This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to decrypt WPA2-PSK captured traffic on Wireshark? What is the expected traffic to be captured in WPA2-PSK setup?

0

HI,

I captured WPA2-PSK traffic on monitor mode on a Linux machine and tried decrypting the same on wireshark. I got the key giving the required credentials using the following link: http://www.wireshark.org/tools/wpa-psk.html. But still I dont see my trace file being decrypted.

asked 26 Nov '13, 22:58

Kartzoft's gravatar image

Kartzoft
11337
accept rate: 0%


One Answer:

1

Have you read the information provided on the "How to Decrypt 802.11" wiki page?

answered 27 Nov '13, 06:23

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Hey, I did not understand the following in that link:

"Adding Keys: Wireless Toolbar: If you are using the Windows version of Wireshark and you have an AirPcap adapter you can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you can show it by selecting View->Wireless Toolbar. Click on the Decryption Keys... button on the toolbar."

Does it mean the trace which I captured on a Ubuntu machine, on monitor mode using an Atheros chipset, encrypted using WPA/WPA2 personal,cant be decrytped without the AirPcap adapter?

Am using the Wireshark 1.10.2 version.

(27 Nov '13, 20:59) Kartzoft

and also how do i monitor a particular channel??

(27 Nov '13, 21:07) Kartzoft

Does it mean the trace which I captured on a Ubuntu machine, on monitor mode using an Atheros chipset, encrypted using WPA/WPA2 personal,cant be decrytped without the AirPcap adapter?

No, it just means you can't add the decryption keys using the wireless toolbar.

and also how do i monitor a particular channel??

Refer to http://wiki.wireshark.org/CaptureSetup/WLAN for all the IEEE 802.11 capture setup details.

(28 Nov '13, 09:15) cmaynard ♦♦