Wi‑Fi: Handshakes, capture failures, adapter pitfalls
Diagnose why you can’t see the AP, why captures are empty, and why monitor mode “works” but yields nothing.
Wireless Troubleshooting Hub
A practical, lab-safe set of checklists for when your wireless workflow “should work” but doesn’t. These guides focus on diagnosis, safe experimentation, and defensive understanding—not disrupting real systems.
Permission-first: Only test devices you own or have explicit written authorization to assess.
Keep experiments contained and low power. See Ethics.
Before you start: common root causes
Most “wireless hacking tool” failures are not exploits—they’re environmental, configuration, or expectation mismatches. Run this checklist before you change hardware or buy new gear.
- Wrong band / channel: You’re listening on 2.4 GHz while the target is 5/6 GHz, or you’re decoding the wrong Sub-GHz frequency plan.
- Front-end overload: Strong nearby transmitters (Wi‑Fi AP, LTE tower, laptop, USB 3.0 noise) can desense SDRs and cheap receivers.
- Bad antenna assumptions: Antenna is mismatched (433 vs 868/915 MHz), poorly grounded, or too close to metal/hand/body.
- Clock / sample rate drift: SDR drift makes narrowband decodes flaky (FSK/OOK). Calibrate or use known references.
- Power & cables: Brown-outs, flaky USB cables, hubs, or insufficient power cause “random” behavior.
- Permissions & drivers: On macOS/Linux, missing USB permissions or driver conflicts look like “device not found.”
- Security features doing their job: Modern protocols often prevent replay/cloning; the correct result is “not possible” without keys.
Deep troubleshooting guides
Wi‑Fi: “I only see beacons, no data frames”
Fix band/width mistakes, generate predictable traffic, and validate captures with a repeatable workflow.
Wi‑Fi: Capture filter, wrong interface, empty PCAP
Managed vs monitor interface names and capture vs display filters in Wireshark.
Wi‑Fi: PMF is “on” but still confused
Optional vs required, dashboards vs reality—then use the PMF enforcement checklist.
BLE: Pairing, GATT errors, and “why can’t I read this characteristic?”
Work through permissions, bonding, encryption, and tooling mistakes with a defensive mindset.
BLE: “Characteristic visible but unreadable”
Map errors to security state (unpaired/paired/bonded), clear caches, and test notify vs read.
BLE: “Connected but no notifications” (CCCD / subscribe)
Enable notify/indicate correctly, fix stale handles, and spot firmware that never pushes events.
RFID/NFC: Read failures, tag types, and anti-clone reality checks
Figure out what tag you’re holding, why reads fail, and what “secure” cards change about your approach.
RFID/NFC: “Partial read, wrong UID, or garbled data”
Coupling, metal detuning, multi-tag anticollision, and auth-required memory vs RF noise.
RFID/NFC: “Writes fail but reads work”
Keys, sector trailers, wrong block, and tag-family permission models.
Sub‑GHz: Decodes, noise, antennas, and frequency plans
Stop guessing. Identify the band, reduce noise, choose the right antenna, and validate decodes.
Sub‑GHz: “Decode looks right but replay fails”
Frequency plan, timing/modulation mismatch, rolling codes, and RF environment validation steps.
SDR & Sub‑GHz: Signal present, wrong decoder (URH vs SDR++)
FFT energy vs decoder chain; parameter parity and IQ round-trip between tools.
IR: Learning codes, carrier frequency, and range problems
Why “learn” sometimes fails, how to check carrier assumptions, and how to improve reliability.
IR: “Learning works but playback is unreliable”
Carrier mismatch, repeat patterns, ambient light noise, and a tight replay validation workflow.
SDR: Gain, sample rate, drift, and overload (RTL‑SDR/HackRF basics)
Get a stable baseline and avoid the most common SDR self‑inflicted wounds.
SDR: “Waterfall looks busy but nothing decodes”
Wrong mode/bandwidth, overload, dropped samples, squelch, and decoder mismatches.
Supporting pages: FAQs, glossary, setup, comparisons
Use these quick references while running the deeper protocol guides.
Wi-Fi FAQ
Handshake, channel, PMF, and adapter answers.
BLE FAQ
Pairing, bonding, and GATT permission pitfalls.
RFID/NFC FAQ
LF vs HF, read failures, and anti-clone basics.
Sub-GHz FAQ
Frequency plans, antenna tuning, and noisy decodes.
IR FAQ
Carrier assumptions, repeat frames, and range fixes.
SDR FAQ
Gain staging, drift, and sample-rate tradeoffs.
Wireless Security Glossary
Quick definitions for common protocol and RF terms.
Wireless Lab Setup Guide
Build a safe, repeatable, segmented home lab.
Buyer Guide: Starter Kits
Choose tools by workflow fit, not hype.
Flipper vs ESP32 Marauder
Which one to buy first for your goals.
HackRF vs RTL-SDR
Practical SDR tradeoffs for beginners and advanced labs.
PMF Enforcement Checklist
Blue-team verification playbook for modern Wi-Fi defenses.
RFID Access Control Checklist
Architecture-level defensive controls beyond card cloning myths.
Rogue AP Monitoring Playbook
Detection signals, triage flow, and validation criteria.
Best First Lab Under $500/$1000/$2000
Budget-first setup plans with realistic upgrade paths.
Accessories That Matter
High-impact accessory choices and what to skip early.
Tool Reliability Scorecard
Evaluate tools by stability, docs, ecosystem, and reproducibility.
Cross-Protocol Failure Patterns
Root-cause taxonomy shared across Wi-Fi, BLE, RFID, IR, and SDR.
A minimal lab kit that prevents 80% of issues
These are boring, but they fix real problems faster than new gadgets.
- Quality USB cables + powered hub: Eliminates intermittent disconnects and brown-outs.
- Known-good antennas: One tuned for 433 MHz and one for 868/915 MHz if you do Sub‑GHz work.
- Attenuator + filters (for SDR): Helps with overload in urban RF environments.
- Lab targets: A spare router/AP, a BLE dev board, test tags, and a cheap IR device you own.
- Containment: Faraday bag/box (or at least distance + low TX power) for controlled tests.
Want a “what to buy next” path? See Device Reviews and start with one focused workflow.
Quick FAQ
Why does my wireless capture or decode look empty even though my hardware works?
Usually wrong band or channel, wrong interface (managed vs monitor), overloaded RF front-end, overly strict capture filters, or no active client traffic on the path you are observing. Start with a known-good lab target and validate one layer at a time.
Do these guides require permission to use?
Yes. Only test networks, devices, and tags you own or have explicit written authorization to assess. Keep transmissions low-power and contained.
How do I tell RF problems apart from permissions, keys, or policy?
If physical-layer symptoms (distance, noise, overload) change with position, antenna, or gain, suspect RF. If reads succeed but writes fail, or GATT errors mention authentication, suspect keys, bonding, or server-side policy.
Where should I start if I do not know which protocol failed first?
See cross-protocol failure patterns, then open the protocol guide that matches your symptom (capture, pairing, read/write, decode, or replay).