This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot capture EAPOL packets from client to AP

1

Hi,

I'm new to wireshark, and I've spent many hours searching online and troubleshooting this peculiar behavior. I have a simple topology, just two computers wirelessly connected to a router, using WPA encryption. I've set up my wireshark to decrypt packets, by going into the IEEE 802.11 protocol setting and enabling decryption with the key wpa-pwd:password:SSID, as explained in here

With one computer I'm trying to capture the packets exchanged between the other computer and the router. However, regardless of which computer I use to capture the packets (I have wireshark installed on both) I cannot capture all four of the EAPOL handshake packets. Instead, I can only capture those EAPOL packets going from access point to client (packets 1/4 and 3/4). I'm pretty sure this has nothing to do with the wireless strength of my client, because my computers are right next to each other and they ARE receiving broadcast packets from one another. Furthermore if I turn off the encryption, then they can capture one another's packets just fine. Also, everybody's on channel 11 and using 802.11b so I've ruled that out as well. Does anyone have any idea of what else I should try to do to figure out what's going on? I really appreciate your help!

asked 31 Dec '11, 11:38

bhh1988's gravatar image

bhh1988
16112
accept rate: 0%

I am also facing the same issue. not able to see packets 1/4 and 3/4 from the 4 way handshake during WPA2.Is there any resolution for this? Is this a bug or a hardware limitation. I have a professional sniffer, Omnipeek. I was able to capture all packets using it. I am using Ubiquiti sr71x wlan interface, wireshark 1.4.6, ubuntu 11.04.

(04 Apr '12, 19:47) mohit