Capture WLAN-traffic using Wireshark
I'm trying to understand how to capture traffic on my WLAN(WPA2) using Wireshark.
I can see all traffic going to and from my Backtrack-PC and Wireshark is able to decrypt it (using the WPA-password and the four EAPOL Key msg), but I can't see any traffic going from other clients on the network.
If I deauth a client from my BT-PC I only get two EAPOL Key msg, 1/4 and 3/4, it's missing key 2/4 and 4/4.
Why is that?
I've tried different approaches listening on both wlan0 and mon0 but no luck.
It seems to me that Wireshark can only capture the WPA-handshake going from the client to the AP and not vice versa.
I can't get any data-traffic (like http) from my clients.
Am I doing something wrong here or is it just impossible to capture traffic on WLAN encrypted with WPA2?
This is my config,
BackTrack 5 R1 running on a PC with a Alfa AWUS036H (The computer running Wireshark).
AP is a ASUS RT-N56U.
Clients: one Laptop running BackTrack 5 R1 and one Android-Phone.
BT-tools used,
Wireshark (sniffer)
airmon-ng (to swith wlan0 into monitor mode)
aireplay-ng (to deauth)
Re: Capture WLAN-traffic using Wireshark
I've just upgraded Wireshark to version 1.8.1 and now I occasionally get all four EAPOL packets when a client connects to the AP, but I still can't see any data traffic coming from the client in Wireshark.
If I fire up a webbrowser and starts surfing on the client all Wireshark get is "Request-to-send" and "802.11 Block Ack".
Do I have to use ARP-spoofing or DNS-spoofing to monitor wireless communication from other clients?
Re: Capture WLAN-traffic using Wireshark
Quote:
Originally Posted by
krister67
I've just upgraded Wireshark to version 1.8.1 and now I occasionally get all four EAPOL packets when a client connects to the AP, but I still can't see any data traffic coming from the client in Wireshark.
If I fire up a webbrowser and starts surfing on the client all Wireshark get is "Request-to-send" and "802.11 Block Ack".
Do I have to use ARP-spoofing or DNS-spoofing to monitor wireless communication from other clients?
My bad!
My AP was set to 802.11n which the Alfa AWUS036H cannot handle. :p
Switched the AP to 802.11g and the packets from my clients was just flying in..... ;)
