This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi to all! I'm using Wireshark in BackTrack, with an Alfa AWUS036H as wireless interface, put in monitor mode. I'm trying to analyze the traffic in my wireless network: if there's no protection, I can capture the packets and analyze them; if the network is protected with WPA, following this guide: http://wiki.wireshark.org/HowToDecrypt802.11

I added the wpa-psk in the preferences. So, I can capture the packets, but I can't decrypt them. Then, I discovered that I need 4 handshake packets, so I disconnected and reconnected a client to the AP to get them, but still can't decrypt the packets. Analyzing the traffic using as filter "eapol", I can see several packets, named: Key (msg 1/4) Key (msg 2/4) Key (Group msg 1/2) Key (Group msg 2/2)

My question is: since I need 4 handshake packets and I can see only Key (msg 1/4) and Key (msg 2/4) (I don't know about Group msg... - maybe broadcast packet?), this means I'm missing Key (msg 3/4) and Key (msg 4/4)? Or I have another problem that doesn't allow me to decrypt packets?

Many thanks in advance for your help! :)

asked 08 Apr '12, 13:31

Mr%20Wolf's gravatar image

Mr Wolf
1223
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×205
×44

question asked: 08 Apr '12, 13:31

question was seen: 7,472 times

last updated: 08 Apr '12, 13:31

p​o​w​e​r​e​d by O​S​Q​A