This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot decrypt WPA2 despite EAPOL capture

0

Hello everyone,

I have spent several hours trying to get this to work without any success, so I would really appreciate your help. So here is the scenario, I have a Macbook pro running Mac OS X Lion connected to my home wireless network secured with WPA2. I have Wireshark running on this computer and want to capture and decrypt the traffic. I have specified the passphrase and the network SSID in IEEE 802.11 from the protocols list under Edit-> Preferences. I have also done it in the Wireless toolbar.

Now when I start the capture, I can decrypt the traffic to and from Macook pro running Wireshark but not from another computer connected to the same wireless network even if I disconnect and re-associate that computer with the wireless network. I can see the 4-way EAPOL handshake from that computer in my trace but the traffic following that is not decrypted.

Any ideas what I might be doing wrong here please?

asked 08 Jul '12, 01:50

Nawaz's gravatar image

Nawaz
1111
accept rate: 0%

edited 08 Jul '12, 05:33

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

I have found that I have to toggle between None, Wireshark, or Driver then back to Wireshark for decryption to actually work sometimes.

answered 10 Oct '14, 07:49

Murray's gravatar image

Murray
111
accept rate: 0%