Ask Your Question

Capture encrypt 802.11 and decrypt later?

asked 2020-06-02 14:01:49 +0000

DarkMa0tter gravatar image

I want to use an external wifi adapter (with a higher range than my internal), wich i can't use to connect directly to my network. However i just captured in monitor mode with tshark, then loaded it in wireshark... but i wasn't able to encryt the data (i set my network data as "passphrase:ssid")... Can someone help me out? Or do i have to be connected to get the same data?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2020-06-02 14:27:49 +0000

Bob Jones gravatar image

For general 802.11 decryption processes, see the wiki page here.

In particular, there is a Gotchas section which could be useful - make sure you take care to address those concerns. With no other information that what is presented, my first guess is that you don't have all four EAPOL frames from the client and the network under review is WPA2. If this is really the case, you don't have sufficient information to be able to decrypt.

You do not have to be connected to that network in any way - a pure passive capture from an otherwise unused WiFi adapter on that channel that can pick up the client/AP traffic can be sufficient.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-06-02 14:01:49 +0000

Seen: 274 times

Last updated: Jun 02 '20