1. install AirPcap dongle driver
after installation, check device manager
Packet Caputre devices - AirPcap USB Wireless Capture Adapter (or similar)
2. Run Wireshark (current version v1.10.6)
Click icon menu "Show the caputre options" (or menu: Capture: Options)
check the AirPcap driver
double click, show "Edit interface Settings"
Check "Caputre packets in promiscuous mode"
Click "Wireless Settings"
Set Channel (same as AP setting, for example 2412 BG11), Offset (0), Capture type (802.11+Radio)
Click "Start" to capture packets, Click "Stop" to stop capturing
3. search all packets related with one AP/Sta
wlan.addr == **:**:**:**:**:**
4. display filter
ip.src==*.*.*.*
ip.dst==*.*.*.*
http.request.method=="POST";
tcp.srcport==80
wlan.addr == *.*.*.*
wlan.fc.type == 0 management frame
wlan.fc.type == 1 control frame
wlan.fc.type == 2 data frame
wlan.fc.type_subtype == 0x24 null data
wlan.fc.type_subtype == 0x28 qos data frame
wlan.fc.type_subtype == 0x08 beacon
wlan.fc.type_subtype == 0x00 Association request
wlan.fc.type_subtype == 0x01 Association response
wlan.fc.type_subtype == 0x04 Probe request
wlan.fc.type_subtype == 0x05 Probe response
wlan.fc.type_subtype == 0x08 Beacon
wlan.fc.type_subtype == 0x0B Authentication
wlan.fc.type_subtype == 0x1B Request to send
wlan.fc.type_subtype == 0x1C Clear to send
wlan.fc.type_subtype == 0x1D ACK
wlan.fc.type_subtype == 0x28 Qos data
adb root; adb shell wpa_cli -i p2p0 (remember "psk=*******")
set Channel & Bandwidth (channel/Bandwidth see https://en.wikipedia.org/wiki/List_of_WLAN_channels)
press START
Wireshark View -> Check "Wireless Toolbar"
in Toolbar click "802.11 preferences"
Decryption keys Edit..., press +
Key type: wpa_psk
Key: input "******"
click "OK"
扫一扫
2587
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
