nonce: f2ba914be4b17a807d7b2db61e1f814e47f97d334e6bf718.. ." entry the GTK data?
* Also looking at packet3... Is the "WPA Key MIC: ed8747d1f66d53e05c80171290e6a377" the MIC data that's referred to by the following excerpt?
[excerpt --->] "3) The AP sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection."
===
Please don't hesitate to ask me to clear up anything else about this post or the original post. I'm pretty familiar with looking at the capture, so that I probably don't pick up on some things that may be confusing to others. I tried to be somewhat organized when writing the OP (original post), but it became so long that the organization for it that I had in mind at the onset quickly went to the wayside.
Give a man a fish and you feed him for a day. Don't give a man a fish and feed yourself instead. He's a grown man. And fishing's not that hard.