802.11 Sniffer Capture Analysis deauth packets with wireshark

asked 2018-07-31 12:22:04 +0000

StayCalm gravatar image

updated 2018-07-31 12:23:04 +0000

I'm trying to analyse my Sniffer Capture and to get information about the STA, who sends deauth packets. Actually I'm doing it with my laptop and my AP to test my WLAN security. But where in this wireshark capture should I look for the MAC Adress from the station who sends deauth packets (my laptop)? All I can see here, it's like my AP (source address) sends packets to himself (Transmitter address) . Maybe it's a silly question, but I do not get it.

I can not to attach my wireshark capture hier, because I'm new and have no 60 points. But I asked this question already here: https://stackoverflow.com/questions/5...

edit retag flag offensive close merge delete


Which OS and Wireshark version? Note that 802.11 captures on Windows are problematic due to driver support? See the WLAN capture setup wiki page for more info.

grahamb gravatar imagegrahamb ( 2018-07-31 13:22:55 +0000 )edit

Linux blackarch wireshark 2.4.2

StayCalm gravatar imageStayCalm ( 2018-07-31 13:26:10 +0000 )edit

Are you trying to capture frames in monitor mode on the same interface you are injecting from? Not usually the best choice. From your other picture, something is sending a Broadcast deauth(): destination/receiver of ff:ff:ff:ff:ff:ff. It's not to itself, it's to client devices on that BSSID. I don't really know what you are trying to do so don't know if that result is expected or not.

With injection tools that really work, you can masquerade as other devices so you have to be careful about determining actual source. You may have to infer some things.

Bob Jones gravatar imageBob Jones ( 2018-07-31 13:49:09 +0000 )edit