Wireshark-users: [Wireshark-users] Problems with wireless decryption

From: "Magee, Owen" <Owen.Magee@xxxxxxxx>
Date: Wed, 5 Dec 2007 17:01:19 -0800

I'm trying to use the 802.11 wireless decryption features in Wireshark
without much luck.  We're using Wireshark 0.99.6a on Windows XP with the
AirPCap Wi-Fi capture card.  It can capture non-encrypted data fine.
However, I'm trying to decrypt a CCMP/AES/WPA2 encrypted network.  I'm
seeing a couple of odd behaviors:

1.  When I go to the Decryption Keys window and try to add a WPA-PSK
entry (giving the key explicitly), it doesn't seem to take it.  Once I
click OK and then go back to the Decryption Keys window, the entry has
disappeared.

2.  I switched to using the passphrase and SSID (WPA-PWD), but it does
not appear to be working.  I'm sure that I have the SSID and the
passphrase correct, and I'm also sure that I'm capturing the 802.11i key
exchange as part of the capture.  I'm pinging a device on the Wi-Fi
network while capturing, but the frames are coming across as some sort
of LLC frame--it looks like garbage.  In any case, there's definitely no
ping packet in there.

Any hints as to what might be going wrong?  Does Wireshark not support
CCMP?

Thanks...

Owen