Hi there! I am capturing in monitor mode. I created the file 80211_keys in ~/.wireshark with content "wpa-pwd","mypwd:myssid". I capture via: sudo tshark -i mon0 -w out.pcap -o wlan.enable_decryption:TRUE (I know I shouldn't use root here, will change it as soon it works) When I import the pcap into wireshark I only get entries of protocol 802.11 (Beacon Frames etc), but no eapol nor http traffic. Do I forget a step to encrypt WPA2 or is my problem not related to WPA2 decryption? Thanks for help! asked 17 Mar '14, 20:17  Motzart |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Are you seeing any data frames (as opposed to management frames such as Beacon frames)?
Honestly I don't know the other type of frames. In the info section I see "QoS Data", "Acknowledgement", "Request-to-send", "Clear-to-send", "802.11 Block Ack" and "Null function(No data)". Oh and probe responses.