What are the packages I have to find called?
tcpdump-mini and then install Wireshark on your "desktop".
macOS can install with brew cask install wireshark, if you use Homebrew. It's generally available as a package on Linux-based, desktop OSes, or from https://www.wireshark.org/download.html
He talked about the captured packages.
I already captured the traffic with tcpdump and analyzed it in Wireshark, but I do not know what to see there.
While capturing packets, connect a device to the mesh and do a simple DNS lookup from the device: "host www.google.com" or some such thing. If the captured packets can be understood by wireshark as a DNS lookup with the domain name in the clear... you're not encrypted. If they're garbled junk, they're encrypted.
1 Like
I already connected the second node after having started to capture packets.
I do not know if I'm looking for the right place in Wireshark.
The "no clear text seen" when you know you're sending clear text is a strong indicator.
Some information on how to filter and understand frames at
The presence of the RSN data doesn't guarantee that encryption is used, just that it is offered.
You should see encryption information in the data frames' metadata, as I recall.
See also
The truth is that I do not understand anything.
Does not match in the part of Auth Key Management part (AKM) List 00:0f:ac PSK and RSN Capabilities: 0x0000.
Beacon Frame
Probe Response
Try expanding the packet decode. Wireshark is very detailed, down to explaining bit fields.
Some answer?
You're the one with the network and tools at hand. That's a call you'll need to make, based on what's in front of you.
But does not give some information captures?
I'm using wpad-mesh-openssl and the beginning does not happen anymore.
With iwinfo phy1 scan the following appears:
Cell 09 - Address: 24:0A:64:1A:0B:55
ESSID: "Test"
Mode: Mesh Point Channel: 1
Signal: -39 dBm Quality: 70/70
Encryption: WPA2 NONE (CCMP)