First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to decrypt 802.11 packets on open wifi?

Every tutorial I look at shows people decrypting 802.11 packets by using handshake keys on a PASSWORD PROTECTED wifi. I see 802.11 packets on a Wi-Fi that doesnt have a password to connect to it. How would I decrypt 802.11 packets if there is no password for a handshake to occur?

yourdonefor's avatar
1
yourdonefor
asked 2020-01-16 22:50:25 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

If it's open, there is no encryption so there is no need to decrypt to see the actual data payloads sent between hosts. What you are likely seeing are management and control frames; these do not require decryption but also do not contain payload data that you might want to see.

To see just data, try a filter such as

wlan.fc.type_subtype in {0x20 0x28}

If you have a capture from a monitor mode device, then this filter should hide the management and control frames and just show data/QoS data frames. For a network that is open, the payloads here will be visible (for example, might be http, dns, whatever).

Bob Jones's avatar
1.5k
Bob Jones
answered 2020-01-16 23:03:59 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Sorry accidentally "Answered" my question. I meant to comment. This makes sense now. Sorry if I looked like an idiot. Also how do I know what frequency to put my monitor mode into so I capture the most interesting stuff. I am particularly looking to capture http protocols. What's the easiest way to do it?

yourdonefor's avatar yourdonefor (2020-01-16 23:09:38 +0000) edit
more
  • delete

The most interesting stuff is available via a channel that is certainly specific only to you and your location. No one here can answer this; what are you trying to do? If you have specific devices that you want to study, then find out what channel they use, and then that would be the channel with the most interesting stuff.

If you want to see web traffic from other hosts, find out what channels they are on and you want to be there. If you really have no idea, do a survey. Do some network reconnaissance across all the channels (many tools like aircrack-ng, kismet, bettercap, horst, etc) allow for scanning of channels so look around and pick a good one. Note that laws vary and sniffing other people's traffic might not be legal.

Some general guidelines - much of the world will only use channels 1-6-11 on 2.4GHz ... (more)

Bob Jones's avatar Bob Jones (2020-01-16 23:22:00 +0000) edit
more
  • delete

Ok thanks. I appreciate your guys help. At least I wasn't going crazy.

yourdonefor's avatar yourdonefor (2020-01-16 23:25:38 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer