Wireshark mailing list archives
Re: Capturing Wifi traffic on MacOS Lion
From: Marco Zuppone <msz () msz it>
Date: Fri, 11 Nov 2011 18:41:00 +0000
Hello Frank, I'm using a WPN824v2 Netgear with WPA2-PSK[AES] key. In my opinion the paylod should be encrypted as well…but I'm not an expert of the subject. If they payload is not encrypted what is the wpa-pwd:myPassword setting for?? Kind regards, Marco - StockTrader On 11 Nov 2011, at 07:33, Frank Cui wrote:
Hi Marco, Is your wifi network using a common wpa/wpa2 pre-shared key configuration? If so, then I believe there is no symmetric encryption algorithm applied to the payload. The key is primarily used to prevent unknown users joining your network. Thanks Frank Sent from my iPad On 2011-11-12, at 12:53 AM, Marco Zuppone <msz () msz it> wrote:Hello, I'm studying for the certification and so I was trying to capture some Wifi traffic but I have some questions about it: In the IEEE 802.11 protocol configuration I added the key in the format wpa-pwd:myPassword Then I started to capture the traffic with the default options: Monitor mode + promisquous mode + 802.11 plus radio tap header I used this capture filter: wlan host 00:26:08:dc:e1:55 to capture only the communication directed to my pc (I know that I could disable the monitor mode in this case…) I started the capture and browsed to an Internet site for some minutes, I applied the display filter wlan.fc.type_subtype == 0x20 && !llc to get only the data frames and I was able to see some HTTP requests in cleartext in the payload. So far so good but now I have the question: I modified the password using deliberatly a wrong one, applied, even closed and reopened WireShark and repeated the process. I can still see the cleartext…. So how come I can see the decrypted cleartext using a password that is wrong? Is this because is the OS driver that decrypts for me?? Kind regards & Thanks Marco - StockTrader ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 11)
- Re: Capturing Wifi traffic on MacOS Lion Frank Cui (Nov 11)
- Re: Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 11)
- Re: Capturing Wifi traffic on MacOS Lion frank cui (Nov 11)
- Re: Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 12)
- Re: Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 11)
- Re: Capturing Wifi traffic on MacOS Lion Frank Cui (Nov 11)