This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi all,

PROLOGUE: please kindly have a look at http://wiki.wireshark.org/HowToDecrypt802.11 coupled with http://www.wireshark.org/tools/wpa-psk.html

MY ISSUE: Wireshark is known to be able to decrypt a WPA-encrypted traffic once you provide the PSK (which is built from the SSID and WPA network key). In other words you have to first know the WPA key of an encrypted network so as to monitor its WPA-encrypted traffic. HENCE...where is the utility of Wireshark in such a scenario? I would like to be able to get the WPA password of a network and this seems not to be possible with Wireshark.

I'm doing my experiments AFTER handshaking occurred (i.e. beyond the very first connection between the router and PC) and it is impossible (as it is correctly stated by Wireshark manuals) to get the EAPOL strings. Since this is the common scenario...how would it ever be possible to get the WPA password with Wireshark? Hem...do I terribly miss anything?

Three hot kisses for any useful answer.

asked 23 Apr '14, 08:20

Reginaldo%20Occhiolini's gravatar image

Reginaldo Oc...
11112
accept rate: 0%


HENCE...where is the utility of Wireshark in such a scenario?

To troubleshoot connection issues within encrypted wifi/wlan communication, like a mobile device being unable to access a web page via an encrypted wifi connection. How would you troubleshoot that, without decrypting the wifi traffic? That's what the wifi decryption feature of Wireshark is typically used for. And for that purpose you need to know the WPA passphrase.

I would like to be able to get the WPA password of a network and this seems not to be possible with Wireshark.

You can't get the secret key just by listening to wifi traffic with Wireshark. Thare are tools that are able to brute force/crack the key by listening to the EAPOL frames, but that's a totally different story. Please google: 'WEP cracking' or 'WPA cracking'

how would it ever be possible to get the WPA password with Wireshark?

You won't!

Hem...do I terribly miss anything?

Yes. See my explanation above.

Regards
Kurt

permanent link

answered 23 Apr '14, 11:34

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 23 Apr '14, 15:54

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×62
×23

question asked: 23 Apr '14, 08:20

question was seen: 1,953 times

last updated: 23 Apr '14, 15:54

p​o​w​e​r​e​d by O​S​Q​A