Hi, I'm a noob college student studying wireless networking I'm using Atheros 93xx chipset and Netgear X6 R8000 router with WPA2-PSK. I want to show ICMP packets around network area, so I used monitor mode to capture whole 802.11 wireless packets. But I failed to decrypt the packets. I've seen many pages which show how to decrypt 802.11 packets but I failed all.. I followed instruction from to decrypt packets but I failed. After failure, I used airdecap-ng but it doesn't decrypt the packets, too. Is there any more tries that I can do? asked 10 Mar '17, 21:01 jayheo |
One Answer:
It sounds like you either don't have any data packets to decrypt (common problem) or you don't have the 4-way eapol handshake for the device under review (absolutely required). However, since you do not provide a trace to review, this is just guessing. There are many questions on here related to this topic but for the most part they distill down to these two issues. Search and you will find lots of detail related to these topics and things to do, like degrade the communication capabilities to make it easier to capture frames, how to force a device to generate the eapol handshake, etc. If you are sure you have data frames and the four way handshake, is the passphrase correct? Watch for SSIDs that have special characters and spaces. answered 11 Mar '17, 07:08 Bob Jones |
I checked captured file and found 4-way handshake with EAPOL protocol. There are many data packets denoted as 802.11 protocol. I double-checked my passphrase and I copied the passphrase/SSID from my router preferences.
I solved the problem by changing preference of Ignore the Protection bit from No to Yes - With IV. Thank you for advise me!