Wireshark doesn't capture 802.11 data packets -


lately have been trying analyze wifi traffic on own test router. looked on wireshark website on how , setup own testing network.

my network:

-dd-wrt router wpa2 personal mixed security using tkip+aes.

-kali linux capture machine wireshark 1.8.5

-android phone producing traffic

i put wireless interface of kali laptop monitor mode user airmon-ng

airmon-ng start wlan0

to check if created monitor interface(mon0) worked use airodump-ng. when knew monitor interface working, started wireshark. selected mon0 capture interface , pressed options. in capture options put mac adress of router, got through airodump-ng, in capture filter area.

i take care of packet decryption needed me see actual data. went following webpage: http://wiki.wireshark.org/howtodecrypt802.11

i followed instructions there.(only way need put in decryption keys different key#1 system described on page. new window in need select security method wep,wpa-pwd or wpa-psk , input key). used wireshark wpa psk generator tool right pre-shared key.

http://www.wireshark.org/tools/wpa-psk.html

essid: "testnet"

password: "wachtwoord"

psk: 33fe484e651381b15859e539279f2991c0f5e5e751ef17f82104d4ad528718ca

i put in 2 new keys. 1 being wpa-pwd wachtwoord value. second being wpa-psk psk mentioned above value.

i applied settings, , checked enable decryption checkbox.

so clicked start capture button , saw whole bunch of beacon frames rolling in. associated android phone ap knew capture eapol packets(i checked using filter , had 4 packets).

after filtering "data", saw didn't capture data packets.

i expected see actual traffic, not case. airdecap-ng did not see wpa packets in capture file.

my theory left after hours of puzzeling lack of driver support. please tell me doing wrong?

thank you!

tl;dr: computer not capture 802.11 wpa2 data packets, , can't figure out why.

have checked if can capture wifi frames in open/none security? if doesn't work open/none, need fix setup before being able capture wpa2/aes traffic.

steps used check wifi capture setup: - configure ap open/none (open authentication, no encryption). - add monitor interface:

$ sudo iw phy phy0 interface add moni0 type monitor $ sudo ifconfig moni0
  • set channel of (same between ap , laptop). avoid popular ch1,6,11 (use channel 7, example) reduce amount of captured traffic.
  • some wireless cards not support monitor mode well, may worth avoid 802.11n, use 802.11b/g only.

Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

css - Firefox for ubuntu renders wrong colors -

Image
i've got following problem: i'm developing website, while testing around i've noticed firefox , chromium display css bar in different colors. when switched between several machine come conclusion firefox ubuntu problem. on other devices i've tested website. it's fine. the differences between chrome , firefox rendering: firefox: chromium: note: firefox ubuntu problem. does knows why , came solution? https://bugzilla.mozilla.org/show_bug.cgi?id=655637 bug 629312 - firefox displays wrong colors on image (only linux) open about:config , rechange gfx.color_management.mode 2 0.
Read more