This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark doesn’t capture 802.11 data packets

0

Lately I have been trying to analyze wifi traffic over my own test router. I looked on the wireshark website on how to do this and setup my own testing network.

my network:

-dd-wrt router with WPA2 personal mixed security using tkip+aes.

-kali linux capture machine with wireshark 1.8.5

-android phone for producing traffic

I then put the wireless interface of my kali laptop into monitor mode user airmon-ng

airmon-ng start wlan0

To check if the created monitor interface(mon0) worked I would use airodump-ng. When I knew that my monitor interface was working, I started up Wireshark. I selected mon0 as capture interface and pressed options. In Capture options I put the mac adress of my router, which I got through airodump-ng, in the capture filter area.

I then would take care of the packet decryption that would be needed for me to see the actual data. I went to the following webpage: http://wiki.wireshark.org/HowToDecrypt802.11

I followed the instructions there.(Only the way I need to put in the decryption keys is different than the key#1 system that is described on the page. I get a new window in which I need to select a security method wep,wpa-pwd or wpa-psk and input the key). I used the wireshark wpa psk generator tool to get the right pre-shared key.

http://www.wireshark.org/tools/wpa-psk.html

Essid: "testnet"

Password: "wachtwoord"

psk: 33fe484e651381b15859e539279f2991c0f5e5e751ef17f82104d4ad528718ca

I put in 2 new keys. One being wpa-pwd with wachtwoord as its value. The second being wpa-psk with the psk mentioned above as its value.

I applied all the settings, and checked the enable decryption checkbox.

So I clicked the start capture button and saw a whole bunch of beacon frames rolling in. I associated my android phone with the AP so I knew I capture the eapol packets(I checked this using the filter and I had all 4 packets).

After filtering with "data", I saw that I didn't capture any data packets.

I then expected to see the actual traffic, but this was not the case. airdecap-ng did not see any WPA packets in the capture file.

My only theory left after hours of puzzeling is lack of driver support. Please tell me what I am doing wrong?

Thank you!

tl;dr: My computer does not capture 802.11 wpa2 data packets, and I can't figure out why.

asked 31 Jul '13, 12:15

joren485's gravatar image

joren485
1112
accept rate: 0%

edited 31 Jul '13, 13:00