dizcza's profile - activity

Is there a way not to filter by mac in wlan addr1/addr2? Something like wlan addr1 *?

it may only work on capture files already collected, not decrypt --> filter --> store. Yes, it makes sense. I

it may only work on capture files already collected, not decrypt --> filter --> store. Yes, it makes sense. I

it may only work on capture files already collected, not decrypt --> filter --> store. Ye

I suppose this is the same as wlan host <mac1> or wlan host <mac2>? I don't see such a filter in CaptureFilt

I want to capture HTTP traffic of WPA/WPA2 secured network through Alfa adapter, put in a monitor mode, Since, without any capture filter, file size grows quite fast, I want to save only HTTP and EAPOL handshakes to be able to decrypt HTTP packets. I suppose, the filter option should be

tshark -i wlan0mon -f "ether proto 0x888e or tcp port 80" -w tshark.pcap

But tcp port 80 filter works well only in open wifi. In WPA2, it filters out all packets. What options do I have? Or rather what filters might I use to capture as little irrelevant packets (not HTTP or not EAPOL) as possible in WPA network?

Update

The goal is to monitor which unsecured HTTP sites nearby users of some AP of a particular channel visit. For a reliable estimate, statistics should be gathered for a few hours / a day. Users might connect and disconnect at any time so I don't know their MACs beforehand. However, if I don't use any capture filter, or for example drop beacons only (wlan[0] != 0x80), I often see "TCP previous segment not captured" and "TCP ACKed unseen segment". Using wlan host <MAC> results in a more stable capture. But as I've already said, I might not know all potential users' MACs since not all clients might be connected. Wired capture is not an option.

tshark capture and filter HTTP in WPA2 secured network I want to capture HTTP traffic of WPA/WPA2 secured network throug

tshark capture and filter HTTP in WPA2 secured network I want to capture HTTP traffic of WPA/WPA2 secured network throug

@Bob, thank you for helping me. The issue appeared to be not persistent. For whatever reasons, yesterday I tried airodum

@Bob, thank you for helping me. The issue appeared to be not persistent. For whatever reasons, yesterday I tried airodum

Cannot decrypt POST requests in monitor mode Hello, wireshark community. I put Alfa adapter in monitor mode and ran airo

@Bob, thank you for helping me. The issue appeared to be not persistent. For whatever reasons, yesterday I tried airodum

Cannot decrypt POST requests in monitor mode Hello, wireshark community. I put Alfa adapter in monitor mode and ran airo

Cannot decrypt POST requests in monitor mode Hello, wireshark community. I put Alfa adapter in monitor mode and ran airo

@Bob, No while in monitor mode and yes in managed mode.

I can see POST requests in wireshark through the same interface in managed mode.

Cannot decrypt POST requests in monitor mode Hello, wireshark community. I put Alfa adapter in monitor mode and ran airo