This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable to capture HTTP packets even after EAPOL handshake

0

Hi there. I'm still new to wireshark and trying to learn capture packets on my home network protected by WPA2.

Based on my understanding, in order to capture HTTP packets from other devices in my WPA2 network, I need to:

  1. Enable monitor mode.
  2. Supply my wpa-pwd/wpa-psk key to wireshark
  3. reconnect my devices to the network
  4. Ensure that 4-way EAPOL handshake is captured.
  5. Browse a site on my other device to generate a HTTP request.

However it seems that even though after EAPOL handshake is captured, I am unable to capture http packets. It seems to be a hit and miss: sometimes I capture HTTP packets, sometimes I don't capture any HTTP packets at all. Other times I would capture HTTP packets up to a point before it stop capturing any further for god knows what reason.

Can someone guide me on this? Thanks.

asked 22 Nov '15, 19:09

davidsmith2's gravatar image

davidsmith2
6113
accept rate: 0%

maybe your client/AP changed the wifi channel and your capturing system did not? What is your capturing OS?

(23 Nov '15, 01:02) Kurt Knochner ♦

I'm using kali linux (dual boot on a Macbook Pro 13" 2010 model). My router's wifi channel is manually set to a specific channel rather than automated though!

(24 Nov '15, 02:16) davidsmith2
1

Hi David - I have experienced many issues (including missing packets during a capture) when using a dual boot computer. I am assuming you have both Mac-OS and Kali Linux as the dual boot options. I know this might not be much help, but after beating my head against the wall for months I decided to not use a dual boot computer. I was able to find a dedicated laptop and installed Ubuntu. Since then I have no issue.

I am not sure if you have that option, but you might want to check some forums regarding dual boot systems - especially ones using Kali and Mac-OS on the same hardware.

(24 Nov '15, 10:09) Amato_C

Hi Amanto. You're right, I tried wireshark on a different computer and it seems to work fine. Not sure if it's a hardware issue. My Macbook Pro is using a b43 driver

(28 Nov '15, 01:53) davidsmith2

Update: I've bought myself a TP-LINK TL-WN722N and tried it with wireshark on my Macbook Pro. I swear the difference is HUGE, and now I'm able to capture all the HTTP packets. So I'm guessing the Macbook Pro's in-built wifi adapter isn't that great for monitoring?

(28 Nov '15, 08:02) davidsmith2

One Answer:

0

Converting my comment to an answer to assist others with a similar issue.

I have experienced many issues (including missing packets during a capture) when using a dual boot computer. I am assuming you have both Mac-OS and Kali Linux as the dual boot options. I know this might not be much help, but after beating my head against the wall for months I decided to not use a dual boot computer. I was able to find a dedicated laptop and installed Ubuntu. Since then I have no issue.

I am not sure if you have that option, but you might want to check some forums regarding dual boot systems - especially ones using Kali and Mac-OS on the same hardware

answered 29 Nov '15, 17:49

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%