I'm trying to understand how to capture traffic on my WLAN(WPA2) using Wireshark.
I can see all traffic going to and from my Backtrack-PC and Wireshark is able to decrypt it (using the WPA-password and the four EAPOL Key msg), but I can't see any traffic going from other clients on the network.
If I deauth a client from my BT-PC I only get two EAPOL Key msg, 1/4 and 3/4, it's missing key 2/4 and 4/4.
Why is that?
I've tried different approaches listening on both wlan0 and mon0 but no luck.
It seems to me that Wireshark can only capture the WPA-handshake going from the client to the AP and not vice versa.
I can't get any data-traffic (like http) from my clients.
Am I doing something wrong here or is it just impossible to capture traffic on WLAN encrypted with WPA2?
This is my config,
BackTrack 5 R1 running on a PC with a Alfa AWUS036H (The computer running Wireshark).
AP is a ASUS RT-N56U.
Clients: one Laptop running BackTrack 5 R1 and one Android-Phone.
airmon-ng (to swith wlan0 into monitor mode)
aireplay-ng (to deauth)