ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Capturing Wifi traffic on MacOS Lion

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Marco Zuppone <msz@xxxxxx>
Date: Fri, 11 Nov 2011 18:41:00 +0000
Hello Frank,

I'm using a WPN824v2 Netgear with WPA2-PSK[AES] key.
In my opinion the paylod should be encrypted as well…but I'm not an expert of the subject.
If they payload is not encrypted what is the  wpa-pwd:myPassword setting for??
 Kind regards,
Marco - StockTrader
On 11 Nov 2011, at 07:33, Frank Cui wrote:

> Hi Marco,
> 
> Is your wifi network using a common wpa/wpa2 pre-shared key configuration? If so, then I believe there is no symmetric encryption algorithm applied to the payload. The key is primarily used to prevent unknown users joining your network.
> 
> Thanks
> Frank
> 
> Sent from my iPad
> 
> On 2011-11-12, at 12:53 AM, Marco Zuppone <msz@xxxxxx> wrote:
> 
>> Hello,
>> 
>> 
>> I'm studying for the certification and so I was trying to capture some Wifi traffic but I have some questions about it:
>> In the IEEE 802.11 protocol configuration I added the key in the format wpa-pwd:myPassword
>> Then I started to capture the traffic with the default options: Monitor mode + promisquous mode + 802.11 plus radio tap header
>> I used this capture filter: wlan host 00:26:08:dc:e1:55  to capture only the communication directed to my pc (I know that I could disable the monitor mode in this case…)
>> 
>> I started the capture and browsed to an Internet site for some minutes, I applied the display filter wlan.fc.type_subtype == 0x20 && !llc to get only the data frames and I was able to see some HTTP requests in cleartext in the payload.
>> 
>> So far so good but now I have the question:
>> 
>> I modified the password using deliberatly a wrong one, applied, even closed and reopened WireShark and repeated the process.
>> I can still see the cleartext….
>> So how come I can see the decrypted cleartext using a password that is wrong? Is this because is the OS driver that decrypts for me??
>> Kind regards & Thanks
>> Marco - StockTrader
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube