Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Unable to decode WPA2

From: "Bob Carlson" <bob@xxxxxxxxxxxxx>
Date: Thu, 8 Jan 2009 11:17:49 -0700
It's not uncommon to miss messages when trying to capture Wifi, but 90% loss
seems way high.

Cheers, Bob
Eugene, OR - Tucson, AZ




-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Matt Roberts
Sent: Wednesday, January 07, 2009 9:34 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Unable to decode WPA2

Well I changed the password to something else and I suddenly got it to 
decrypt, although it was missing a lot of TCP data (about 90% of it). I 
don't know if this is a problem with my driver, with my pc being too slow, 
or my router or my wireless card or wireshark.. There are too many things 
that could go wrong and I think I will wait for my wireless to be officially

supported on Ubuntu before going further (I use the WUSB600N and the RT2870 
drivers).

Thanks to everyone who answered!

Matt.

--------------------------------------------------
From: "Matt Roberts" <k141@xxxxxxxxxxx>
Sent: Wednesday, January 07, 2009 7:52 AM
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Unable to decode WPA2

> Hi,
>
> thanks for your reply.
>
> Yes I have the 4 EAPOL entries, but now what do I do with them? I'm not 
> sure
> what key to use from the entries I see?
>
> Thanks,
>
> Matt.
>
> --------------------------------------------------
> From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx>
> Sent: Tuesday, January 06, 2009 4:44 PM
> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] Unable to decode WPA2
>
>> On Tue, Jan 6, 2009 at 3:01 AM, Matt Roberts <k141@xxxxxxxxxxx> wrote:
>>> Hello all,
>>>
>>> I have spent countless hours trying to decode my own traffic using WPA2
>>> and
>>> I need some help.
>>>
>>> My WPA2-PSK passphrase is "testpass". This is what I enter on my router
>>> configuration and my PC. I can connect to the internet no problem.
>>> My SSID is "globul".
>>>
>>> When I sniff the traffic I see the 4 EAPOL entries. I can't figure out
>>> what
>>> to put in the wireshark 802.11 preference. I tried:
>>>
>>> wpa-pwd:testpass:globul
>>>
>>> That didn't decrypt anything.
>>>  [...]
>>
>> Did you capture the initial (EAPOL) 4-Way Pairwise handshake, which
>> usually happens immediately after you have associated with the
>> network?
>>
>> That handshake contains additional information required to decode the
>> WPA2-PSK encrypted traffic.
>>
>> The passphrase alone is not enough to decode WPA2-PSK traffic (which
>> is why WPA2 is more secure than WEP).
>>
>> Regards,
>> Kam-Yung
>> -- 
>> Soh Kam Yung
>> my Google Reader Shared links:
>> (http://www.google.com/reader/shared/16851815156817689753)
>> my Google Reader Shared SFAS links:
>>
(http://www.google.com/reader/shared/user/16851815156817689753/label/sfas)
>>
___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>
___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> 
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> 
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe