Hi there! This is my first question, so please be gentle.
I have an external WIFI -adaptor (Ralink RT5572
chipset) that i put into monitor mode using the following commands (wlp0s20f0u1
being the interface-name of course):
sudo ip link set wlp0s20f0u1 down && \ # Deactivate network interface
sudo iwconfig wlp0s20f0u1 mode monitor && \ # Change mode
sudo ip link set wlp0s20f0u1 up && \ # Reactivate
sudo iw dev wlp0s20f0u1 set freq 5260 # Set operating-frequency; AP is at 5GHz channel 52/5.26GHz
I then captured some traffic, including an authentication process with my Huawei-Smartphone. I successfully recorded all 4 EAPOL-packets. However, most of the packets are still encrypted, as can be seen looking at the trace.
I have generated a WIFI-key via the online-generator and added it in the settings for the IEEE 802.11-protocol (the key is 63c3ad1ebd33ac970e3e7b603a7f52e11aa476f7cabb0d5ffeafe65fbb213910
). Because this doesn't work, i also tried adding a key via wpa-pwd
, but that didn't change anything.
I also fiddled around with the settings Assume packets have FCS
and with the settings for Ignore the protection bit
, however the result remained the same. The settings are now the same as in the following image:
This issue sounds a lot like the one in this question, however there they have found a Key Descriptor Version of "3", while mine is at "2", which Wireshark should be able to decrypt, as far as I understood the answer in the linked question.
Can anyone help me with the issue? I feel like decryption should be possible, however I tried a lot of settings and feel a bit lost at the moment. I will happily provide more information/screenshots/captures/files if needed. Thanks a lot!