Ask Your Question
0

Decoding Request-to-send packets

asked 2020-02-02 20:28:17 +0000

kg222 gravatar image

I'm experimenting with a Pi 3 running Wireshark on Kali Linux. I set up a monitoring interface (mon0) and started capturing the data on channel 1 from my phone by turning WiFi on and making a request to a HTTP website. I noticed some normal stuff (authentication - 4-way handshake), but also loads of "Request-to-send" packets. After decryption using the PSK I found only 1 TCP packet, originating from an IP that seems to belong to Google. The rest are still Request-to-send packets. After Googling I understand that these are likely to originate from interference and the network card trying to squeeze the data through small steps. I noticed that I have two WiFi networks available on Channel 1, one original and the other from a signal extender. I was connected to the extender.

I tried turning off the extender, and connecting to the main WiFi. I sent a similar HTTP request as before from my phone and decrypted it in Wireshark. This time it worked, I can clearly see HTTP traffic in Wireshark.

So, am I getting this right? Apparently these RTS (request-to-send) packets need to be decoded by Wireshark. So my question is, how to do it?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-02-02 23:04:53 +0000

Bob Jones gravatar image

RTS frames are sent without encryption and are decoded properly by Wireshark. No further decoding is necessary.

Connecting to different APs can force frame transmission at different modulations, so can influence packet capture in monitor mode.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-02-02 20:28:17 +0000

Seen: 68 times

Last updated: Feb 02