Ask Your Question
0

How do I capture http packets. I have already set up a decryption key for WPA/WPA2.

asked 2020-12-10 18:02:40 +0000

I am new to wireshark and I can't capture http packets. I tried troubleshooting and added a decryption key containing my password followed by my SSID with a colon on the middle under 802.11 in the protocol preferences. I still can't capture http packets. Please help.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-10 18:07:14 +0000

Bob Jones gravatar image

updated 2020-12-11 20:00:57 +0000

Jaap gravatar image

Be sure you cover the 'gotchas' from the wiki.

edit flag offensive delete link more

Comments

I'm having trouble understanding it. Could you simplify it for me?

NewToWireshark gravatar imageNewToWireshark ( 2020-12-11 00:52:11 +0000 )edit

For WPA and WPA2, you not only have to supply a password, you also have to ensure that Wireshark captures the initial setup of encryption ("EAPOL handshake") for each machine whose traffic you want to capture.

If you're only trying to capture traffic to and from the machine running Wireshark, it's easier if you don't capture in monitor mode - no decryption necessary.

Otherwise, you're going to have to disconnect each machine from the network and reconnect it (making the device sleep - including "shutting off" a smartphone or tablet - will probably be sufficient) while Wireshark is capturing traffic.

For WPA3, it's apparently extremely difficult, if not impossible, to do decryption in a sniffer; Wireshark doesn't support decrypting WPA3, just WPA and WPA2 (and WEP).

Remember - the whole purpose of WEP and WPA is to make it hard to sniff Wi-Fi networks!

Guy Harris gravatar imageGuy Harris ( 2020-12-11 20:35:17 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-12-10 18:02:40 +0000

Seen: 102 times

Last updated: Dec 11 '20