Wi-Fi is convenient precisely because it broadcasts through the air — which is also
why it needs strong encryption. This lesson explains how Wi-Fi and its security standards work, and shows
you how to test the strength of your own Wi-Fi password.
Your own network only — no exceptions
Capturing or attacking Wi-Fi you don't own is illegal in Zambia and worldwide, even “just to
test.” Everything here is for auditing a network you personally own and control.
Testing a neighbour's, an employer's, or a public network without written permission is a crime.
How Wi-Fi works (simply)
A wireless access point (your router's Wi-Fi part) broadcasts a network name
(SSID) over radio. Devices join by proving they know the password, after which traffic is
encrypted so nearby listeners can't read it.
Analogy — Talking in a crowded room
Wired networking is like passing notes hand to hand. Wi-Fi is like speaking out loud in a crowded
room — everyone nearby can hear the sound. Encryption is agreeing to speak a secret language
only you and your friend understand, so the words are useless to eavesdroppers. A weak password is a
language that's easy to guess.
The security standards (know the timeline)
Standard
Verdict
Why
WEP
Broken — never use
Fundamentally flawed; crackable in minutes
WPA
Outdated
A stop-gap; superseded
WPA2
Still common, decent
Strong if the password is long & random
WPA3
Current best
Resists offline guessing; use it where available
The single best Wi-Fi defence
A long, random passphrase (think 5+ random words) plus WPA3. Most real-world Wi-Fi “hacks”
are just password guessing — so a strong password defeats them outright.
Tool deep dive: the aircrack-ng suite
aircrack-ng is a collection of tools for auditing Wi-Fi, included in Kali. Auditing your
own network answers one question: “is my password strong enough to resist guessing?”
You need a Wi-Fi adapter that supports “monitor mode” (listening to nearby radio).
The audit workflow (on your own AP)
$sudo airmon-ng start wlan0 # 1. put your adapter into monitor (listening) mode$sudo airodump-ng wlan0mon # 2. list nearby networks; find YOUR own SSID + channel$sudo airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w mycap wlan0mon
# 3. focus on YOUR access point and record to files named "mycap"# 4. reconnect one of YOUR OWN devices so a "handshake" (the login proof) is captured$aircrack-ng -w wordlist.txt mycap.cap
# 5. test your captured handshake against a wordlist to see if a common password would fall
What this proves: if aircrack-ng finds your password in a common wordlist, it was too
weak — change it. If it churns through millions of guesses and fails, your passphrase is doing its
job. That's a genuine, useful security check on your own network.
Reading the result like a defender
The lesson isn't “how to crack Wi-Fi” — it's “weak passwords fall to a
wordlist in seconds; strong random passphrases don't.” That single insight is what you'd teach
every user and enforce in every Wi-Fi policy.
Simulated audit of YOUR own access point. Try a command below.
kali@lab:~$
Practical Exercise 10.1 — Rate your own Wi-Fi
On a network you own. If you don't have a monitor-mode adapter, do the “paper” version in
step 4 — it teaches the same lesson.
Log in to your router's admin page and confirm it's set to WPA2 or WPA3, not
WEP/WPA.
Check your current passphrase length and randomness.
(With a compatible adapter) capture your own handshake and run
aircrack-ng against a common wordlist (e.g. rockyou.txt in Kali).
Improve: set a 5-word random passphrase, enable WPA3 if available, disable WPS.
Result: a documented before/after. You've performed a real wireless
security audit and hardened a live network — a genuine professional task.
Quick check: What is the strongest practical defence for home/office Wi-Fi today?
Hiding the SSID
Using WEP with a short password
WPA3 (or WPA2) with a long, random passphrase
Turning the router off at night
Strong encryption (WPA3/WPA2) plus a long random
passphrase defeats the guessing attacks that make up most real Wi-Fi compromises.
Why does this matter for your career?
Wireless is everywhere and often the weakest link. Network admins secure it; auditors test it; incident
responders investigate rogue access points. Wireless security is examinable in Security+
and a full domain of CEH. Being able to prove a Wi-Fi password is weak — and fix
it — is a concrete, hireable skill.
Key takeaways
Wi-Fi broadcasts through the air, so encryption is essential.
WEP is broken; use WPA2, prefer WPA3.
aircrack-ng audits your own network by testing captured handshakes against wordlists.
Most Wi-Fi attacks are password guessing — a long random passphrase defeats them.