Wireshark-users: Re: [Wireshark-users] Unable to capture wireless traffic

From: Frank Barta <fbarta@xxxxxxxxx>
Date: Sun, 28 Mar 2010 20:47:53 -0400
Cae, Are you capturing the EAPOL keys for the 4-way handshake?

Also, Steve, wireshark is capable of decrypting WPA2-CCMP traffic. The example PCAP file provided at http://wiki.wireshark.org/HowToDecrypt802.11 has an example which shows decryption of CCMP data frames. There are frames present which can not be decrypted however, and these appear from a quick glance to be frames which were sent using WPA-TKIP, since this BSS is running Mixed Mode. I'm not sure if Wireshark supports mixed mode decryption.

On Sun, Mar 28, 2010 at 6:25 PM, Cae Sium <caesium5@xxxxxxxxx> wrote:
As learned from here http://wiki.wireshark.org/HowToDecrypt802.11

Edit -> Preferences->Protocol->IEEE802.11->Enable Encryption->Key

I've added the wpa2 keys into the section of wireshark as required but
still got the same output.

Somehow I am not receiving the direct reply to the post, only
receiving the reply through the daily digest.

--- On Sat, 3/27/10, Frank Barta <fbarta@xxxxxxxxx> wrote:

From: Frank Barta <fbarta@xxxxxxxxx>
Subject: Re: [Wireshark-users] Unable to capture wireless traffic
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Saturday, March 27, 2010, 8:10 PM

You will only see the TCP traffic if it is not encrypted. since you
are encrypting with wpa2 you are going to need to decrypt that traffic
to see the real encapsulated layer 3 packet.

On Sun, Mar 28, 2010 at 8:01 AM, Cae Sium <caesium5@xxxxxxxxx> wrote:
> Sorry to re-post as I've accidentally used my friend's email to post earlier.
> Using Debian and trying to learn wireshark and have been
> trying/reading for weeks without success.
> Using Netbook and Desktop connected to the same router with wpa2.
> Wireshark on netbook works when monitoring its own traffic (of course).
> Netbook installed with wireshark and desktop set downloading a large
> file to ensure traffic is there. However, wireshark does not picks up
> TCP protocol , it only reports IEEE802.11 under the protocol column.
> What have I done wrong?
> Appreciate any help.
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users