Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

Sorry Guest, you are banned from posting and sending personal messages on this forum.

This ban is not set to expire.

[atkdef]

At first, thank you to whoever pay attention to this

problem:

 - When i use airodump-ng or wireshark to capture frames, i cannot capture a pair of handshakes.

here's some information:

 - wireless adapter: rtl8723ae

 - operation system: Kali 1.0.6 / Windows 7, dual boot

 - driver under kali: kali built-in driver at first (named rtl8723ae), then a modified driver (named rtl8723e)

 - although airmon-ng shows the chipset is unknown, this chipset supports monitor mode and looks like it works.

 - i have specified the channel when creating the mon* interface.

 - looks like both of the drivers i tried do not support b/g/n mode setting

 - i have done "airmon-ng check kill" as a preparation.

tests for the first problem; please note that there's a order of them:

* if you feel dizzy readding tests below, head to the conclusion (*strongly recommend because I feel dizzy when i finished writing*).

    --------

    1. manual reconnect on Device A, right after entering monitor mode.

 - no eapol frames captured, no matter how many times i do this test

    2. use aireplay-ng -0 to deauthenticate Device A

 - in most cases, both the first and the third handshakes can be captured.

 - if the frequency of deauthentication is high, only the first or the third handshake will be captured.

    3. manual reconnect on Device A, after the deauthentication

 - similar to step 2, the first and the third handshakes can be captured.

    --------

    4. manual reconnect on Device B

 - similar to step 1, no eapol frames captured.

    5. use aireplay-ng to deauthenticate Device B

 - similar to step 2, the first and the third handshakes can be captured.

    6. manual reconnect on Device B, after the deauthentication

 - similar to step 5, the first and the third handshakes can be captured.

    --------

    7. manual reconnect on Device A

 - again, no eapol frames captured.

    --------

    8. do a deauthentication broadcast

 - most of the second and fourth handshake captured.

 - some of these handshakes may not be captured due to the burst of reconnect.

    9. manual reconnect on Device A and Device B

 - similar to step 8, both the second and forth handshakes can be captured.

    --------

    10. do a deauthentication to Device A

 - the first and the third handshake will be captured.

    11. manual reconnect on Device A

 - similar to step 10.

    12. manual reconnect on Device B

 - no eapol captured.

    --------

* will get same result if i replace Device B with MAC-modified Device A to do tests above.

====================

i hope this will not make you feel dizzy..

in conclusion:

 - there's something like, the wireless adapter will have a relationship with a specific device using MAC address as identification.

 - only packets that are sent to the specific device will be captured.

 - aireplay-ng -0 can trigger the create or shift of such a relationship.

====================

In addition to the tests above, I do some tests under windows with network monitor 3.4.

To my surprise, if i specify the channel, all the four handshakes can be easily captured.

This may prove that the wireless adapter has the capacity to capture the full handshakes.

====================

Thank you again for reading through this.

If you have any ideas that may help solving the problem, dont hesitate to post them out here.



regards

[rtl8187]

AGAIN, again and again, more and more users are reporting this issue, but *NOBODY*, and I mean=administrators, give the right answer!
Check out that post too, I would guess it's your same issue:

Hurrelman,
Getting a full handshake can be very difficult.  The wiki WPA tutorials have quite extensive troubleshooting tips.  Start with those tips.
d.

The truth instead is: getting such handshake is very easy.
There are many ways, and at least one extremely-easy way, it is just in front of your eyes, using another of the aircrack tools .... is that enough as hint?
But that info is still kept secret.

Dear moderators, can we know finally what's the deal with that secret?

[atkdef]

AGAIN, again and again, more and more users are reporting this issue, but *NOBODY*, and I mean=administrators, give the right answer!
Check out that post too, I would guess it's your same issue:

Hurrelman,
Getting a full handshake can be very difficult.  The wiki WPA tutorials have quite extensive troubleshooting tips.  Start with those tips.
d.

The truth instead is: getting such handshake is very easy.
There are many ways, and at least one extremely-easy way, it is just in front of your eyes, using another of the aircrack tools .... is that enough as hint?
But that info is still kept secret.

Dear moderators, can we know finally what's the deal with that secret?

im not sure whether the handshakes from airbase-ng work.

it is possible to capture a pair of handshakes from airbase-ng, but the crack fails even though the word is in the dictionary.

actually, i dont think the problem is on aircrack-ng. i suspect the driver more.

however, i cannot come up with a place for me to ask these questions except this forum.

theoretically, capturing eapol packets can be irrelevant to aircrack.

i cannot/partly capture handshakes even though the wireless adapter is under monitor mode.

thank you for your reply.

let me know if you dont refer to airbase-ng.

[DarkAudax]

rtl8187,

I continue to be puzzled by you thinking we have secret information regarding capturing handshakes.  The truth is exactly the what you quoted me below.  At no time has any information or techniques been withheld as secrets.  All our knowledge has been posted publicly.  The sole purpose of this forum and wiki is to share knowledge.

Don't confuse lack of sharing with us banning people knowingly breaking into networks which do not belong to them.  We will continue to block that type of activity.

If, in fact, you have advanced knowledge and tricks then you should share it with everyone.

d.

AGAIN, again and again, more and more users are reporting this issue, but *NOBODY*, and I mean=administrators, give the right answer!
Check out that post too, I would guess it's your same issue:

Hurrelman,
Getting a full handshake can be very difficult.  The wiki WPA tutorials have quite extensive troubleshooting tips.  Start with those tips.
d.

The truth instead is: getting such handshake is very easy.
There are many ways, and at least one extremely-easy way, it is just in front of your eyes, using another of the aircrack tools .... is that enough as hint?
But that info is still kept secret.

Dear moderators, can we know finally what's the deal with that secret?

[rtl8187]

let me know if you dont refer to airbase-ng.

wharever I'll wite here will be banned, or deleted or blocked.
Write your personal email here, don't send me pm, it will be blocked - and I will contact you privately.
Substitute the @ with some other character to avoid spam.
Now let's see if that post will stay here...........

[DarkAudax]

rtl8187,

I don't consider airbase-ng a secret nor do I personally consider it a base-line tool for WPA handshake capture.

Using airbase-ng for WPA handshake capture involves additional constraints.  You must be physically closer to a client since the transmit range of your own wireless card is normally less then the capture distance.  So, generally speaking, the airodump-ng approach typically yields better results.

Having said that, having a broad range of tools in your toolkit never hurts.

d.

[atkdef]

let me know if you dont refer to airbase-ng.

wharever I'll wite here will be banned, or deleted or blocked.
Write your personal email here, don't send me pm, it will be blocked - and I will contact you privately.
Substitute the @ with some other character to avoid spam.
Now let's see if that post will stay here...........

ffffffffffln_at_gmail.com

thanks

[atkdef]

rtl8187,

I don't consider airbase-ng a secret nor do I personally consider it a base-line tool for WPA handshake capture.

Using airbase-ng for WPA handshake capture involves additional constraints.  You must be physically closer to a client since the transmit range of your own wireless card is normally less then the capture distance.  So, generally speaking, the airodump-ng approach typically yields better results.

Having said that, having a broad range of tools in your toolkit never hurts.

d.

is it possible to set up airbase-ng and keep deauthenticating the original connection to ensure the capture?

also, can you tell me why i can only capture packets sent to a specific target?

i did read carefully through the tips, but i really dont have an idea on this.

this is too strange for me to infer what's happening.

[DarkAudax]

atkdef,

deauth with airbase-ng: Yes, you can do both at the same time.

capture packets to specific target:  The most common reason is that your card and the other clients are using different methods.  IE g versus n.

d.