Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2019-04-10 05:47:32 +0000

dizcza gravatar image

Cannot decrypt POST requests in monitor mode

Hello, wireshark community. I put Alfa adapter in monitor mode and ran airodump-ng wlan0mon -w out --essid <SSID name> --channel 13. Then I opened this file via wireshark, entered the valid wpa-pwd decryption key for the specified SSID and filter packets to display http only.

I hit aavtrain.com, which is http only, and entered some username and password. Clicked submit and back to wireshark. I see only http GET requests to aavtrain.com, but I'm unable to see the post request that I sent no matter how many times I tried.

Cannot decrypt POST requests in monitor mode

Hello, wireshark community. I put Alfa adapter in monitor mode and ran airodump-ng wlan0mon -w out --essid <SSID name> --channel 13. Then I opened this file via wireshark, entered the valid wpa-pwd decryption key for the specified SSID and filter packets to display http only.

I hit aavtrain.com, which is http only, and entered some username and password. Clicked submit and back to wireshark. I see only http GET requests to aavtrain.com, but I'm unable to see the post request that I sent no matter how many times I tried.

Updated.

I noticed that instead of POST request I see TCP ACKed unseen segment warning. But I don't understand what does it really mean and why it didn't capture this packet.

Cannot decrypt POST requests in monitor mode

Hello, wireshark community. I put Alfa adapter in monitor mode and ran airodump-ng wlan0mon -w out --essid <SSID name> --channel 13. Then I opened this file via wireshark, entered the valid wpa-pwd decryption key for the specified SSID and filter packets to display http only.

I hit aavtrain.com, which is http only, and entered some username and password. Clicked submit and back to wireshark. I see only http GET requests to aavtrain.com, but I'm unable to see the post request that I sent no matter how many times I tried.

Updated.

I noticed that instead of POST request I see TCP ACKed unseen segment warning. But I don't understand what does it really mean and why it didn't capture this packet.packet. Wireshark FAQ explains that it might be due to my interface was not fast enough but why it is able to capture all GET requests then?

Cannot decrypt POST requests in monitor mode

Hello, wireshark community. I put Alfa adapter in monitor mode and ran airodump-ng wlan0mon -w out --essid <SSID name> --channel 13. Then I opened this file via wireshark, entered the valid wpa-pwd decryption key for the specified SSID and filter packets to display http only.

I hit aavtrain.com, which is http only, and entered some username and password. Clicked submit and back to wireshark. I see only http GET requests to aavtrain.com, but I'm unable to see the post request that I sent no matter how many times I tried.

UpdatedUpdated 1.

I noticed that instead of POST request I see TCP ACKed unseen segment warning. But I don't understand why it didn't capture this packet. Wireshark FAQ explains that it might be due to my interface was not fast enough but why it is able to capture all GET requests then?

Updated 2

The issue turned out to be not persistent while I thought it was.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2