No WPA Handshakes on RTL8187
Greetings, all. I have been unable to get a WPA handshake using an AWUS036H (USB RTL8187). Other folks on the forum have been using this card successfully.
I have tested several of my networks in different locations and cracked them as WEP without any issues, but I have been unable to get a handshake when I change them to WPA. I have spent a couple of hours reading through posts dating back to BT3, and I have checked that I do not have the common causes folks reported:
- the card goes into monitor mode happily with the BT drivers for it
- The signal is neither too strong nor too weak. I have moved back and forth from 3 to 15 meters from the AP; the power ranges between 50 and 100 when I do that
- I have it monitoring the single channel I need
- I both manually and automatically reconnect 3 different clients trying to capture the handshake. I see them connecting and disconnecting as I deauth them.
- the deauths work fine; I've tried increments from 1-50, though they work on the first try, disconnecting each of my clients I target. I assume this means I can inject just fine.
- the reconnects are not too fast that I don't see them in airmon; they take a couple of seconds
- I lose few to none of the packets
- Troubleshooting, I have done process checks and stopped the relevant services and done a killall, such as the dhclient, before I start
- aircrack and all the dependencies are up-to-date. Had the same successes and problems on BT4.
I have used wifite and had the same problem (can't be user error), and have also done it manually as follows:
airmon-ng to check what interface label it is (wlan0)
airmon-ng stop wlan0
ifconfig wlan0 down
airmon-ng start wlan0 1 for my channel 1 - have tried AP w/ others too
airodump-ng wlan0 so I can copy paste the BSSID and re-verify channel
Though I mentioned that I can do deauths and think I can inject, this is what I get when I do: aireplay-ng -9 -a 00:15:AF:03:3B:28 wlan0
15:30:06 Waiting for beacon frame (BSSID: 00:15:AF:03:3B:28) on channel 1
15:30:06 Trying broadcast probe requests...
15:30:08 No Answer...
15:30:08 Found 1 AP
15:30:08 Trying directed probe requests...
15:30:08 00:15:AF:03:3B:28 - channel: 1 - 'MYAP'
15:30:16 0/30: 0%
As you can see, 0/30. I get this on all my APs when they are set for WPA.
A lot of bright minds in this forum. Any ideas? Thanks.
Re: No WPA Handshakes on RTL8187
With the owners' permission, I tried two other random WPA APs to no avail -- no handshakes captured. I manually disconnect and reconnect the clients, as well as successfully deauth them, but nothing; I don't capture any handshakes. Tried both BT4 and BT5 again. As before, when the same APs are set to WEP, I can aireplay and capture IVs just fine.
I read somewhere on the forums that this may have something to do with the modulation and that they should be set to the same, but the command "iwconfig wlan0 modu 11g" is apparently not supported by the RTL8187 chipset, nor any other change in modulation.
I have also tried changing my MAC to a client MAC and disabling that client, but that has no effect; not that it should, since the APs are not set to filter by MAC.
Re: No WPA Handshakes on RTL8187
This is the kind of junk that we do not support. Leave other people access points/ networks alone.