hello, im not too familiar with wireshark and i'm struggeling. What am i missing? I have the following setup: Wifi with WPA2 Personal(AES), Router runs on DDWRT. I have alfa awus036h with monitor mode enabled on ubuntu 15.04. I start a capture of my wifi with password xx and ssid yy. Then i connect my Phone to the YY Network and make some HTTP calls. In Wireshark the traffic is only displayed as 802.11. But then i go to Preferences -> Protocols -> IEEE 802.11 and enter the passphrase (i know it since it is from my wifi, just playing around). I've chosen pwd and entered "xx:yy" and i've tried psk (https://www.wireshark.org/tools/wpa-psk.html). But even if i reload the view manualy all traffic remains as 802.11 - no TCP requests are shwon. So again, what am i missing? kind regards asked 19 Jun '16, 10:00  Hühns edited 19 Jun '16, 10:50  Guy Harris ♦♦ |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Does your capture include the EAPOL handshake for each of the machines whose traffic you're trying to capture and decrypt? One way to get that would be to put the machines to sleep, start the capture, and then wake the machines up ("turning off" a smartphone generally just puts it to sleep, and "turning it on" wakes it up) so that they have to re-associate with your network.
actually i think yes. I didn't put the smartphone to sleep but completely removed the WiFi network in settings and reconnected. This should do the trick, doesn't it?
Have you seen these previous questions?
https://ask.wireshark.org/questions/53230/wifi-decryption-not-working-with-eapol-packets-and-ssid-and-key
https://ask.wireshark.org/questions/53260/cannot-capture-frames-other-than-broadcast-or-multicast-over-wlan
https://ask.wireshark.org/questions/52397/wireshark-does-not-decrypt-wlan-udp-broadcast-packet-from-ap
https://ask.wireshark.org/questions/52027/capturing-traffic-from-wireless-cctv
Also, providing a sample capture which shows your issue will move your problem along a LOT faster. Otherwise, you are just asking these guys to guess what might be your issue.
Sorry for not uploading the recording but there might be a family member of me in the capture and i wouldn't want to share it online.
I did some more research, switching to a different AP lead me to actually capture EAPOL handshakes (4x per auth). But still, entering the pwd or psk didn't do the trick. :-\ Still only EAPOL and 802.11 packets. I have spaces/blanks in my SSID, might this cause the problem?
Try using the preshared key instead of the passphrase, this may do the trick if your passphrase has some special characters