Wireshark-users: [Wireshark-users] 802.11 Frame Decryption and the Find Packet function
Hello,
I have a question about the Find Packet function in Wireshark. If I am looking at an 802.11 capture, and I have decrypted WPA TKIP data, will the find function also look in the Decrypted TKIP data for HEX Values or will it only look in the original Frame data? Trying to tie some data together across several captures at different points on a network and right now the WiFi is the missing link.
Version 1.2.3 (SVN Rev 30730)
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 27 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.1, Gcrypt 1.4.4, with AirPcap 4.0.0 build 1480.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public License.
Thanks for any feedback provided,
- Frank B
