Wireshark mailing list archives

Capturing Wifi traffic on MacOS Lion


From: Marco Zuppone <msz () msz it>
Date: Fri, 11 Nov 2011 16:53:10 +0000

Hello,


I'm studying for the certification and so I was trying to capture some Wifi traffic but I have some questions about it:
In the IEEE 802.11 protocol configuration I added the key in the format wpa-pwd:myPassword
Then I started to capture the traffic with the default options: Monitor mode + promisquous mode + 802.11 plus radio tap 
header
I used this capture filter: wlan host 00:26:08:dc:e1:55  to capture only the communication directed to my pc (I know 
that I could disable the monitor mode in this case…)

I started the capture and browsed to an Internet site for some minutes, I applied the display filter 
wlan.fc.type_subtype == 0x20 && !llc to get only the data frames and I was able to see some HTTP requests in cleartext 
in the payload.

So far so good but now I have the question:

I modified the password using deliberatly a wrong one, applied, even closed and reopened WireShark and repeated the 
process.
I can still see the cleartext….
So how come I can see the decrypted cleartext using a password that is wrong? Is this because is the OS driver that 
decrypts for me??
 Kind regards & Thanks
Marco - StockTrader
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


Current thread: