This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tshark with WPA2 - Resulting Data not readable

0

Hi there!

I am capturing in monitor mode. I created the file 80211_keys in ~/.wireshark with content "wpa-pwd","mypwd:myssid".

I capture via: sudo tshark -i mon0 -w out.pcap -o wlan.enable_decryption:TRUE (I know I shouldn't use root here, will change it as soon it works)

When I import the pcap into wireshark I only get entries of protocol 802.11 (Beacon Frames etc), but no eapol nor http traffic.

Do I forget a step to encrypt WPA2 or is my problem not related to WPA2 decryption?

Thanks for help!

asked 17 Mar '14, 20:17

Motzart's gravatar image

Motzart
11223
accept rate: 0%

Are you seeing any data frames (as opposed to management frames such as Beacon frames)?

(18 Mar '14, 01:29) Guy Harris ♦♦

Honestly I don't know the other type of frames. In the info section I see "QoS Data", "Acknowledgement", "Request-to-send", "Clear-to-send", "802.11 Block Ack" and "Null function(No data)". Oh and probe responses.

(18 Mar '14, 05:57) Motzart