Wireshark mailing list archives

Re: 802.11 monitoring help

From: Gerald Combs <gerald () wireshark org>
Date: Thu, 18 Feb 2010 12:30:02 -0800

Thomas Morton wrote:

I was under the impression using airpcap was an optional extra on
WIndows - but that Wireshark could decrypt packets (the userguide
suggests this). I will have a re-read.


That's correct. 802.11 decryption should work no matter what on any
platform provided:

  - You've captured the 4-way EAPOL handshake necessary to derive the
    keys (try filtering for "eapol").

  - You've toggled the "Assume Packets Have FCS" and "Ignore the
    Protection bit" appropriately for the way your driver delivers
    802.11 frames

  - You're using pre-shared keys.

  - You have a recent version of Wireshark. Various decryption bugs
    have cropped up in older versions.

-- 
Join us for Sharkfest ’10! · Wireshark® Developer and User Conference
Stanford University, June 14-17 · http://www.cacetech.com/sharkfest.10/
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

802.11 monitoring help Thomas Morton (Feb 17)
- Re: 802.11 monitoring help Frank Barta (Feb 17)
  - Re: 802.11 monitoring help Thomas Morton (Feb 17)
- Re: 802.11 monitoring help Joerg Mayer (Feb 17)
  - Re: 802.11 monitoring help Frank Barta (Feb 17)
- Re: 802.11 monitoring help Jaap Keuter (Feb 17)
  - Re: 802.11 monitoring help Thomas Morton (Feb 18)
    - Re: 802.11 monitoring help Gerald Combs (Feb 18)