I have a network, which has 2 nodes (a phone, a MacBook) both are connected to same wireless network, I know the SSID and password for the wireless network
password: mypassword
ssid: myssid
security: WPA2 Personal
I am currently running Wireshark on MacBook with following settings:
Edit > Preference > Capture > Interfaces > Edit
default buffer size `2048MiB`
default link layer header type: 802.11
monitor mode: checked
and to decrypt traffic under
Edit > Preference > Protocols > IEEE 802.11
Reassemble fragmented 802.11 datagram packets: checked
ignore vendor specific HT elements: unchecked
call subredisetor for retransmitted 802.11 frames: checked
assume packets have FCS: unchecked
Ignore the protection bit: Yes with IV
Enable decryption: checked
decryption keys:
key type: wpa-pwd
key: mypassword:myssid
I start it in capture mode: I make a http call to foobar.com from my phone, and I expected wireshark to pick it up and display in sniffed data, I don't see it there.
However, if I make same HTTP call to foobar.com from my mac, I can see it being listed.
Edit:
I had to put my mac in wireless monitor mode, wireshark's monitor mode wasn't enough alone,
After that I see EAPOL handshake captured
but still it is not able to decrypt packets captured for that source (Lg_Electr_41), also attached protocol preference
Aucun commentaire:
Enregistrer un commentaire