This is our old Q&A Site. Please post any new questions and answers at

Is there a way to continuously decrypt WPA encoded HTTP packets 24/7? I can run tshark and decrypt packets fine when the capture contains the EAPOL handshake. But on subsequent captures tshark cannot decrypt packets because the handshake is not present. Is there a way to get tshark to "remember" the handshake context? Can the PTK be saved and fed into subsequent captures?

asked 10 Apr '14, 13:51

Magnumb's gravatar image

accept rate: 0%

Without a code change that's not possible. There are similar problems with multiple EAPOL handshakes in the cpature file.

See here:

So, if you need this feature and you think it's something others might need as well, please file an enhancement request at and post the link in a comment here.

++ UPDATE ++

There is a open source tool that could be useful for you.

It does exactly what you need, decrypt wifi traffic on-the-fly.


permanent link

answered 15 Apr '14, 01:54

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

edited 23 Apr '14, 12:54

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 10 Apr '14, 13:51

question was seen: 1,570 times

last updated: 23 Apr '14, 12:54

p​o​w​e​r​e​d by O​S​Q​A