Ask Your Question
0

New device not showing EAPOL?

asked 2024-04-28 04:20:44 +0000

JL1337 gravatar image

Hello guys,

Recently purchased an awus036acs adapter to use wireshark with wireless devices like my phone but it seems that no matter what I do, I can't see EAPOL (or any other traffic) from my phone.

I tried putting my 802.11 adapter to monitor mode (confirmed by iwconfig), I tried putting a decryption key, I tried forgetting/reconnecting my phone from the network.

That all was on Ubuntu 22.04.

Now on Windows 10, I have a whole different issue, I can't even connect to my home network with my 802.11 adapter, it shows other people's networks but not my home network. I genuinely am stumped with both of these issues.

Any help is highly appriciated.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-04-28 12:44:07 +0000

Bob Jones gravatar image

Looking at the specs for that capture device, it is an RTL 8811AU and is 11ac/1SS/SGI (from the vendors' wireless performance table and a lookup on mcsindex.com). According to morrownr, if you believe such things, he says this chipset is not recommended for Linux.

A couple of issues - this probably does not have a default driver in Ubuntu, so where you get your driver matters (likely some place on Github or someone made a package). It is a low performance adapter, and since it can only pick up traffic that it can decode, if the AP and the phone are using more advanced modulation this adapter won't pick it up. We don't know anything about your AP or phone to know what 802.11 standards are supported / in use so no way to know if this capture device is suitable. Common clients over the past years were 11acW2/2SS, but there are others, and newer stuff is 11ax, sometimes even WiFi 6E operating on 6GHz.

Now with all of that, if you can't see ANY traffic from the device, you have bigger problems. Management and control traffic uses low modulations so all hosts can see them (for backwards compatibility) so I can only guess you are on the wrong channel, too far away, or that you have the wrong mac address filter in the capture. Assuming, of course, you have a driver configured and set the device into monitor mode properly and it really is picking up 802.11 monitor mode traffic. Check if you see the beacons from the AP under review.

Getting your adapter to work properly in Windows is not really a Wireshark question.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-04-28 04:20:44 +0000

Seen: 189 times

Last updated: Apr 28