Wireshark mailing list archives

Re: Capturing Wifi traffic on MacOS Lion

From: Frank Cui <frankcui24 () gmail com>
Date: Fri, 11 Nov 2011 15:33:19 +0800

Hi Marco,

Is your wifi network using a common wpa/wpa2 pre-shared key configuration? If so, then I believe there is no symmetric 
encryption algorithm applied to the payload. The key is primarily used to prevent unknown users joining your network.

Thanks
Frank

Sent from my iPad

On 2011-11-12, at 12:53 AM, Marco Zuppone <msz () msz it> wrote:

Hello,


I'm studying for the certification and so I was trying to capture some Wifi traffic but I have some questions about 
it:
In the IEEE 802.11 protocol configuration I added the key in the format wpa-pwd:myPassword
Then I started to capture the traffic with the default options: Monitor mode + promisquous mode + 802.11 plus radio 
tap header
I used this capture filter: wlan host 00:26:08:dc:e1:55  to capture only the communication directed to my pc (I know 
that I could disable the monitor mode in this case…)

I started the capture and browsed to an Internet site for some minutes, I applied the display filter 
wlan.fc.type_subtype == 0x20 && !llc to get only the data frames and I was able to see some HTTP requests in 
cleartext in the payload.

So far so good but now I have the question:

I modified the password using deliberatly a wrong one, applied, even closed and reopened WireShark and repeated the 
process.
I can still see the cleartext….
So how come I can see the decrypted cleartext using a password that is wrong? Is this because is the OS driver that 
decrypts for me??
Kind regards & Thanks
Marco - StockTrader
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 11)
- Re: Capturing Wifi traffic on MacOS Lion Frank Cui (Nov 11)
  - Re: Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 11)
    - Re: Capturing Wifi traffic on MacOS Lion frank cui (Nov 11)
    - Re: Capturing Wifi traffic on MacOS Lion Marco Zuppone (Nov 12)