Sniffing Wireless Authentication Requests

Started by mynd, January 12, 2015, 01:03:59 PM

Previous topic - Next topic

mynd

From my Win7 box, is there a way to sniff the authentication traffic between me and the AP, locally? Or will I need to use another machine, on the wireless, to see this traffic?

icecream-guy

:professorcat:

My Moral Fibers have been cut.

mynd

well of course I tried that :)

But it doesn't see any EAP requests when I filter it down to EAP. My suspicion is maybe Windows sees the interface as "down" until after it associates with the AP...

SimonV


mynd


Quote from: SimonV on January 12, 2015, 02:50:34 PM
Have you read through this wiki article on the Wireshark site?

http://wiki.wireshark.org/CaptureSetup/WLAN
didnt't see that one yet. I'll take a read :)

mynd

#5
I found the solution to this, at least for my situation, a while ago. Just wanted to update in case someone stumbles upon this thread :)

http://wifinigel.blogspot.com/2014/08/cisco-wlc-per-client-packet-capture.html

The commands I used, I believe, were:


config ap packet-dump ftp serverip <ip-address> path <path> username <user_ID> password <password>
config ap packet-dump classifier dot1x enable
config ap packet-dump classifier data enable
config ap packet-dump start <client-mac-address> <ap-name>


After I disconnected and joined the two dot1x SSID's, I stopped the packet capture


config ap packet-dump stop




deanwebb

Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.