The previous command will capture handshakes on the channel on which wireless adapter is currently operating – there will be no automatic channel switching. Sudo tcpdump -i wlp0s20f0u1 -I -w test.cap -e -U ether proto 0x888e When capturing handshakes, it is recommended that you always specify the -U option, so that data is immediately written to a file.Īn example of capturing all handshakes (for any Access Points and clients) and saving them to the test.cap file:
In order for tcpdump to filter only handshake frames, use a filter: See the Wireshark Filters article for more details. Subsequently, this handshake can be found using Wireshark using a filter: When tcpdump is running in monitor mode without specifying filters, all wireless frames, including a four-way handshake, will be captured.
0 kommentar(er)
