This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

WPA decoding in realtime possible?

0	Hello I heard that Wireshark does support decoding WPA. Does Wireshark decode WPA-traffic in realtime? Thank you very much! Joe decode capture wpa asked 14 Jan '16, 09:56 joseph123 11●9●9●12 accept rate: 0% What do you mean by "in real time"? (14 Jan '16, 18:54) Guy Harris ♦♦

One Answer:

If in realtime means while Wireshark is capturing data, then the answer is yes, as long as Wireshark is able to see the 4 EAPOL frames, see the Wiki.

https://wiki.wireshark.org/HowToDecrypt802.11

If in realtime means output on the CLI while tshark is capturing, then please see my answer to the following question:

https://ask.wireshark.org/questions/24249/decrypt-wpa-with-tshark

If you substitute -nr input.pcap with -ni interface (while 'interface' is a placeholder for the wifi interface name), you will get the decrypted WPA output at the CLI.

If in realtime means something different, please tell us what it means to you.

Regards
Kurt

answered 19 Jan '16, 08:03

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%