Sniffing Wireless Authentication Requests

mynd · January 12, 2015, 01:03:59 PM

From my Win7 box, is there a way to sniff the authentication traffic between me and the AP, locally? Or will I need to use another machine, on the wireless, to see this traffic?

icecream-guy · January 12, 2015, 02:15:28 PM

wireshark?

mynd · January 12, 2015, 02:21:31 PM

well of course I tried that

But it doesn't see any EAP requests when I filter it down to EAP. My suspicion is maybe Windows sees the interface as "down" until after it associates with the AP...

SimonV · January 12, 2015, 02:50:34 PM

Have you read through this wiki article on the Wireshark site?

http://wiki.wireshark.org/CaptureSetup/WLAN

mynd · January 12, 2015, 10:56:44 PM

Quote from: SimonV on January 12, 2015, 02:50:34 PM
Have you read through this wiki article on the Wireshark site?

http://wiki.wireshark.org/CaptureSetup/WLAN

didnt't see that one yet. I'll take a read

mynd · February 19, 2015, 08:55:22 AM

I found the solution to this, at least for my situation, a while ago. Just wanted to update in case someone stumbles upon this thread

http://wifinigel.blogspot.com/2014/08/cisco-wlc-per-client-packet-capture.html

The commands I used, I believe, were:

Code Select


config ap packet-dump ftp serverip <ip-address> path <path> username <user_ID> password <password>
config ap packet-dump classifier dot1x enable
config ap packet-dump classifier data enable
config ap packet-dump start <client-mac-address> <ap-name>

After I disconnected and joined the two dot1x SSID's, I stopped the packet capture

Code Select


config ap packet-dump stop

deanwebb · February 19, 2015, 09:25:25 AM

Cool, thanks for the follow-up!

Sniffing Wireless Authentication Requests

mynd

icecream-guy

mynd

SimonV

mynd

mynd

deanwebb