Hi All!

I'm a little puzzled about the following:

I used airodump-ng with command "airodump-ng --channel 6 -w wpa2 --bssid XX:XX:XX:XX:XX wlan1"

In a separate terminal I started aireplay-ng to force deauth and had it run simultaneously with airodump-ng.

I received the WPA handshake, stopped both airodump-ng and aireplay-ng

Started aircrack-ng with the wpa2*.cap and -w dictionary option

The password was found, BUT...... it was the PW of a station connected to the wifi AP, not that of the AP itself (the WPA/WPA2 PW to connect to the AP).

I was under the impression that above actions would give the PW for the AP, not that of a station connected to that AP.

Can anybody give any clarity about this?

Thank you.