At first, thank you to whoever pay attention to this
problem:
- When i use airodump-ng or wireshark to capture frames, i cannot capture a pair of handshakes.
here's some information:
- wireless adapter: rtl8723ae
- operation system: Kali 1.0.6 / Windows 7, dual boot
- driver under kali: kali built-in driver at first (named rtl8723ae), then a modified driver (named rtl8723e)
- although airmon-ng shows the chipset is unknown, this chipset supports monitor mode and looks like it works.
- i have specified the channel when creating the mon* interface.
- looks like both of the drivers i tried do not support b/g/n mode setting
- i have done "airmon-ng check kill" as a preparation.
tests for the first problem; please note that there's a order of them:
* if you feel dizzy readding tests below, head to the conclusion (*strongly recommend because I feel dizzy when i finished writing*).
--------
1. manual reconnect on Device A, right after entering monitor mode.
- no eapol frames captured, no matter how many times i do this test
2. use aireplay-ng -0 to deauthenticate Device A
- in most cases, both the first and the third handshakes can be captured.
- if the frequency of deauthentication is high, only the first or the third handshake will be captured.
3. manual reconnect on Device A, after the deauthentication
- similar to step 2, the first and the third handshakes can be captured.
--------
4. manual reconnect on Device B
- similar to step 1, no eapol frames captured.
5. use aireplay-ng to deauthenticate Device B
- similar to step 2, the first and the third handshakes can be captured.
6. manual reconnect on Device B, after the deauthentication
- similar to step 5, the first and the third handshakes can be captured.
--------
7. manual reconnect on Device A
- again, no eapol frames captured.
--------
8. do a deauthentication broadcast
- most of the second and fourth handshake captured.
- some of these handshakes may not be captured due to the burst of reconnect.
9. manual reconnect on Device A and Device B
- similar to step 8, both the second and forth handshakes can be captured.
--------
10. do a deauthentication to Device A
- the first and the third handshake will be captured.
11. manual reconnect on Device A
- similar to step 10.
12. manual reconnect on Device B
- no eapol captured.
--------
* will get same result if i replace Device B with MAC-modified Device A to do tests above.
====================
i hope this will not make you feel dizzy..
in conclusion:
- there's something like, the wireless adapter will have a relationship with a specific device using MAC address as identification.
- only packets that are sent to the specific device will be captured.
- aireplay-ng -0 can trigger the create or shift of such a relationship.
====================
In addition to the tests above, I do some tests under windows with network monitor 3.4.
To my surprise, if i specify the channel, all the four handshakes can be easily captured.
This may prove that the wireless adapter has the capacity to capture the full handshakes.
====================
Thank you again for reading through this.
If you have any ideas that may help solving the problem, dont hesitate to post them out here.
regards