Hello All: I am having a bit of a problem here with wireshark, no matter what I do or what I try to do Wireshark doesnt capture EAPOL traffic that means no handshake capture which means no decryption of HTTP/TCP traffic. Here are few details that will list out what I exactly did.
after doing everything as aforesaid, all I still see is just encrypted packets no EAPOL or HTTP traffic. Can someone please guide where am I going wrong? Regards, BM asked 29 Nov '16, 01:34 BMC |
One Answer:
A couple of points:
So the technique I suggest:
Also, since you are on a MAC, you can try capturing with the built in adapter on the MAC with Wireshark (supports monitor+promisc mode by default) and see if you pick up the eapol frames if the USB adapter piped into the VM does not. I run Kali on my MAC, but I don't capture traffic this way so can't be 100% sure there is not a VM issue. I know on some of my newer Dell laptops I cannot attach a USB wifi adapter to a VM in VirtualBox for whatever reason. However, in these cases where firmware fails to load, the adapter does not work at all so no frames can be captured. Since you claim to be getting at least something, then this likely is not your issue. answered 29 Nov '16, 03:18 Bob Jones |