I tried to sniff all Traffic on a WPA Secured AP with airodump-ng. I use a Atheros Card with madwifi-ng and Patch. If I’m right I must sniff a Handshake for decrypting the packages with airdecap-ng . I tried a deauth an a special Client in the Network but no Handshake is shown in airodump. When I deauth all the Clients on the Net I get the BSSID of the AP as valid Handshake.
Now I tried to decrypt the dump with airdecap but I got only a few decrypted packages.
On a second try I authenticated a client after starting airodump and I get the handshake.
Anybody with the same Problems, or a hint to sniff special Client data or all traffic on a WPA Secured AP. There are a lot of Hints in the iNet to sniff WEP Traffic but I hope opening a Thread to clear all the Mystery about sniffing WPA data.
I used this to capture traffic:
airodump-ng -w /tmp/dump-01.cap -c 8 --bssid 00:xx:xx:xx:xx:xx ath1
and airoscript to deauth one client or all clients from the ap
then I used this for decrypting:
airdecap-ng -e "Testing" -p remote-exploit /tmp/dump-01.cap
No suggestions!? Has nobody tried to sniff traffic from a WPA prodected AP!?