This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Very little data packets in monitor mode.

0

I'm trying to setup a proof of concept for indoor positioning using WIFI. The idea is to place a few WIFI adapters in several locations in a small building, each tracking signal strength and MAC address and storing it in a database. Based on the signal strength to different adapters at the same time, we can get an (in)accurate position of the device (MAC).

There are two SSIDs in the building, both with WPA-PWD encryption. There will also be devices that are not associated with the network. Since I don't want to install 3 adapters on each location (one for each network) I want to get the signal strength in monitor mode and only switch the channel between the two SSIDs.

Using Kali and tshark i'm able to capture the signal strength using:

tshark -i mon0 -T fields -e wlan.sa -e radiotap.dbm_antsignal

The problem however is that I receive very little data from my test device (android phone). If I open the WIFI manager and it start scanning for networks in the area I capture the broadcast packets, but no other data at all. I suspected it to be because of the WPA encryption and changed to an open network and it worked. I see a constant stream of packets from my android phone.

I turned back to the WPA network and setup tshark using decryption

tshark -i mon0 -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"wpa-pwd\",\"Passphrase:SSID\""

I disconnected my phone from the network, enabled monitor mode and then reconnected the device, to make sure I received the four-way handshake. Now I do receive some data packets, but nowhere near the amount I'm actually sending/downloading. At moments I receive about 10 a minute and then nothing at all for a few minutes.

I tried with the folowing setups

  • Kali linux in VMWare on windows 10, with an ALFA AWUS036H (RT8187 chipset)
  • I dont receive any data packets from WPA protected networks
  • Kali linux ARM on Raspberry Pi 3 model b, same USB adapter
  • I dont receive any data packets from WPA protected networks
  • Kali linux live boot USB, Qualcomm Atheros AR938x adapter
  • I receive a few datapackets from WPA protected networks

My questions:

  1. Is decrypting necessary if I only want MAC and signal strength?
  2. Why don't I receive most of the data packets being sent?
  3. Is there a better way to use WIFI for IPS?

asked 10 Apr '17, 06:28

DrZiggy's gravatar image

DrZiggy
6113
accept rate: 0%

edited 10 Apr '17, 06:28