Is there any way to log incorrect password attempts on Wi-Fi networks

wireless-networking passwords logging wireless-access-point wpa2-psk
7,421

Solution 1

Thanks for the explanation of the handshake. I wasn't really interested in capturing the incorrect password, just the fact that an attempt had been made. After researching this a bit more, it looks like it's possible through Wireshark: Tutorial: WPA Packet Capture Explained.

This is quick and dirty explanation of two sample WPA capture files. The first file (wpa.full.cap) is a capture of a successful wireless client WPA connection to an access point. The second file (wpa.bad.key.cap) is a capture of a wireless client attempting to use the wrong passphrase to connect to the AP.

Solution 2

No, it’s not possible to log the actual password from the login attempt because of the four-way handshake which makes sure the password is never sent over the air. Here is the Wikipedia explanation of the four-way handshake that explains the concept:

The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key. Instead of disclosing the key, the access point & client each encrypt messages to each other—that can only be decrypted by using the PMK that they already share—and if decryption of the messages was successful, this proves knowledge of the PMK. The four-way handshake is critical for protection of the PMK from malicious access points—for example, an attacker's SSID impersonating a real access point—so that the client never has to tell the access point its PMK.

Share:
7,421

Related videos on Youtube

futureshape
Author by

futureshape

Updated on September 18, 2022

Comments

  • futureshape
    futureshape almost 2 years

    I’d like to monitor if clients attempt to connect to a Wi-Fi network using an incorrect WPA key. Are there any access points that log such attempts? Is this something that could be observed with a separate Wi-Fi card set to monitor mode?

    • Raystafarian
      Raystafarian over 9 years
      You want to see the incorrect password or you just want logs of attempts?
    • Ramhound
      Ramhound over 9 years
      I see no reason you couldn't do this provided you were running something like OpenWRT or DD-WRT. You would have to create your own module to handle this. The simplest way would be to modify the code that confirms the key provided is identical then log the MAC Address of that device. Of course its trivial to change your Mac Address.
  • Giacomo1968
    Giacomo1968 almost 9 years
    This is a good answer, but link-only answers without context are discouraged. Mainly because links—and their content—can change and disappear. And past that, providing someone with an answer but asking them to just go to another page and read through piles of text is not that fun. Better to do something similar to my edit: Clearly state the answer, then provide context as well as pertinent text from the linked page. That way others can just read this answer and get the point. And if they want to explore the concept further they can just click the link and read up at their own pace.
  • bertieb
    bertieb almost 9 years
    Whilst this link may well answer the question to your satisfaction, it would be preferable to include the essential parts of the information here, and provide the link for reference. If the links changes or disappears, there will be no explanation for someone else looking to achieve the same thing.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I make hostapd WPA2 work?
What is PMKID? Why would even a router give away the PMKID to an unauthorized stranger?
Can a second router connect via WAN to another Router and establish a second network?
Aircrack-ng Usage on Windows (XP) -- Needs clear steps
Disabling NAT and DHCP on OpenWRT routed client router
Connecting to DAP-1320 network after reset
Will two access points (on one network) speed up Wi-Fi access for multiple clients?
No WPA2 option in Windows XP SP3
Cisco VEN501-AT wireless access point password
Connecting a Wireless Access Point to a modem?