Hello everyone, I have spent several hours trying to get this to work without any success, so I would really appreciate your help. So here is the scenario, I have a Macbook pro running Mac OS X Lion connected to my home wireless network secured with WPA2. I have Wireshark running on this computer and want to capture and decrypt the traffic. I have specified the passphrase and the network SSID in IEEE 802.11 from the protocols list under Edit-> Preferences. I have also done it in the Wireless toolbar. Now when I start the capture, I can decrypt the traffic to and from Macook pro running Wireshark but not from another computer connected to the same wireless network even if I disconnect and re-associate that computer with the wireless network. I can see the 4-way EAPOL handshake from that computer in my trace but the traffic following that is not decrypted. Any ideas what I might be doing wrong here please? asked 08 Jul '12, 01:50  Nawaz edited 08 Jul '12, 05:33  grahamb ♦ |
One Answer:
I have found that I have to toggle between None, Wireshark, or Driver then back to Wireshark for decryption to actually work sometimes. answered 10 Oct '14, 07:49  Murray |
