I know the key which is used to connect to the wifi. When I type that key in edit->preferences->protocol as wp-psw, only the packets which are coming in or from my computer are decrypted. What I need to do in order to decrypt all the packets? asked 15 Sep '13, 14:35  tttttttttttt2 edited 15 Sep '13, 15:11  Kurt Knochner ♦ |
One Answer:
From the How to Decrypt 802.11 Wiki:
So, I guess you do not have the full handshake of the other systems in your capture file. There are (at least) two possible reasons:
Regards answered 15 Sep '13, 15:10 Kurt Knochner ♦ edited 15 Sep '13, 15:12 showing 5 of 21 show 16 more comments |
@KurtKNochner: What do I need to capture? I see 2 messages with EAPOL protocol when the new machine is logged in to the wifi.
Take a look at the following capture file.
The WPA password is Induction.
If you use the following display filter, you will see 4 EAPOL frames.
You need all 4 frame, to be able to decrypt the traffic.
If you see only two, something is not O.K. with your capture setup. As you did not give any information about that, I cannot say what might be wrong.
@KurtKnochner: Thank you. Yes, I see only 2nd and 4th packet (what should I do...?). And I know WPA password, it's shared key known to a few people who can connect to this wifi.
By the way, I added that password to wpa-pwd, but it decrypts just my computer's packets.
how do you capture the traffic of other machines?
Did you enable monitor mode?
If yes: how?
If no: Maybe that's your problem.
@KurtKNochner: I am sorry, where can I enable monitor mode? edit: i've found it!
@KurtKNochner: It says I don't have permissions or something to use monitor mode :(
what is your OS?
Ubuntu 13.04
Did you read the section about monitor mode on Linux in the link I posted in my answer? Especially the section Turning on monitor mode
Damn it I am noob, thanks, I'll try to enable monitor mode. And what exactly does monitor mode do?
It allows you to capture traffic of other stations on a wifi interface. It's all explained in the link I mentioned ;-)
@KurtKNochner: When I tried to run airmon-ng, I got
Fatal exception in interruptandpanic occured:(That does not sound good. Did you run it as root?
Yes.... :(
Please post the full airmon-ng command. What is the output of
What kind of wifi interface do you use?
If this was a kernel panic, I suggest top ask the Ubuntu people what went wrong ;-)
@KurtKnochner : Maybe it's mobile, that's why it captures just 2 packets?
I use eth1 interface
mobile? What do you mean?
eth1 is (most certainly) not a wifi/wlan interface. So, it is no surprise that airmon-ng does not work with eth1, although it should not crash that miserably.
Don't you see a wlan0 or wlan1 interface on your system? What is the wifi/wlan interface? Is it builtin or a USB adapter? If the later, which one?
only eth1 is shown in wireshark (also eth0), and it catches the packets on eth1, just can't decrypt them
????
can you please post the output of the following commands