Can't see http traffic in my captures, hope you can help me
Hi! I am very new to Wireshark, I have it V3.4.2 installed on a MacBook Air running macOS Big Sur.
I have "Enable decryption" checked under Preferences->Protocols->802.11; and I also manually added the decryption key. The key type is "wpa-pwd" and I used the format described on the Wireshark wiki page whic is "MyPassword:MySSID" No special characters in my WiFi password, it just has one number in it. There's no space before or after the ":"
I am able to see all 4 EAPOL packets. However, I noticed that message 3 of 4 shows "WPA EAPOL Extraneous Data: ........." [Expert Info (Warning/Malformed): Extraneous and invalid data in EAPOL frame] under 801.1X Authentication.
I did try reading through different posts hoping to find instructions that could help me solve this. Thank you!
If that frame has a bad FCS, decryption probably will not work. Try to get another set of eapol frames from the handshake that are good. Make sure you are close enough to the device and AP to pick up it's traffic.
Thanks for the suggestion. I am still seeing "WAP EAPOL Extraneous Data: ....." in message 3 of 4.