* Can't correctly capture EAPOL packets when in monitor mode
@ 2011-06-26 20:51 dj_def
0 siblings, 0 replies; only message in thread
From: dj_def @ 2011-06-26 20:51 UTC (permalink / raw)
To: linux-wireless
This is the bugzilla link:
https://bugzilla.kernel.org/show_bug.cgi?id=38282
The network card doesn't work as expected in monitor mode (rt61pci driver).
It should be able to capture every EAPOL packet but with newer kernels it
can't.
To reproduce:
1) stop all network managers
2) sudo ifconfig wlan0 192.168.0.77
3) sudo route add default gw 192.168.0.1
4) wpa_passphrase myEssid
----> myWPA
insert the output into /etc/wpa_supplicant.conf
5) sudo airmon-ng start wlan0 11
6) open wireshark with the correct privileges, start capturing from mon0,
select "eapol" filter, enable decryption inserting the correct wpa in the
preferences of the IEEE 802.11 protocol.
7) sudo wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
With a 2.6.35 kernel (I tried with Ubuntu 10.10 and Backtrack 4) I can see all
the six EAPOL packets that I need to decrypt the traffic.
With a 2.6.38 kernel (I tried with Ubuntu 11.04 and Backtrack 5) I can see
four
EAPOL packets (or five if I select "ignore the protection bit" + "with IV
detection" in the preferences of the IEEE 802.11 protocol). In particular the
"key" "(group msg 2/2)" packet is missing.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-06-26 20:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-26 20:51 Can't correctly capture EAPOL packets when in monitor mode dj_def
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).