[rt2x00-users] rt61pci fails to detect EAPOL packets
Helmut Schaa
helmut.schaa at googlemail.com
Wed Jul 27 21:35:23 EST 2011
Hi,
Am Mittwoch, 27. Juli 2011 schrieb dj_def at webmail.it:
> I try to repropose this problem as it seems almost nobody noticed it:
>
> The network card doesn't work as expected in monitor mode (rt61pci driver).
> It should be able to capture every EAPOL packet but with newer kernels it
> can't.
> To reproduce:
>
> 1) stop all network managers
> 2) sudo ifconfig wlan0 192.168.0.77
I assume wlan0 is a station mode interface, right?
> 3) sudo route add default gw 192.168.0.1
> 4) wpa_passphrase myEssid
> ----> myWPA
> insert the output into /etc/wpa_supplicant.conf
> 5) sudo airmon-ng start wlan0 11
I have no idea how airmon-ng creates a monitor interface but have
you tried to manually create it with
iw dev wlan0 interface add mon0 type monitor
ifconfig mon0 up
instead of letting airmon-ng create it?
> 6) open wireshark with the correct privileges, start capturing from mon0,
> select "eapol" filter, enable decryption inserting the correct wpa in the
> preferences of the IEEE 802.11 protocol.
Have you tried without adding a wireshark filter?
> 7) sudo wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
>
> With a 2.6.35 kernel (I tried with Ubuntu 10.10 and Backtrack 4) I can see all
> the six EAPOL packets that I need to decrypt the traffic.
Maybe you used software crypto back then, and now crypto is offloaded to the
hw (module parameter nohwcrypt)?
> With a 2.6.38 kernel (I tried with Ubuntu 11.04 and Backtrack 5) I can see
> four EAPOL packets (or five if I select "ignore the protection bit" + "with IV
> detection" in the preferences of the IEEE 802.11 protocol). In particular the
> "key" "(group msg 2/2)" packet is missing.
Again have you tried without a filter?
Helmut
More information about the users
mailing list