Ask Your Question

Revision history [back]

When capturing traffic passing through your machine, i.e. when it's acting as the Access Point, you won't see the Wifi encrypted data, instead you'll see the regular data that's inside the Wifi channels.

The regular traffic itself may be encrypted, e.g. GQUIC, so you would need suitable keying material to decrypt those protocols, e.g. an SSLKEYLOGFILE generated by the client, but as this is your phone that may be difficult to impossible.

As to why you don't see the EAPOL handshakes, you'd have to capture in monitor mode to do that and as Windows hosts generally have a difficult time doing that (WiFi drivers often don't work in that mode) and as I don't think a Windows machine can be a hotspot and run in monitor mode you won't be able to do that either.