Not receiving EAPOL Messages #1 and #3
Hello,
i wanted to decrypt network traffic from my iPhone to my Router. For that I need the WPA2 in Wireshark (or a calculated wpa-psk) and the complete 4 way handshake for the session. But filtering by “eapol” i’m only getting packets 2 and 4. Only post I found about it is this old one, but the tipps there didn’t help. I tried walking around the house, every room inside the house, rebooting my phone and AP, whatever i try, i’m not able to get packets 1 or 3.
if i try to connect to my wifi repeater though, i’m always getting all 4 packets.
can anyone help me? this is really frustrating.
Key messages 1 and 3 are transmitted by the authenticator (access point) when using WPA2. I can make two guesses why you can't pick them up:
For the distance part, make sure the client and AP are relatively close (a few feet/meter or two) and capture device is in the middle. If modulation is too high to pickup with your capture system, either get a new capture system or try to 'dumb down' the modulation of the AP (as a test). Typically, eapol frames are sent at lower modulations but not always. Set the AP to 2.4GHz only, 802.11g, and try again (or something along these lines). Add advanced features back until it breaks and that will provide clues as to what is happening. Of course, if you can ...(more)