HI, I captured WPA2-PSK traffic on monitor mode on a Linux machine and tried decrypting the same on wireshark. I got the key giving the required credentials using the following link: http://www.wireshark.org/tools/wpa-psk.html. But still I dont see my trace file being decrypted. asked 26 Nov '13, 22:58  Kartzoft |
One Answer:
Have you read the information provided on the "How to Decrypt 802.11" wiki page? answered 27 Nov '13, 06:23  cmaynard ♦♦ |
Hey, I did not understand the following in that link:
"Adding Keys: Wireless Toolbar: If you are using the Windows version of Wireshark and you have an AirPcap adapter you can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you can show it by selecting View->Wireless Toolbar. Click on the Decryption Keys... button on the toolbar."
Does it mean the trace which I captured on a Ubuntu machine, on monitor mode using an Atheros chipset, encrypted using WPA/WPA2 personal,cant be decrytped without the AirPcap adapter?
Am using the Wireshark 1.10.2 version.
and also how do i monitor a particular channel??
Does it mean the trace which I captured on a Ubuntu machine, on monitor mode using an Atheros chipset, encrypted using WPA/WPA2 personal,cant be decrytped without the AirPcap adapter?
No, it just means you can't add the decryption keys using the wireless toolbar.
and also how do i monitor a particular channel??
Refer to http://wiki.wireshark.org/CaptureSetup/WLAN for all the IEEE 802.11 capture setup details.