Hi,
Total newbie. I've never seen a wifi packet capture before. lol
I got an Alfa AWUS036AC (RTL8812AU) to learn wifi packet capture for my home Wlan. I'm losing my mind trying to figure out what I did wrong!
I setup a test bed on a table (so no signal issues) with an android tablet, tp-link AP 2.5g+5g and Kali v2022.1 pre-built VMware. I'm a linux newbie, but forced into it because windows can't put the Alfa into monitor mode.
I want to attach two traces, but it won't let me, says I need 60 points. Is there another way to upload traces?
AP:
- 2.4g SSID test2, wpa2/testtest, ch11, 20mhz
- 5g SSID test5, wpa2/testtest, ch149, 80mhz
MAC:
- 2.4g AP - 14:CC:20:D5:07:FA, Tablet - 26:14:77:CF:CF:CC
- 5g AP - 14:CC:20:D5:07:F9, Tablet - AC:6C:90:5D:3A:87
Kali standard realtek-rtl88xxau-dkms driver installed fine.
2.4g test:
- airmon-ng check kill
- iw dev wlan0 set type monitor
- iw dev wlan0 set channel 11 20MHz
- iwconfig (showed monitor mode and freq 2.462)
- started Wireshark with wpa-pwd testtest:test2
2.4g problem
- sometimes it takes a few tries to get the entire seires of 4 EAPOL packets
- after that, it decrpts fine, I apply IP display filter
- on the tablet, the web pages loaded fine
- BUT, wireshark is flagging a lot of tcp errors
- tcp out of order, tcp previous segment not captured, tcp acked unseen segment
- > it looks like the adapter is missing packets and/or recieving them out of order???
5g test:
- airmon-ng check kill
- iw dev wlan0 set type monitor
- iw dev wlan0 set channel 149 80MHz
- iwconfig (showed monitor mode and freq 5.745)
- started Wireshark with wpa-pwd testtest:test5
5g problem
- same EAPOL problem as 2.4g
- decryption seems fine
- BUT I can only see broadcast and multicast IP packets
- > where are my unicast https web browser data packets???
Help, this Alfa is supposed to work. I banged my head against the wall for 5 days, can't figure it out.
Thanks in advance!