Ask Your Question
0

802.11 no eapol visible

asked 2021-01-24 21:54:32 +0000

Dosenfutter gravatar image

updated 2021-01-24 21:55:39 +0000

Hello all,

I wanted to check the eapol traffic when a device is reauthenticated but I can't find any eapol traffic at all. I use Kali and the TP-Link WLAN-Adapter TL-WN722N. After setting up the Wifi adapter I was able switch the adapter to monitor mode. Anyhow, while I was able to see the Monitor-Mode-Checkbox within wireshark by yesterday, I can't see it anymore, there is no checkbox at all. I fear that my recent updates were causing the internal card to interfere somehow? What are possible ways to see and set the checkbox again?

So generally I did the following steps before starting wireshark:

sudo ifconfig wlan0 down

sudo airmon-ng check kil l sudo iwconfig wlan0 mode monitor

sudo iwconfig wlan0 channel 11

sudo ifconfig wlan0 up

Once wireshark was running, I switched on the Smartphone so it will do the eapol. Anyhow the filter eapol did not trace anything within wireshark.

when I checked "iwlist wlan0 channel" I was able to see that channels are supported for 2,4 ghz and channel 11 should be the right one to choose? All outputs are shown at the end of the message. Now I'm a little bit confused, as I could see in my router settings that my smartphone seems to use 5 ghz but when checking wlan0 channels I can only see the frequencies for 2,4 ghz? Last but not least it would be interesting if I have to start wireshark out of the command line with some additional parameters or if it should work by simply opening and starting wireshark on wlan0?

Thanks a lot for every hint and advise in advance.

Outputs:

Output of "iwconfig" when NetworkManager is running lo no wireless extensions.

eth0 no wireless extensions.

wlan0 unassociated Nickname:"<wifi@realtek>" Mode:Managed Frequency=2.462 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/100 Signal level=0 dBm Noise level=0 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

wlan1 IEEE 802.11 ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=-2147483648 dBm
Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on

Output "iwconfig wlan0": wlan0 IEEE 802.11bgn ESSID:"FRITZ!Box 7530 KJ" Nickname:"<wifi@realtek>" Mode:Monitor Frequency:2.462 GHz Access Point: 98:9B:CB:4A:29:1D
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=1/100 Signal level=-99 dBm Noise level=0 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Output iwlist wlan0 channel wlan0 13 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.417 GHz Channel 03 : 2.422 GHz Channel 04 : 2.427 ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2021-01-24 23:01:27 +0000

Bob Jones gravatar image

my smartphone seems to use 5 ghz

If the traffic you want to capture is on a 5GHz channel, then the capturing device needs to be on the same channel.

The device you use for capturing supports 2.4GHz band only, so you won't be able to see the eapol frames in an OTA (over the air) capture. Either change the capture adapter (i.e. get a different one) to include the band/channels you need, or try to force the device under test to use what is supported. If you turn off 5GHz, the phone will likely connect to a 2.4GHz channel. Datarates will be lower, so this might only be for a test and assumes you don't have multiple APs so the phone will connect to another AP that is still using 5GHz.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-01-24 21:54:32 +0000

Seen: 3,697 times

Last updated: Jan 24 '21