1 | initial version |
I can capture Wi-Fi packets when connected to my home Wi-Fi WPA2 The adapter doesn't support monitor mode
These are mutually exclusive; to collect 802.11 frames you usually have to be in monitor mode (with some special case exceptions when capturing on actual access points). if you mean sniffing on the wifi interface without monitor mode, these will be fake EthernetII frames and will not contain 802.11 control or management traffic, and keying information is not present with Windows.
I do believe a Linux host will show the EAPOL frames as EthernetII when capturing on the wireless interface in managed mode. Perhaps that is due to wpa_supplicant process running in user space?
Best practice tips: don't try to collect 802.11 frames from an actual adapter in use; the results vary wildly. Don't do monitor mode capture on Windows unless you are using special software, such as Omnipeek, CommView, etc.