This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello everyone,

I have spent several hours trying to get this to work without any success, so I would really appreciate your help. So here is the scenario, I have a Macbook pro running Mac OS X Lion connected to my home wireless network secured with WPA2. I have Wireshark running on this computer and want to capture and decrypt the traffic. I have specified the passphrase and the network SSID in IEEE 802.11 from the protocols list under Edit-> Preferences. I have also done it in the Wireless toolbar.

Now when I start the capture, I can decrypt the traffic to and from Macook pro running Wireshark but not from another computer connected to the same wireless network even if I disconnect and re-associate that computer with the wireless network. I can see the 4-way EAPOL handshake from that computer in my trace but the traffic following that is not decrypted.

Any ideas what I might be doing wrong here please?

asked 08 Jul '12, 01:50

Nawaz's gravatar image

Nawaz
1111
accept rate: 0%

edited 08 Jul '12, 05:33

grahamb's gravatar image

grahamb ♦
19.8k330206


I have found that I have to toggle between None, Wireshark, or Driver then back to Wireshark for decryption to actually work sometimes.

permanent link

answered 10 Oct '14, 07:49

Murray's gravatar image

Murray
111
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×38
×36

question asked: 08 Jul '12, 01:50

question was seen: 4,057 times

last updated: 10 Oct '14, 07:49

p​o​w​e​r​e​d by O​S​Q​A