This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Folowing up http://ask.wireshark.org/questions/8178/capture-packets-in-monitor-mode-option-does-not-work-unable-to-scan-any-http-traffic-other-than-my-own

I added an interface to monitor all the traffic on the wireless WPA network and I'm able to see lots of 802.11 packets.

I inserted wy wpa key in preferences, enabled the option to decrypt traffic, started sniffing, disconnected a computer from the network and reconnected and lastly acessed a page on youtube with http.

My problem is that I can't decrypt the http traffic. Why?

asked 22 Apr '12, 09:14

miguel's gravatar image

miguel
1111
accept rate: 0%


If by "Filter HTTP" you mean that, when you did the capture, you used a capture filter that only captured HTTP, such as tcp port 80, then you won't be able to decrypt the traffic because, to quote the Wireshark Wiki's "How to decrypt 802.11" page, "WPA and WPA2 use keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter eapol to locate EAPOL packets in your capture."

permanent link

answered 22 Apr '12, 09:33

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×86
×23

question asked: 22 Apr '12, 09:14

question was seen: 7,171 times

last updated: 22 Apr '12, 09:33

p​o​w​e​r​e​d by O​S​Q​A