Wireshark can't pick up EAPOL packets from my adapter
After starting wireshark I go to the capture options, make sure that promiscuous mode is enabled and start capturing from the WiFi adapter. I also make sure I have the password entered in the decryption keys menu. I can only see packets either directed at my device or broadcasted. After restarting the device I want to sniff, and filtering the packets with eapol, I get 0 results. What could be the reason? Do I need any additional setup?
Hardware and software:
Wireshark 3.2.7
Linux Manjaro 5.9
WiFi adapter TP-Link TL-WN772N with a AR9271 chipset, driver ath9k_htc
Have you looked into the difference between promiscuous mode and monitor mode?
From what I understood, monitor mode didn't try to fake an ethernet but instead fed wireshark the 802.11 frames with metadata like signal strength
In order to see the EAPOL handshake between a device and your access point, you have to get the device to start an EAPOL handshake, as per the "Gotchas" section of the Wireshark Wiki's "How to Decrypt 802.11" page. This will probably require that you make other devices on your network deassociate from your network and then reassociate, e.g. by putting them to sleep and waking them up again.
And, on Wi-Fi networks, unlike promiscuous mode it captures traffic to and from machines other than the machine doing the capture. (I.e., promiscuous mode usually doesn't work on Wi-Fi.)
What if I want to capture my own eapol packets while i connect to my wifi network? Why can't I do this by simply capturing the traffic on my (managed) wireless interface? (I tried it and no eapol packets are captured..)