Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Unable to decode WPA2

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Matt Roberts" <k141@xxxxxxxxxxx>
Date: Mon, 5 Jan 2009 11:01:56 -0800

Hello all,
 
I have spent countless hours trying to decode my own traffic using WPA2 and I need some help.
 
My WPA2-PSK passphrase is "testpass". This is what I enter on my router configuration and my PC. I can connect to the internet no problem.
My SSID is "globul".
 
When I sniff the traffic I see the 4 EAPOL entries. I can't figure out what to put in the wireshark 802.11 preference. I tried:
 
wpa-pwd:testpass:globul
 
That didn't decrypt anything.
 
I looked at the EAPOL entries and there are so many keys there I don't know which one to choose to try with the wpa-psk: parameter.
 
I used the sample capture from http://wiki.wireshark.org/HowToDecrypt802.11 and I was able to decrypt that one with no problem using the wpa-pwd:Induction:Coherer parameter so I know that wireshark is able to decrypt.
 
My wireless interface is in monitor mode and seems to be working since I can see the EAPOL. When I type iwconfig <interface> it shows a long hex key. I tried to use that one, didn't work. When I type iwlist <interface> wpakeys it shows another long hex key. I tried that one too, no luck. I went to the WPA PSK (Raw Key) Generator and tried entering my passphrase testpass and ssid globul, used the PSK generated, no luck either.
 
I can decrypt 802.11g WEP without any problem but I'd like to use 802.11n and go with WPA2 now on my home network.
 
What am I missing?
 
Thanks for your help,
 
Matt.
  • Follow-Ups:
    • Re: [Wireshark-users] Unable to decode WPA2
      • From: Soh Kam Yung
  • Prev by Date: Re: [Wireshark-users] Capturing 802.11 RSSI and TX Rate Values Using Ubuntu Linux
  • Next by Date: [Wireshark-users] Problem with decoding K12xx/K15 rf5 files
  • Previous by thread: Re: [Wireshark-users] Capturing 802.11 RSSI and TX Rate Values Using Ubuntu Linux
  • Next by thread: Re: [Wireshark-users] Unable to decode WPA2
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation