Re: [Wireshark-dev] Saving 802.11 WPA/WPA2 decrypted packets

[Sreenivasulu Yellamaraju <Sreenivasulu.Yellamaraju () csr com>]

Hi Alexis,

Does airdecap-ng tool actually give you an option to save decrypted WPA/WPA2 packets to an output file?

If you confirm, I can think of buying it as it seems to be not a freeware.

Regards,
Sreenivasulu Y
Lead Engineer

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Alexis La 
Goutte
Sent: Sunday, May 01, 2011 8:35 PM
To: Developer support list for Wireshark
Cc: wireshark-users () wireshark org
Subject: Re: [Wireshark-dev] Saving 802.11 WPA/WPA2 decrypted packets

Hi,

Wireshark is not the better software for this.

Why not use airdecap-ng ( http://www.aircrack-ng.org/doku.php?id=airdecap-ng ) from Aircrack-ng suite ?
and use Wireshark ( tshark ? ) after for split pcap file

Regards,
On Sun, May 1, 2011 at 10:10 AM, Sreenivasulu Yellamaraju <Sreenivasulu.Yellamaraju () csr 
com<mailto:Sreenivasulu.Yellamaraju () csr com>> wrote:

Hi ,

All of us who are working with 802.11 protocol know that Wireshark can decrypt WEP/WPA/WPA2 traffic if passphrase is 
provided by the user.

Is there any method to save the decrypted WEP or WPA or WAP2 traffic of 802.11 protocol to an output pcap file?

My requirement is to

-       decrypt a huge file containing WPA2 traffic and save the decrypted packets to the output pcap file.

-       Split the output pcap file to smaller and manageable files, using the File Save As and Range feature. For 
example save packet number 1 to 1000,1001 to 2000, 2001 to 3000 etc in separate files

-       Open any one smaller output file for analysis. Since the file size will be less, it can even be e-mailed across 
to someone else

The disadvantages with the bigger input file are

- although it can be opened and decrypted in Wireshark, it takes longer to load ( for example a 800KB file takes 3 
minutes to load).
- even if the input file can be split into smaller files using the File Save As and Range feature,not all of the output 
files can be decrypted with the known passphrase as only one of
  the split files will have the EAPOL 4-way key handshake captured and the rest will have only data traffic without 
EAPOL 4-way handshake captured in them.

Please suggest if there are any known solutions?

Regards,
Sreenivasulu Y





Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, 
registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe



To report this email as spam click 
here<https://www.mailcontrol.com/sr/S0fBAs2YJLPTndxI!oX7UpJAdpTSMUBq+ARfTtZo8ElIw4reXS4XiaDc5c1Fr5Ct1Ag2LqI3Q2P63Umxp4EWgA==>.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe