First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Some packets not coming through

  • retag add tags

Hi. As you can tell from the title, my problem is that when sniffing on a network, some packets are not being detected by wireshark. For example, out of the 4 authentication packets for WEP, most of the times it detects about 2-3. I'm using an AWUS036NH USB card with a Kali VBox, in monitor mode and in the same channel as the AP. The physical space is crowded with WLANs on the same channel, but my very limited experience with the subject doesn't let me consider if that's enough of a problem (the AP must be getting the packets, or else data transmission wouldn't happen). Does anyone know something that may be causing this? Thanks

anonymous user
asked 2018-08-31 11:39:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Packet loss is one of the significant issues with 802.11 wifi; especially in crowded networks with heavy RF usage.

Signal strength - you want to be 'close' to the devices, but not too close... maybe 1-2 meters away. One way to analyze the data is - can you correlate the loss? In a 4-way EAPOL handshake for WPA (or are you really using WEP? If so, please migrate to a secure solution!) you get two frames in each direction. The correlation part is - are they usually the client frames, or the APs, that are lost? Then look at signal strength and try to get an RSSI of -40 to -50 for both of the devices.

As well, you could have an issue with your capture mechanism not able to collect certain frames due to modulation differences. Based on the description, doesn't sound as if that is the issue but it depends on the specific frames you do get and the ones that are missing.

Passing USB devices like this into a VM to collect traffic, I find, to be very sensitive, especially with VirtualBox. It does work sometimes, but you might want to try a native install of Linux to have more resources available to the capture process. You might be able to boot from a USB on the PC so being native is usually possible.

Bob Jones's avatar
1.5k
Bob Jones
answered 2018-08-31 14:40:18 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you! I am using WEP currently start learning about wireless security. (Don't worry, the router is not connected to the internet and i'm only using it to see the packets sent and received when connecting to it). Thank you for such a complete description of the complications I could have, I will try your solutions one by one

haxxorz23's avatar haxxorz23 (2018-08-31 18:22:19 +0000) edit
more
  • delete

I had attached a long-range antenna for capturing packets coming from devices that were in my room

haxxorz23's avatar haxxorz23 (2018-09-02 20:30:04 +0000) edit
more
  • delete
add a comment see more comments
0

As Bob Jones pointed out, the problem had to do with the signal strength. I tried getting 2 meters away and the RSSI was about -15, which didn't match the -40 to -50 range he was talking about. After a long time of trying his well-thought solutions, I realized my retardation: I had attached a "long-range antenna" to the USB network card, thinking it would improve my connection... I don't know why I didn't think that a long-range antenna wouldn't have some problem with such close ranges. Anyways, thank you Bob for you did point me in the right direction and it's not your duty to state the obvious solutions.

haxxorz23's avatar
3
haxxorz23
answered 2018-09-02 20:28:26 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer