Wireshark · Wireshark-users: Re: [Wireshark-users] Unable to decode WPA2

["Matt Roberts" <k141@xxxxxxxxxxx>]

Hi,

well I have the password, I'm not trying to crack anything. The example 
capture that is given in the link I gave in my initial post works fine with 
me, so I'm not sure what I'm doing wrong.

Matt.

--------------------------------------------------
From: "Jorge L. Vazquez" <jlvazquez825@xxxxxxxxx>
Sent: Wednesday, January 07, 2009 9:12 AM
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Unable to decode WPA2

> well, you already capture the 4 way handshake with the encryption key,
> all you need is a tool capable of decrypting it, with either a
> dictionary attack or rainbow tables....... I don't think wireshark can
> do this
>
>
> thanks
> -JV
> blog: www.pctechtips.org
>
>
>
> Matt Roberts wrote:
> > Hi,
> >
> > thanks for your reply.
> >
> > Yes I have the 4 EAPOL entries, but now what do I do with them? I'm not 
> > sure
> > what key to use from the entries I see?
> >
> > Thanks,
> >
> > Matt.
> >
> > --------------------------------------------------
> > From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx>
> > Sent: Tuesday, January 06, 2009 4:44 PM
> > To: "Community support list for Wireshark" 
> > <wireshark-users@xxxxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] Unable to decode WPA2
> >
> >
> > > On Tue, Jan 6, 2009 at 3:01 AM, Matt Roberts <k141@xxxxxxxxxxx> wrote:
> > >
> > > > Hello all,
> > > >
> > > > I have spent countless hours trying to decode my own traffic using WPA2
> > > > and
> > > > I need some help.
> > > >
> > > > My WPA2-PSK passphrase is "testpass". This is what I enter on my router
> > > > configuration and my PC. I can connect to the internet no problem.
> > > > My SSID is "globul".
> > > >
> > > > When I sniff the traffic I see the 4 EAPOL entries. I can't figure out
> > > > what
> > > > to put in the wireshark 802.11 preference. I tried:
> > > >
> > > > wpa-pwd:testpass:globul
> > > >
> > > > That didn't decrypt anything.
> > > >  [...]
> > > Did you capture the initial (EAPOL) 4-Way Pairwise handshake, which
> > > usually happens immediately after you have associated with the
> > > network?
> > >
> > > That handshake contains additional information required to decode the
> > > WPA2-PSK encrypted traffic.
> > >
> > > The passphrase alone is not enough to decode WPA2-PSK traffic (which
> > > is why WPA2 is more secure than WEP).
> > >
> > > Regards,
> > > Kam-Yung
> > > --
> > > Soh Kam Yung
> > > my Google Reader Shared links:
> > > (http://www.google.com/reader/shared/16851815156817689753)
> > > my Google Reader Shared SFAS links:
> > > (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas)
> > > ___________________________________________________________________________
> > > Sent via:    Wireshark-users mailing list 
> > > <wireshark-users@xxxxxxxxxxxxx>
> > > Archives:    http://www.wireshark.org/lists/wireshark-users
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> > >
> > > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >
> > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe