This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why isn’t Wireshark decrypting 802.11 traffic in my capture, even if the EAPOL handshake is present?

0

I have read and followed Wireshark's guide, and successfully decrypted the example file, but when it comes to my file it doesn't work. I have made sure that both the SSID and the password are correctly spelled in the settings. The entire EAPOL handshake is present, so I don't understand what I'm doing wrong.

Here is a screenshot of the handshake:

enter image description here

Maybe the problem is that there more than 4 packets?

Here is the pcap file, in case it helps. The password for the AP is "privacyblibwifi".

Does anyone know how to solve this problem? Thanks.

asked 21 Apr '17, 07:55

workin221's gravatar image

workin221
11224
accept rate: 0%


One Answer:

1

It has worked for me with your trace: But I had to toggle the marked combo from "Wireshark" to "None" and back to "Wireshark". alt text

alt text

answered 21 Apr '17, 13:29

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%

Sounds like a bug to me, is it?

(22 Apr '17, 03:41) Jaap ♦

Not sure, for me it has always been a works as designed feature.

(22 Apr '17, 04:30) Christian_R