Lately I have been trying to analyze wifi traffic over my own test router. I looked on the wireshark website on how to do this and setup my own testing network. my network: -dd-wrt router with WPA2 personal mixed security using tkip+aes. -kali linux capture machine with wireshark 1.8.5 -android phone for producing traffic I then put the wireless interface of my kali laptop into monitor mode user airmon-ng To check if the created monitor interface(mon0) worked I would use airodump-ng. When I knew that my monitor interface was working, I started up Wireshark. I selected mon0 as capture interface and pressed options. In Capture options I put the mac adress of my router, which I got through airodump-ng, in the capture filter area. I then would take care of the packet decryption that would be needed for me to see the actual data. I went to the following webpage: http://wiki.wireshark.org/HowToDecrypt802.11 I followed the instructions there.(Only the way I need to put in the decryption keys is different than the key#1 system that is described on the page. I get a new window in which I need to select a security method wep,wpa-pwd or wpa-psk and input the key). I used the wireshark wpa psk generator tool to get the right pre-shared key. http://www.wireshark.org/tools/wpa-psk.html Essid: "testnet" Password: "wachtwoord" psk: 33fe484e651381b15859e539279f2991c0f5e5e751ef17f82104d4ad528718ca I put in 2 new keys. One being wpa-pwd with wachtwoord as its value. The second being wpa-psk with the psk mentioned above as its value. I applied all the settings, and checked the enable decryption checkbox. So I clicked the start capture button and saw a whole bunch of beacon frames rolling in. I associated my android phone with the AP so I knew I capture the eapol packets(I checked this using the filter and I had all 4 packets). After filtering with "data", I saw that I didn't capture any data packets. I then expected to see the actual traffic, but this was not the case. airdecap-ng did not see any WPA packets in the capture file. My only theory left after hours of puzzeling is lack of driver support. Please tell me what I am doing wrong? Thank you! tl;dr: My computer does not capture 802.11 wpa2 data packets, and I can't figure out why. asked 31 Jul '13, 12:15  joren485 edited 31 Jul '13, 13:00 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
