TLS decryption isn't working on my 802.11 capture

asked 2020-12-21 14:29:46 +0000

updated 2020-12-21 21:01:58 +0000

Guy Harris gravatar image


i am capturing 801.11 traffic using a WLAN sniffer. I want to decrypt both the 802.11 encryption and the TLS encryption (of my Firefox traffic). The decryption of 802.11 works fine (using the wpa-pwd of my network with a captures handshake) but i am not able to further decrypt the TLS packets. For the TLS decryption im using a SSLKEYLOG file which i reference in Wireshark under Preferences->Protocols->TLS->(Pre)-Master-Secret log.

Addionally im running Wireshark on the client, where TLS decryptions works just fine. But using the same SSLKEYLOG file on the sniffed capture, im not able to see any (TLS) decrypted packets...

Am i missing something?

Any help would be appreciated.

Further Information:

Used Wireshark Version: 3.4.2 Used WLAN Sniffer: Raspberry PI with tshark (2.6.8), used aircrack-ng to put the interface in monitor mode WLAN: WPA2, 2.4GHz

edit retag flag offensive close merge delete