Hi to all! I'm using Wireshark in BackTrack, with an Alfa AWUS036H as wireless interface, put in monitor mode. I'm trying to analyze the traffic in my wireless network: if there's no protection, I can capture the packets and analyze them; if the network is protected with WPA, following this guide: http://wiki.wireshark.org/HowToDecrypt802.11 I added the wpa-psk in the preferences. So, I can capture the packets, but I can't decrypt them. Then, I discovered that I need 4 handshake packets, so I disconnected and reconnected a client to the AP to get them, but still can't decrypt the packets. Analyzing the traffic using as filter "eapol", I can see several packets, named: Key (msg 1/4) Key (msg 2/4) Key (Group msg 1/2) Key (Group msg 2/2) My question is: since I need 4 handshake packets and I can see only Key (msg 1/4) and Key (msg 2/4) (I don't know about Group msg... - maybe broadcast packet?), this means I'm missing Key (msg 3/4) and Key (msg 4/4)? Or I have another problem that doesn't allow me to decrypt packets? Many thanks in advance for your help! :) asked 08 Apr '12, 13:31  Mr Wolf |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
