Results 1 to 2 of 2

Thread: Can't capture TCP with Wireshark

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    1

    Default Can't capture TCP with Wireshark

    Hi all,

    I've installed Backtrack 3 and I'd like to learn how to use Wireshark for academic purposes.

    When I try to capture wireless traffic from my other computer linked to the Internet through an wireless ADSL router, I cannot see TCP or IP protocol packets in Wireshark, only a bunch of IEEE.802 and LLC protocols mostly.

    I can't figure it out why. Wireshark is configured with the "decryption key", "promiscuous mode", and "assume packets have FCS" which I understood are the main parameteres.

    Thank you fot your help.

  2. #2
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    How exactly are you feeding wireshark the data?

    Do you have airodump on the correct channel with matching bssid?

    This link might be of a little help HowToDecrypt802.11 - The Wireshark Wiki

    You are also going to need a valid handshake for you to be able to decrypt everything.

    "WPA and WPA2 uses keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter eapol to locate EAPOL packets in your capture."

    To grab a handshake it's pretty much as simple as deauthing a client. Anymore help feel free to ask, also let us know if you get it working.

    Cheers!
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •