Is there a way to continuously decrypt WPA encoded HTTP packets 24/7? I can run tshark and decrypt packets fine when the capture contains the EAPOL handshake. But on subsequent captures tshark cannot decrypt packets because the handshake is not present. Is there a way to get tshark to "remember" the handshake context? Can the PTK be saved and fed into subsequent captures? asked 10 Apr '14, 13:51  Magnumb |
One Answer:
Without a code change that's not possible. There are similar problems with multiple EAPOL handshakes in the cpature file. See here:
So, if you need this feature and you think it's something others might need as well, please file an enhancement request at https://bugs.wireshark.org and post the link in a comment here. ++ UPDATE ++ There is a open source tool that could be useful for you. It does exactly what you need, decrypt wifi traffic on-the-fly. Regards answered 15 Apr '14, 01:54  Kurt Knochner ♦ edited 23 Apr '14, 12:54 |
