Wireshark · Wireshark-users: Re: [Wireshark-users] Unable to decode WPA2

Wireshark-users: Re: [Wireshark-users] Unable to decode WPA2

From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx>

Date: Wed, 7 Jan 2009 08:44:37 +0800

On Tue, Jan 6, 2009 at 3:01 AM, Matt Roberts <k141@xxxxxxxxxxx> wrote:
> Hello all,
>
> I have spent countless hours trying to decode my own traffic using WPA2 and
> I need some help.
>
> My WPA2-PSK passphrase is "testpass". This is what I enter on my router
> configuration and my PC. I can connect to the internet no problem.
> My SSID is "globul".
>
> When I sniff the traffic I see the 4 EAPOL entries. I can't figure out what
> to put in the wireshark 802.11 preference. I tried:
>
> wpa-pwd:testpass:globul
>
> That didn't decrypt anything.
>  [...]

Did you capture the initial (EAPOL) 4-Way Pairwise handshake, which
usually happens immediately after you have associated with the
network?

That handshake contains additional information required to decode the
WPA2-PSK encrypted traffic.

The passphrase alone is not enough to decode WPA2-PSK traffic (which
is why WPA2 is more secure than WEP).

Regards,
Kam-Yung
-- 
Soh Kam Yung
my Google Reader Shared links:
(http://www.google.com/reader/shared/16851815156817689753)
my Google Reader Shared SFAS links:
(http://www.google.com/reader/shared/user/16851815156817689753/label/sfas)

Follow-Ups:
- Re: [Wireshark-users] Unable to decode WPA2
  - From: Matt Roberts

References:
- [Wireshark-users] Unable to decode WPA2
  - From: Matt Roberts

Prev by Date: Re: [Wireshark-users] Problem with decoding K12xx/K15 rf5 files
Next by Date: [Wireshark-users] how does CUSTOM_DISSECTOR_SRC work within wireshark/epan/dissectors/Makefile.common
Previous by thread: [Wireshark-users] Unable to decode WPA2
Next by thread: Re: [Wireshark-users] Unable to decode WPA2
Index(es):
- Date
- Thread