This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi there!

I am capturing in monitor mode. I created the file 80211_keys in ~/.wireshark with content "wpa-pwd","mypwd:myssid".

I capture via: sudo tshark -i mon0 -w out.pcap -o wlan.enable_decryption:TRUE (I know I shouldn't use root here, will change it as soon it works)

When I import the pcap into wireshark I only get entries of protocol 802.11 (Beacon Frames etc), but no eapol nor http traffic.

Do I forget a step to encrypt WPA2 or is my problem not related to WPA2 decryption?

Thanks for help!

asked 17 Mar '14, 20:17

Motzart's gravatar image

Motzart
11223
accept rate: 0%

Are you seeing any data frames (as opposed to management frames such as Beacon frames)?

(18 Mar '14, 01:29) Guy Harris ♦♦

Honestly I don't know the other type of frames. In the info section I see "QoS Data", "Acknowledgement", "Request-to-send", "Clear-to-send", "802.11 Block Ack" and "Null function(No data)". Oh and probe responses.

(18 Mar '14, 05:57) Motzart
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×36
×36

question asked: 17 Mar '14, 20:17

question was seen: 1,726 times

last updated: 18 Mar '14, 05:57

p​o​w​e​r​e​d by O​S​Q​A