Can't decrypt WPA-PSK (WPA/WPA2) even with passphrase and EAPOL Handshake
Using the same method, I've been able to decrypt monitor mode captures from some networks, but not others. What can cause this and is it possible to work around these cause(s)?
I have successfully decrypted multiple captures from network A. I've decrypted them by providing the PSK (either in the 256-bit variety, generated here or the raw password).
However, when I try the same thing using captures from network B, I'm unable to see anything higher level than 802.11. In this later case I have captured the EAPOL handshake and definitely provided the correct passcode
What else can I do to decrypt (or to debug?).
I am using Wireshark 2.4.4 on OS X High Sierra.
I have similar problem, although I didn't manage to decrypt any wpa/wpa2 traffic so far in wireshark. Same as above it don't let me go beyond 802.11 level and I'm 100% sure in key and its format. All FCSs are good or workable states.
To crack cap file I use airdecap-ng from aircrack-ng suite and then re-upload them back in wireshark. But this is very annoyingly slow and I want to decrypt on the fly.
Anyone can help to fix this issue?
This isn't an answer, but I can't move it to a comment. You might try providing a sample trace with appropriate SSID/passphrase so we could attempt to figure out what might be the problem.
Bob, my bad, I moved it. Don't think it is great idea to post live traffic for open use.
It seems it solved itself out after I updated Wireshark to newest stable version.