I want to use an external wifi adapter (with a higher range than my internal), wich i can't use to connect directly to my network. However i just captured in monitor mode with tshark, then loaded it in wireshark... but i wasn't able to encryt the data (i set my network data as "passphrase:ssid")... Can someone help me out? Or do i have to be connected to get the same data?
For general 802.11 decryption processes, see the wiki page here.
In particular, there is a Gotchas section which could be useful - make sure you take care to address those concerns. With no other information that what is presented, my first guess is that you don't have all four EAPOL frames from the client and the network under review is WPA2. If this is really the case, you don't have sufficient information to be able to decrypt.
You do not have to be connected to that network in any way - a pure passive capture from an otherwise unused WiFi adapter on that channel that can pick up the client/AP traffic can be sufficient.
Asked: 2020-06-02 14:01:49 +0000
Seen: 266 times
Last updated: Jun 02 '20
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
