Hello, First of all, I am very new to this and I am having difficulties. I have some questions about the decryption feature. Is this only used when in monitoring mode to capture wireless traffic? How do I know what my key is? Also, when wireshark is used to capture the traffic on a local machine, ie the machine it is running on, does it need an encryption key? Or does it automatically decrypt the traffic? Thanks asked 22 Jan '13, 04:05  ToNyW87 |
One Answer:
Assuming you are referring to 802.11 wireless traffic, then capturing and decryption are different entities and no key is need to capture traffic. To then decrypt and view the captured traffic you will need a key and your capture must contain the 4 EAPOL handshake packets that set the session key. See the Wiki pages on 802.11 capturing and decryption. answered 22 Jan '13, 05:27  grahamb ♦ |
