Wireshark · Wireshark-users: Re: [Wireshark-users] Leopard and AirPort, only my own packets

[Marco De Vitis <starless@xxxxxxx>]

Il 22-10-2008 14:37, Marco De Vitis ha scritto:

> I'll try when I get back home.

No success :(.
I'm having a hard time even sniffing my own traffic.

After some tests, it seems the only way to decrypt some data is by 
setting the "Ignore the protection bit" option to "Yes - with IV". But, 
even with this setting, if I sniff my own traffic (no "promiscuous 
mode") I cannot even see the password of a POP3 session in the captured 
data, which I see instead in a normal ethernet sniffing; I see the user, 
but not the password.

Moreover, it seems that the Airport card is working normally also while 
in monitor mode, my Internet activity continues as usual; isn't this 
strange, according to the docs?

Also, in the wiki I read:

"WPA and WPA2 uses keys derived from an EAPOL handshake to encrypt 
traffic. Unless all four handshake packets are present for the session 
you're trying to decrypt, Wireshark won't be able to decrypt the 
traffic. You can use the display filter eapol to locate EAPOL packets in 
your capture."

But I couldn't find any EAPOL packets anywhere in my captures...

Any help is welcome.

--
Ciao,
  Marco.