Wireshark-users: Re: [Wireshark-users] Unable to decode WPA2
From: "Bob Carlson" <bob@xxxxxxxxxxxxx>
Date: Thu, 8 Jan 2009 11:17:49 -0700
It's not uncommon to miss messages when trying to capture Wifi, but 90% loss seems way high. Cheers, Bob Eugene, OR - Tucson, AZ -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Matt Roberts Sent: Wednesday, January 07, 2009 9:34 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Unable to decode WPA2 Well I changed the password to something else and I suddenly got it to decrypt, although it was missing a lot of TCP data (about 90% of it). I don't know if this is a problem with my driver, with my pc being too slow, or my router or my wireless card or wireshark.. There are too many things that could go wrong and I think I will wait for my wireless to be officially supported on Ubuntu before going further (I use the WUSB600N and the RT2870 drivers). Thanks to everyone who answered! Matt. -------------------------------------------------- From: "Matt Roberts" <k141@xxxxxxxxxxx> Sent: Wednesday, January 07, 2009 7:52 AM To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Unable to decode WPA2 > Hi, > > thanks for your reply. > > Yes I have the 4 EAPOL entries, but now what do I do with them? I'm not > sure > what key to use from the entries I see? > > Thanks, > > Matt. > > -------------------------------------------------- > From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx> > Sent: Tuesday, January 06, 2009 4:44 PM > To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> > Subject: Re: [Wireshark-users] Unable to decode WPA2 > >> On Tue, Jan 6, 2009 at 3:01 AM, Matt Roberts <k141@xxxxxxxxxxx> wrote: >>> Hello all, >>> >>> I have spent countless hours trying to decode my own traffic using WPA2 >>> and >>> I need some help. >>> >>> My WPA2-PSK passphrase is "testpass". This is what I enter on my router >>> configuration and my PC. I can connect to the internet no problem. >>> My SSID is "globul". >>> >>> When I sniff the traffic I see the 4 EAPOL entries. I can't figure out >>> what >>> to put in the wireshark 802.11 preference. I tried: >>> >>> wpa-pwd:testpass:globul >>> >>> That didn't decrypt anything. >>> [...] >> >> Did you capture the initial (EAPOL) 4-Way Pairwise handshake, which >> usually happens immediately after you have associated with the >> network? >> >> That handshake contains additional information required to decode the >> WPA2-PSK encrypted traffic. >> >> The passphrase alone is not enough to decode WPA2-PSK traffic (which >> is why WPA2 is more secure than WEP). >> >> Regards, >> Kam-Yung >> -- >> Soh Kam Yung >> my Google Reader Shared links: >> (http://www.google.com/reader/shared/16851815156817689753) >> my Google Reader Shared SFAS links: >> (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe >> > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] Unable to decode WPA2
- From: Matt Roberts
- Re: [Wireshark-users] Unable to decode WPA2
- From: Soh Kam Yung
- Re: [Wireshark-users] Unable to decode WPA2
- From: Matt Roberts
- Re: [Wireshark-users] Unable to decode WPA2
- From: Matt Roberts
- [Wireshark-users] Unable to decode WPA2
- Prev by Date: [Wireshark-users] Bonding and duplicate TCP ack
- Next by Date: [Wireshark-users] [ANNOUNCE] WinPcap 4.1 beta5 has been released
- Previous by thread: Re: [Wireshark-users] Unable to decode WPA2
- Next by thread: [Wireshark-users] Problem with decoding K12xx/K15 rf5 files
- Index(es):
- Get Wireshark
- Download
- Code of Conduct