Wireshark mailing list archives
Re: Unable to capture wireless traffic
From: Frank Barta <fbarta () gmail com>
Date: Sun, 28 Mar 2010 20:47:53 -0400
Cae, Are you capturing the EAPOL keys for the 4-way handshake? Also, Steve, wireshark is capable of decrypting WPA2-CCMP traffic. The example PCAP file provided at http://wiki.wireshark.org/HowToDecrypt802.11 has an example which shows decryption of CCMP data frames. There are frames present which can not be decrypted however, and these appear from a quick glance to be frames which were sent using WPA-TKIP, since this BSS is running Mixed Mode. I'm not sure if Wireshark supports mixed mode decryption. On Sun, Mar 28, 2010 at 6:25 PM, Cae Sium <caesium5 () gmail com> wrote:
As learned from here http://wiki.wireshark.org/HowToDecrypt802.11 Edit -> Preferences->Protocol->IEEE802.11->Enable Encryption->Key I've added the wpa2 keys into the section of wireshark as required but still got the same output. Somehow I am not receiving the direct reply to the post, only receiving the reply through the daily digest. --- On Sat, 3/27/10, Frank Barta <fbarta () gmail com> wrote: From: Frank Barta <fbarta () gmail com> Subject: Re: [Wireshark-users] Unable to capture wireless traffic To: "Community support list for Wireshark" <wireshark-users () wireshark org> Date: Saturday, March 27, 2010, 8:10 PM You will only see the TCP traffic if it is not encrypted. since you are encrypting with wpa2 you are going to need to decrypt that traffic to see the real encapsulated layer 3 packet. On Sun, Mar 28, 2010 at 8:01 AM, Cae Sium <caesium5 () gmail com> wrote:Sorry to re-post as I've accidentally used my friend's email to postearlier.Using Debian and trying to learn wireshark and have been trying/reading for weeks without success. Using Netbook and Desktop connected to the same router with wpa2. Wireshark on netbook works when monitoring its own traffic (of course). Netbook installed with wireshark and desktop set downloading a large file to ensure traffic is there. However, wireshark does not picks up TCP protocol , it only reports IEEE802.11 under the protocol column. What have I done wrong? Appreciate any help.___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Unable to capture wireless traffic Ng (Mar 27)
- <Possible follow-ups>
- Unable to capture wireless traffic Cae Sium (Mar 27)
- Message not available
- Re: Unable to capture wireless traffic Frank Barta (Mar 27)
- Re: Unable to capture wireless traffic Steve Evans (Mar 27)
- Message not available
- Re: Unable to capture wireless traffic Cae Sium (Mar 28)
- Re: Unable to capture wireless traffic Frank Barta (Mar 28)
- Unable to capture wireless traffic Cae Sium (Mar 29)
- Re: Unable to capture wireless traffic Frank Barta (Mar 29)