I used airmon to create monitor interface, when i starting interface monitoring in wireshark i can see only probes, beacons and QoS exchanges. I'm actually testing from two laptops. asked 11 Feb '14, 06:10  Emiliano Riva |
One Answer:
Sure, see the Wireshark Wiki page on decrypting 802.11 traffic. This question comes up a lot though so search for other questions and answers. answered 11 Feb '14, 14:16  grahamb ♦ edited 14 Feb '14, 18:03  Guy Harris ♦♦ So, thanks for reply, i tested to decrypt the example in the bottom of the page and it work properly, but not with traffic in my network. This is my level of encryption:
I have capture the four EAPOL required. What am I doing wrong? (14 Feb '14, 15:40) Emiliano Riva What does it do instead of working correctly? Does it still show the data packets as just data, rather than decrypting them? Does it decrypt them but give garbage data? Does it do something else? (14 Feb '14, 18:04) Guy Harris ♦♦ Yes,packets are showed only as data, I solved disabling Protection bit and initialization vector. (15 Feb '14, 03:50) Emiliano Riva |
Some questions:
Thanks for your reply, i'm on ubuntu 13.10 with b43 drivers for b4312 chipset, actually i'm capturing traffic with Wireshark Version 1.10.2 on mon0 interface created with airmon-ng. GemetekTe is my laptop EdimaxTe my desktop
https://dl.dropboxusercontent.com/u/75167669/capture.txt this is the link of a captured text with Tshark.
Now that i have disabled wpa2 from the router i can see also other packages. Can' t Wireshark work with encrypted data? I tried to enable decription and then i set one key resulting in my litteral password, is this correct?