I'm using wireshark with AitPcapNX. I see packet captured but cannot find any PTP/IP packet. Most of captured packets' protocol are 802.11. Is there any setting to capture PTP/IP packets? I'd appreciate it if I'd get some advices because I really need PTP/IP packets to analyze my issue, thank you. asked 04 Apr '16, 19:40 mokeke |
One Answer:
That probably means that you're capturing on a "protected" network, i.e. one using WEP or WPA/WPA2 to encrypt packets, and haven't set Wireshark up to decrypt the packets. See the how to decrypt 802.11 page of the Wireshark Wiki for information on what needs to be done to decrypt the packets. answered 05 Apr '16, 01:59 Guy Harris ♦♦ |
Thank you for yor reply, Guy Harris. I already tried decrypting packets with password&SSID but it didn't work well; Packets still show protocol "802.11." I'm very confused now.
Read the "how to decrypt 802.11" page, paying attention to, for example, the discussion of the "EAPOL handshake" in the "Gotchas" section (in order to decrypt traffic that's not sent to or from your machine, you may need to force one of the other machines to disconnect from the network and reconnect to the network while you're capturing its traffic, for example by putting the machine to sleep and waking it up).
Remember, the whole point of WEP and WPA/WPA2 was to make it hard to do exactly what you're trying to do! The encryption is done to make it hard to sniff Wireless networks.
Note also that, for an AirPcap card, the decryption could be done by the card, so the way you specify the keys could be different; look for "AirPcap" on that page.