This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wpa-psk decryption is not working with tshark (wireshark 1.8.1)

0

I am trying to decrypt captured wpa-psk traffic with tshark, but it's not recognizing the option I'm trying to override. This option allows me to specify a PSK to use for decrypting. I'm using tshark 1.8.1 with windows xp. # tshark -o wlan.wep_key1:wpa-pwd:validation tshark: -o flag "wlan.wep_key1:wpa-pwd:validation" specifies unknown preference. PSK decyption was working in earlier version of wireshark

asked 14 Feb '13, 23:32

Joshy's gravatar image

Joshy
11112
accept rate: 0%

Hi. I have also problems with tshark and WPA decryption (Wireshark 1.8.2 64bit Ubuntu). I used the command tshark -r myFile.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-pwd:MyPassword:MySSID This ends in the error message: tshark: -o flag "wlan.wep_key1:wpa-pwd:MyPassword:MySSID" specifies unknown preference

If I open Wireshark, and ->Edit->Preferences->Protocols->IEEE 802.11-> and enable decryption and set the Key (wpa-pwd myPassword:SSID), I see the decrypted Traffic in Wireshark. What's wrong in my tshark command?

(17 Mar '13, 08:24) RS2000
Version: TShark 1.6.8 (SVN Rev 42761 from /trunk-1.6)
The following command is still working:
tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-psk:b8c787bf968d8503671b4345db9397c4355ba45a9f90a8f79420c3cbf87cb154 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap

Version: TShark 1.7.0 (SVN Rev 39768 from /trunk)
These commands are not working anymore:
$ tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-psk:b8c787bf968d8503671b4345db9397c4355ba45a9f90a8f79420c3cbf87cb154 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap
** (tshark.exe:3768): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3366: No such preference "wlan.wep_key1" (applying your preferences once should remove this warning)
** (tshark.exe:3768): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3370: No such preference "wlan.wep_key2" (applying your preferences once should remove this warning)
tshark: -o flag "wlan.wep_key1:wpa-psk:b8c787bf968d8503671b4345db9397c4355ba45a9f90a8f79420c3cbf87cb154" specifies unknown preference


tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-pwd:myAPretos2 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap
$ tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-pwd:myAPretos2 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap
** (tshark.exe:528): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3366: No such preference "wlan.wep_key1" (applying your preferences once should remove this warning)
** (tshark.exe:528): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3370: No such preference "wlan.wep_key2" (applying your preferences once should remove this warning)
tshark: -o flag "wlan.wep_key1:wpa-pwd:myAPretos2" specifies unknown preference


Note
The keys are stored in the "80211_keys" file instead of the "Preferences" file.
Are those warnings related to this?


Note
Version 1.6.9: the command is still working, but Wireshark 1.6.9 has another problem: missing libxml2-2.dll
(24 Mar ‘13, 04:47) joke