Ask Your Question

how to decrypt 802.11 without all of EAPOL packets?

asked 2021-12-19 10:04:52 +0000

sudocdhome gravatar image

Hi, I am trying to solve a forensics challenge and now I'm stuck with a PCAP file which contains some 801.11 encrypted packets. I have the wifi-password, but it seems that I need 4 EAPOL packets to be able to decrypt the conversation. Unfortunately I cant find all required EAPOL packets in the PCAP. Is there any other way to decrypt this packets?

Wifi Password: 2bqWIk4cRFONqpvo24We Pcap file: here and also here

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-12-19 15:59:43 +0000

Bob Jones gravatar image

Try a different tool - in fact, all four EAPOLs are not required to collect the necessary keys for decryption. I was able to collect three decrypted frames with airdecap:

user@host:~/tmp$ airdecap-ng -l -e AP-Clusir-1 -p 2bqWIk4cRFONqpvo24We clusir8-01.cap
Total number of stations seen            1
Total number of packets read           127
Total number of WEP data packets         0
Total number of WPA data packets         6
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of corrupted WEP  packets         0
Number of decrypted WPA  packets         3
Number of bad TKIP (WPA) packets         0
Number of bad CCMP (WPA) packets         0
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2021-12-19 10:04:52 +0000

Seen: 782 times

Last updated: Dec 19 '21