This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Folks,

I have been trying my utmost to get decrypted packets on my MacBook Pro. I've trawled the net, found all sorts of suggestions. I've set up monitor mode, set the SSID and the Password. Even messed around with the Terminal level Airport commands and all to no avail.

Am I missing something? Part of my frustration is due to the rather "hidden" way some of these features are accessed in WireShark, have I missed something?

When I go Monitor mode more or less all I see are 802.11 packets, if I come out of monitor mode I see traffic similar to that which I would see using wired ethernet. I'm attempting to get as full a picture of a network as I can. We've been bleeding data out of the WAN port on a router and the network consists of both Wired and WiFi attached devices. Whilst I'm pretty sure I know the reason for the excessive traffic I've found that monitoring wired ethernet is not giving me the full picture. I've like to get a handle on what the iOS devices on the network are doing as well.

Using Mac OS OS X 10.8.5 (12F2518) on a MacBook pro 2.2 GHz Intel Core i7 running WireShark 1.12.4 and XQuartz 2.7.7

asked 28 Apr '15, 09:16

KeithGould's gravatar image

KeithGould
6112
accept rate: 0%

edited 28 Apr '15, 16:40

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


have I missed something?

Have you tried putting all machines (other than the Mac) to sleep (that's what "turning off" a smartphone or tablet will normally do), starting the capture, and then waking the machines up, so that you capture the initial EAPOL handshake for all of those machines? For WPA/WPA2 networks, you need more than the password, you need the initial EAPOL handshake as well.

(Yes, this is a lot of work. That is by design - the whole point of WEP and WPA/WPA2 is to make networks hard to sniff!)

permanent link

answered 28 Apr '15, 16:44

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Many thanks. As part of my testing I have woken my own iPhone and got it to refresh it's eMail accounts, but I missed the fact that other devices would need to be nudged as well.

I've not detected any decrypted packets from the iPhone using my current technique but I'll see what happens when I switch it off and then turn it back on again. I'll post again once I've had the opportunity to test this.

(28 Apr '15, 22:15) KeithGould
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×157
×114
×108
×36

question asked: 28 Apr '15, 09:16

question was seen: 3,499 times

last updated: 28 Apr '15, 22:15

p​o​w​e​r​e​d by O​S​Q​A