This is our old Q&A Site. Please post any new questions and answers at

I have captured traffic from another wireless adapter (including the 4 necessary EAPOL packets), and decrypted it with the WPA2 password and SSID, so that all of the "802.11" traffic shows the correct/real protocol.

To test the decryption (and my understanding), I logged in via telnet to a server on the target adapter. I am able to filter out the telnet packets, however when I "Follow the TCP Stream" I am getting partially decrypted results.

From my experience following a telnet stream over ethernet, the information is presented very similarly to command line and very readable (most importantly, it is complete with all of the information that was passed). However, with these decrypted packets, it is missing large portions of the information.

For Example, if I logged in via telnet with the account TestUser1 and Password1, the TCP stream would likely return "Tstser1" and "Paswod1".

Is this because my monitoring adapter is not capturing all of the packets?

asked 29 Aug '15, 00:28

WTFender's gravatar image

accept rate: 0%

Also, thanks for anybody that takes the time to help! It took me a long time of reading posts to get this far :P.

(29 Aug '15, 00:33) WTFender

Yes it seems that you didn't capture every packet. Could you provide the trace, so it will be easier to help.

(29 Aug '15, 01:25) Christian_R
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 29 Aug '15, 00:28

question was seen: 1,478 times

last updated: 29 Aug '15, 01:27

p​o​w​e​r​e​d by O​S​Q​A