This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How does one enable Decrypt 802.11?

0

Monitor mode (type 802.11 plus radiotap header) Wireshark edit>preferences no option to Decrypt802.11

Object: attempting to use monitor mode to decode my own LAN traffic as promiscuous mode does not show all my wifi router LAN traffic, that I am interested in (as pointed out in the Wireshark web site).

Running wireshark version 1.6.7 (very recently downloaded from Ubuntu software centre) on Ubuntu 12.04 (Dell Inspiron 510m notebook). I am using ‘sudo airmon-ng start wlan0’ (or wlan1 for external USB AWUS036NEH) to enable monitor mode on the internal generic Broadcom b43 wifi board. In wireshark on the Capture page,’ link layer header type 802.11 plus radiotap header’ is greyed out. However it shows all the ‘Broadcast’ data streaming from all the wifi stations in the area. However under Edit>Preferences only shows ‘Display hidden protocols items’ with a box to enable. If enabled nothing obvious happens.

I had expected to see the choices displayed as per Preferences on http://wiki.wireshark.org/Wi-Fi And the decrypt option as per http://wiki.wireshark.org/HowToDecrypt802.11 in order to decrypt my own data.

Note on my Windows 7 System PC, which has no monitor mode enabled, Wireshark version 1.6.6 , wrt Edit> Preferences behaves as above i.e. ‘Display hidden protocols items’. Thus it looks as if I am only partially in monitor mode on the Ubuntu (Note same with sudo airmon-ng start mon0) Any suggestions please?

asked 26 May '13, 06:49

Perplexed's gravatar image

Perplexed
11112
accept rate: 0%