Failing to capture messages 1 and 3 of WPA2 4-way handshake?


Trying to demo cracking a WPA2 protected AP using the aircrack suite, but the results seem to be nondeterministic (i.e. not good for demos).

Did some detective work with Wireshark and observed that after the authentication and association conversations, my monitoring interface only captured the client portion of the 4-way handshake (messages 2 and 4) approximately 95% of the time.

The device I’m monitoring with is about 15 feet away from the device I’m deauthenticating, and the router is in another room probably about 20 or so feet away from both devices, if positioning is a factor here. I’ve tried deauthenticating a smart phone and a laptop with similar outcomes. Any explanation or suggestions would be appreciated.