-1

I've put my wireless card in monitor mode following this tutorial. After that, I started monitor my wifi home and, after a few seconds, I stop it. Every packet was crypted (obviously), so I follow this tutorial and including my <wifi_password>:<SSID>, but nothing happens. Every packet is still crypted.

Any idea/help/solution?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Pablo D
  • 101
  • 4
  • 3
    From the tutorial: "Unless *all four handshake packets are present* for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic." – ThoriumBR Apr 29 '22 at 15:52

1 Answers1

2

You need the full handshake. Without it you have only the traffic after the handshake and not the keys.

To capture the handshake you have 2 options:

  1. disconnect and reconnect a client from the network

  2. force a deauthentication

To force a deauthentication you can use aireplay-ng. The client will be disconnected, but will reconnect again automatically.

If you have Wireshark running before the authentication takes place, you will be able to decrypt traffic.

What kind of traffic? Unencrypted traffic only. You won't be able to read SSL data, for example. You can sniff clear text protocols: HTTP, Telnet, plain FTP. But not HTTPS, SIP, SSH, anything encrypted.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142