This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark isn’t decrypting my 802.11 traffic

0

hello, im not too familiar with wireshark and i'm struggeling. What am i missing?

I have the following setup:

Wifi with WPA2 Personal(AES), Router runs on DDWRT. I have alfa awus036h with monitor mode enabled on ubuntu 15.04. I start a capture of my wifi with password xx and ssid yy.

Then i connect my Phone to the YY Network and make some HTTP calls. In Wireshark the traffic is only displayed as 802.11. But then i go to Preferences -> Protocols -> IEEE 802.11 and enter the passphrase (i know it since it is from my wifi, just playing around). I've chosen pwd and entered "xx:yy" and i've tried psk (https://www.wireshark.org/tools/wpa-psk.html).

But even if i reload the view manualy all traffic remains as 802.11 - no TCP requests are shwon.

So again, what am i missing? kind regards

asked 19 Jun '16, 10:00

H%C3%BChns's gravatar image

Hühns
6112
accept rate: 0%

edited 19 Jun '16, 10:50

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

Does your capture include the EAPOL handshake for each of the machines whose traffic you're trying to capture and decrypt? One way to get that would be to put the machines to sleep, start the capture, and then wake the machines up ("turning off" a smartphone generally just puts it to sleep, and "turning it on" wakes it up) so that they have to re-associate with your network.

(19 Jun '16, 10:50) Guy Harris ♦♦

actually i think yes. I didn't put the smartphone to sleep but completely removed the WiFi network in settings and reconnected. This should do the trick, doesn't it?

(19 Jun '16, 23:02) Hühns

Sorry for not uploading the recording but there might be a family member of me in the capture and i wouldn't want to share it online.

I did some more research, switching to a different AP lead me to actually capture EAPOL handshakes (4x per auth). But still, entering the pwd or psk didn't do the trick. :-\ Still only EAPOL and 802.11 packets. I have spaces/blanks in my SSID, might this cause the problem?

(22 Jun '16, 12:25) Hühns

Try using the preshared key instead of the passphrase, this may do the trick if your passphrase has some special characters

(28 Jun '16, 01:46) ae4baifee4