This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I capture in my own network some traffic (as a hexdump) with a wireless antenna set in monitor mode. Now i want to decrypt this traffic (all protocols are just 802.11 instead of TCP, ARP, etc). I followed this guide: https://wiki.wireshark.org/HowToDecrypt802.11

But thats not work. I know the password and the ssid, because its my own network. I selected wpa-psk and typed: mypassword:ssid (for example 123456789:my-network). Its also a valid syntax. But when i press OK, nothing happens, it's still encrypted.

The windows l(in the guide) ooks a bit different as mine: I have to select first the key type (wep, wpa-pwd and wpa-psk) and on the right side is a column "key". In this column i have password:ssid.

I use the newest wireshark version 2.4.0. in windows and 2.2.7. in linux.

asked 21 Jul '17, 23:14

decrypter's gravatar image

decrypter
6113
accept rate: 0%

edited 21 Jul '17, 23:34


It could be as simple as 'reloading' the trace after you enter the passphrase/SSID or as complex as needing a whole new set of hardware for proper capture.

I suggest you review other answers, such as here: https://ask.wireshark.org/questions/62901/wireshark-not-decrypting-wpa-psk-packets-recieving-only-80211-protocols

permanent link

answered 23 Jul '17, 09:04

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%

Yes, you need the 4-way eapol handshake as well. That information, plus the SSID and passphrase, allows Wireshark to calculate the PTK and GTK, which are used to actually encrypt/decrypt data.

So you need data to decrypt, the 4-way handshake, and the SSID/Passphrase. Don't forget to practice on the sample file for decryption at the wiki - if that doesn't work, trying your own will be just that much harder.

(27 Jul '17, 02:52) Bob Jones

The sample file works fine. Ok in this case i will deauth some client from my network to get the eapol handshake in my capture file. Thanks!

(27 Jul '17, 03:29) decrypter

Thanks. So i need to capture the handshake as well? That would explain my issue.

permanent link

answered 23 Jul '17, 11:27

decrypter's gravatar image

decrypter
6113
accept rate: 0%

edited 23 Jul '17, 11:41

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165

question asked: 21 Jul '17, 23:14

question was seen: 939 times

last updated: 27 Jul '17, 03:33

p​o​w​e​r​e​d by O​S​Q​A