How to extract WPA handshake from large capture files
Sometimes you have a very large capture file and would like to extract the WPA/WPA2 handshake packets from it to a separate file. The can be done with “tshark” which is a command line version of the Wireshark suite. Installing the linux version of the Wireshark suite on your system should also install tshark.
**NOTE** This article is outdated please read this article instead for a much easier method for extracting WPA handshakes for specific SSID’s from large WPA/WPA2 capture files.