Ask Your Question
0

How to decrypt 802.11 packets on open wifi?

asked 2020-01-16 22:50:25 +0000

yourdonefor gravatar image

Every tutorial I look at shows people decrypting 802.11 packets by using handshake keys on a PASSWORD PROTECTED wifi. I see 802.11 packets on a Wi-Fi that doesnt have a password to connect to it. How would I decrypt 802.11 packets if there is no password for a handshake to occur?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2020-01-16 23:03:59 +0000

Bob Jones gravatar image

If it's open, there is no encryption so there is no need to decrypt to see the actual data payloads sent between hosts. What you are likely seeing are management and control frames; these do not require decryption but also do not contain payload data that you might want to see.

To see just data, try a filter such as

wlan.fc.type_subtype in {0x20 0x28}

If you have a capture from a monitor mode device, then this filter should hide the management and control frames and just show data/QoS data frames. For a network that is open, the payloads here will be visible (for example, might be http, dns, whatever).

edit flag offensive delete link more

Comments

Sorry accidentally "Answered" my question. I meant to comment. This makes sense now. Sorry if I looked like an idiot. Also how do I know what frequency to put my monitor mode into so I capture the most interesting stuff. I am particularly looking to capture http protocols. What's the easiest way to do it?

yourdonefor gravatar imageyourdonefor ( 2020-01-16 23:09:38 +0000 )edit

The most interesting stuff is available via a channel that is certainly specific only to you and your location. No one here can answer this; what are you trying to do? If you have specific devices that you want to study, then find out what channel they use, and then that would be the channel with the most interesting stuff.

If you want to see web traffic from other hosts, find out what channels they are on and you want to be there. If you really have no idea, do a survey. Do some network reconnaissance across all the channels (many tools like aircrack-ng, kismet, bettercap, horst, etc) allow for scanning of channels so look around and pick a good one. Note that laws vary and sniffing other people's traffic might not be legal.

Some general guidelines - much of the world will only use channels 1-6-11 on 2.4GHz ...(more)

Bob Jones gravatar imageBob Jones ( 2020-01-16 23:22:00 +0000 )edit

Ok thanks. I appreciate your guys help. At least I wasn't going crazy.

yourdonefor gravatar imageyourdonefor ( 2020-01-16 23:25:38 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-01-16 22:50:25 +0000

Seen: 2,593 times

Last updated: Jan 16 '20

Related questions

In a WiFi capture log, why the 11ac “beamformed” bit is shown as both “true” and “false” in wireshark version 2.4.2 (v2.4.2-0-gb6c63ae086)?

No HTTP protocols in scan results

Tshark conversation view output modification

only seeing acks with tshark

Can't decrypt WPA-PSK (WPA/WPA2) even with passphrase and EAPOL Handshake

Forcing Mac OS X to reconnect in monitor mode

ios 11 802.11 frames

Disable protocol and decoded by my lua script

How to Decode Radius MS-MPPE-Recv-Key

eapol malformed packets

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2