User Tools

Site Tools


wpa_capture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
wpa_capture [2008/01/26 17:37] – updated version and date fields mister_xwpa_capture [2009/09/19 04:09] – "is using is using" changed to "is using" mister_x
Line 13: Line 13:
 The [[http://aircrack-ng.org|Wiki]] links page has a [[links#wpa_wpa2_information|WPA/WPA2 section]].  The best document describing WPA is [[http://www.hsc.fr/ressources/articles/hakin9_wifi/index.html.en|Wi-Fi Security - WEP, WPA and WPA2]].  This is the [[http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf|link]] to download the PDF directly. The [[http://aircrack-ng.org|Wiki]] links page has a [[links#wpa_wpa2_information|WPA/WPA2 section]].  The best document describing WPA is [[http://www.hsc.fr/ressources/articles/hakin9_wifi/index.html.en|Wi-Fi Security - WEP, WPA and WPA2]].  This is the [[http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf|link]] to download the PDF directly.
  
-To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All" This shows all the sections and fields expanded.  You will need to scroll through the fields for each packet to locate the ones mentioned.  See this [[http://aircrack-ng.org/doku.php?id=faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.+To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All" This shows all the sections and fields expanded.  You will need to scroll through the fields for each packet to locate the ones mentioned.  See this [[faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark.
  
 The captures were done using an Ralink RT73 chipset and airodump-ng as the capture program. The captures were done using an Ralink RT73 chipset and airodump-ng as the capture program.
Line 144: Line 144:
 Up to this point, you will notice that the packets are identical between a successful and failed connection. Up to this point, you will notice that the packets are identical between a successful and failed connection.
  
-These are the first two of four "handshake" WPA packets.  The AP sends out a packet with information that it expects the wireless client to send back properly encrypted with passphrase.  Since the wireless client is using is using the wrong passphrase, it is incorrect.  +These are the first two of four "handshake" WPA packets.  The AP sends out a packet with information that it expects the wireless client to send back properly encrypted with passphrase.  Since the wireless client is using the wrong passphrase, it is incorrect.  
  
 Notice that the AP initiates the four-way handshake by sending the first packet.  Notice that the AP initiates the four-way handshake by sending the first packet. 
wpa_capture.txt · Last modified: 2018/10/06 02:54 by mister_x