Hi I'm trying to capture the 4-way handshake between my tablet in my room and my AP. Somehow, when I'm next to the tablet, I can only pickup Messages #1 and #3. Only if I move closer to the AP (with the tablet still in my room), I can pick up #1, #2 and #3. I don't know why I can never pick up #4 though. Is there any reason why #2 (or #4 for that matter) is more sensitive to signal strength/distance from router? I'm using a Raspberry Pi - could it be too slow for the task? I'm using a TP-Link WN-722N. Thanks asked 12 Aug '15, 02:36  mun edited 12 Aug '15, 05:30 |
One Answer:
EAPOL messages #2 and #4 are transmitted by the WiFi client - in this case the tablet. So distance from the tablet would be important. That also means being too close to the client may cause your RF receiver on the wireless adapter that you are using for the wireless capture (i.e., TP-Link WN-722N) to saturate. You might want to try the following:
Good luck! answered 12 Aug '15, 06:47  Amato_C |
Thanks for the advice. I'm doing it in a RPi, but could the processor/memory/disk speed be an issue? Is there a better adapter for the job?
The RPi could be a limiting component. Are you using the Wireshark GUI to try to capture? If so, you might want to try a command line capture like tshark or dumpcap which are tools provided within Wireshark.
https://www.wireshark.org/docs/man-pages/tshark.html
https://www.wireshark.org/docs/man-pages/dumpcap.html
If you are running Linux, then you can also try tcpdump.
http://www.tcpdump.org/tcpdump_man.html