This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am trying to decrypt captured wpa-psk traffic with tshark, but it's not recognizing the option I'm trying to override. This option allows me to specify a PSK to use for decrypting. I'm using tshark 1.8.1 with windows xp. # tshark -o wlan.wep_key1:wpa-pwd:validation tshark: -o flag "wlan.wep_key1:wpa-pwd:validation" specifies unknown preference. PSK decyption was working in earlier version of wireshark

asked 14 Feb '13, 23:32

Joshy's gravatar image

Joshy
11112
accept rate: 0%

Hi. I have also problems with tshark and WPA decryption (Wireshark 1.8.2 64bit Ubuntu). I used the command tshark -r myFile.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-pwd:MyPassword:MySSID This ends in the error message: tshark: -o flag "wlan.wep_key1:wpa-pwd:MyPassword:MySSID" specifies unknown preference

If I open Wireshark, and ->Edit->Preferences->Protocols->IEEE 802.11-> and enable decryption and set the Key (wpa-pwd myPassword:SSID), I see the decrypted Traffic in Wireshark. What's wrong in my tshark command?

(17 Mar '13, 08:24) RS2000
Version: TShark 1.6.8 (SVN Rev 42761 from /trunk-1.6)
The following command is still working:
tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-psk:b8c787bf968d8503671b4345db9397c4355ba45a9f90a8f79420c3cbf87cb154 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap

Version: TShark 1.7.0 (SVN Rev 39768 from /trunk)
These commands are not working anymore:
$ tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-psk:b8c787bf968d8503671b4345db9397c4355ba45a9f90a8f79420c3cbf87cb154 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap
** (tshark.exe:3768): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3366: No such preference "wlan.wep_key1" (applying your preferences once should remove this warning)
** (tshark.exe:3768): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3370: No such preference "wlan.wep_key2" (applying your preferences once should remove this warning)
tshark: -o flag "wlan.wep_key1:wpa-psk:b8c787bf968d8503671b4345db9397c4355ba45a9f90a8f79420c3cbf87cb154" specifies unknown preference

tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-pwd:myAPretos2 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap
$ tshark -r q19664_h2_2.pcap -o "wlan.enable_decryption:TRUE" -o wlan.wep_key1:wpa-pwd:myAPretos2 -R "eapol || smb" -w q19664_eapol_smb_h2_2.pcap
** (tshark.exe:528): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3366: No such preference "wlan.wep_key1" (applying your preferences once should remove this warning)
** (tshark.exe:528): WARNING **: C:\Documents and Settings\user\Application Data\Wireshark\preferences line 3370: No such preference "wlan.wep_key2" (applying your preferences once should remove this warning)
tshark: -o flag "wlan.wep_key1:wpa-pwd:myAPretos2" specifies unknown preference

Note
The keys are stored in the "80211_keys" file instead of the "Preferences" file.
Are those warnings related to this?

Note
Version 1.6.9: the command is still working, but Wireshark 1.6.9 has another problem: [missing libxml2-2.dll](http://ask.wireshark.org/questions/13297/how-do-you-resolve-wireshark-169-libxml2-2dll-error)
(24 Mar '13, 04:47) joke
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832

question asked: 14 Feb '13, 23:32

question was seen: 2,925 times

last updated: 24 Mar '13, 11:44

p​o​w​e​r​e​d by O​S​Q​A