Open network but can't capture a single packet - any idea why?

[utilizeartisan]

Re,

I have no problem capturing packets on various wireless hotspots but there are a couple in my town that I just cannot understand why no packets are visible. These are "open" networks (i.e., no WEP/WPA/etc. protection) where you obtain a username/password from the administrator, connect and then open internal page to log in using those credentials. Only then you get access to the Internet.

Here is what the traffic looks like: http://img821.imageshack.us/img821/3195/snapshot2d.png

Could someone please guide me in the right direction as to how to "decrypt" the traffic? If there's no encryption, why don't I see anything?

Thanks!

[macphail]

so, if i understand you correctly (and I believe that I do), you are attempting to sniff the traffic in order to retrieve the username and password supplied by the hotspot vendor? i assume so that you can circumnavigate actually having to be granted access from them? does that pretty much sum it up?

...wait for it... wait for it...

[utilizeartisan]

no. I want to monitor the traffic that's not only directed to/initiated from my IP when I am connected to that network. I also have the login credentials, so I can access Internet through that network. yes, the adapter is in managed mode and Wireshark is capturing in promiscuous mode as well. like I said, I have no problem "sniffing" traffic from regular WEP hotspots and/or WPA encrypted ones, provided that I know the key. it's just for some reason on these otherwise non-encrypted networks I do not see any traffic other than to/from myself.

[gunrunr]

are you making traffic? if you want to test this idea ping the ap, or pull up a webpage and you should see the syn-ack and get requests
cause broadcast beacons are not really traffic in my book they do not contain data just a header

[Thorn]

Sounds like a wireless VLAN.

[gunrunr]

if you look real good at his linked jpeg, it says "mon0 capturing-wireshark" if he's on mon0 than he's not connected the the ap anyways because he's in monitor mode.

[utilizeartisan]

gunrunr: mon0 is in monitor, wlan0 is not. if I recall correctly, I was connected when I took the screenshot. I specifically didn't generate any traffic since I could see it being captured. however, other than my traffic there were only those beacon packets.

I'll try going back today to test again but I recall that even when booting into Windows to test ARP spoofing with Cain, it could not detect a single other MAC address on the network.

[Thorn]

if you look real good at his linked jpeg, it says "mon0 capturing-wireshark" if he's on mon0 than he's not connected the the ap anyways because he's in monitor mode.

Then as they say on MythBusters; "Well, THERE'S your problem!"

[Archangel-Amael]

Then as they say on MythBusters; "Well, THERE'S your problem!"

nodoudt