Wireshark mailing list archives
Help decrypting with known WEP key
From: Marty Gramlick <marty.gramlick () uchospitals edu>
Date: Thu, 13 Jan 2011 20:53:49 -0600
Hello, I'm been unable to decrypt WEP packets for a WEP network I've setup. This is my first attempt at doing this so I must be doing something wrong. I'm using Cisco 7921 phones connecting to Cisco APs/WLCs. I think my big mistake was using an ASCII passphrase instead of just a HEX value. I've run my passphrase though ASCII to HEX converters who's HEX value works to decrypt the same captures in OmniPeek 6.5. Any advise would be greatly appreciated. I'm using an AirPcap multi-channel adapter to capture with the following options. Multi-Channel Aggregator with 1 NIC on CH1 and 1 NIC on CH11 Capture Type: 802.11 + Radio Include 802.11 FCS in Frames: Enabled FCS Filter: All Frames I've tested with Wireshark for Mac 1.4.0, 1.4.3 and for Windows 1.4.3. I think I've tried every combination of the following options with no luck. I never get a second tab of the decrypted packets and the Protocol column only shows 802.11 and some LLC. Wireshark Options: 802.11 Radiotap: Enabled, Disabled IEEE 802.11 Ignore vendor-specific HT elements: Enabled, Disabled Assume packets have FCS: Enabled, Disabled Ignore the Protection bit: No, w/o IV, w/ IV Key #1: 26 HEX value 26 HEX value with : separators wep:26 HEX value These options I've always left on. IEEE 802.11 Reassemble fragmented 802.11 datagrams: Enabled Call subdissector for retransmitted 802.11 frames: Enabled Thanks in advance! Marty ******************************************************************************** This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this e-mail message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify the sender and destroy all copies of the transmittal. Thank you University of Chicago Medical Center ******************************************************************************** ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Help decrypting with known WEP key Marty Gramlick (Jan 13)
- Retransmission because of no ACK from user vincent paul (Jan 15)
- Re: Retransmission because of no ACK from user Sake Blok (Jan 16)
- Re: Retransmission because of no ACK from user Andrew Hood (Jan 16)
- Re: Retransmission because of no ACK from user vincent paul (Jan 16)
- Re: Retransmission because of no ACK from user Martin Visser (Jan 17)
- Re: Retransmission because of no ACK from user Alan Tu (Jan 17)
- Re: Retransmission because of no ACK from user Martin Visser (Jan 18)
- Re: Retransmission because of no ACK from user vincent paul (Jan 19)
- Retransmission because of no ACK from user vincent paul (Jan 15)