Im playing around with my wireless network (WPA) at home. When I start monitor mode and wireshark in backtrack, and afterwards connect my phone to the network, wireshark succesfully decrypts the packets transmitted by my phone. But when my phone is already connected to the network, then I cant just start wireshark and decrypt the phones packets. I have read that I need to kick off/deauthenticate the phone. But the problem is that in order to deauthenticate somebody I need to disconnect from my wireless network, which means I cant capture the eapol. And I cant reconnect to my network(with wireshark running) before my phone have reauthenticated. asked 09 Apr '14, 10:23  Jeppe Andersen |
2 Answers:
well, then use a second PC to deauth the client or a second wifi card in one PC. Regards answered 09 Apr '14, 16:06  Kurt Knochner ♦ Yes that would work, but I only have one computer with a wifi card. Is there really no method to do it with only one computer/wireles NIC? (09 Apr '14, 16:39) Jeppe Andersen 1
You say:
why do you have to connect to the SSID on the capturing device? monitor mode should be sufficient. If your driver is not able to switch into monitor mode in less than the time the client needs to re-authenticate, the only options are
(09 Apr '14, 17:12) Kurt Knochner ♦ First off, im very new to backtrack, and im sorry if I am missunderstanding something :) You say:
In order for me to decrypt my phones traffic I need to capture the eapol right? I tried this scenario to test your solution:
This gives me no eapol packets in wireshark. (10 Apr '14, 08:37) Jeppe Andersen So, in that scenario, in step 4, what does "connecting [my phone] to my home network" mean? Do you, for example, turn the phone off and back on again, so that the phone might think it's now in a different location, and must look for Wi-Fi networks and, if it finds one, attempt to connect to it? (10 Apr '14, 10:34) Guy Harris ♦♦ Step 4. means enabling my wifi on the phone, which automatically connects it to my home network. I do that to generate the 4 way handshake(eapol). (10 Apr '14, 12:10) Jeppe Andersen |
You don't need to deauthenticate the phone. You just need to force it to reconnect. If, for example, you can turn off its Wi-Fi and turn it back on again, that would probably force it to reconnect; even just putting it to sleep and waking it up (which is, I suspect, what the power button does) would probably suffice. If you really need to deauthenticate it, and if you can't deauthenticate it from your PC while the PC is in monitor mode, you'll have to have two machines involved, one that can deauthenticate the phone and one that can capture in monitor mode, or you'll have to have two Wi-Fi interfaces on your PC, one that's connected to the network and that you use to deauthenticate the phone, and one that's in monitor mode and that you use to capture traffic. Sorry. answered 10 Apr '14, 13:27  Guy Harris ♦♦ thhanks for the help huys, I actually made it work with the scenario above. Apparently backtrack is just buggy sometimes, and would not always capture the eapols. But now I succesfully deauthenticated and decrypted my phone and my roomates traffic. (10 Apr '14, 14:54) Jeppe Andersen |
why is that?
my phone recconects to the network like 2 sec after the deauthentication stops. While it takes me about 6 sec to reconnect my PC to the network whem im done deauthenticating.