Oposum's profile - activity

I am used to the "802.11 wireless toolbar" in Wireshark adding a proper "tk" (temporal key, aquired from the AP). But how do you do this with tshark? I adapted the following command, similar according to [0] and [1]:

/usr/bin/tshark -r testcase.pcap -w testcase_decrypted.pcap -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"tk\",\"2b59161a0555ab87bd58338df107e5c2\""

The decrypted PCAP itself seems to be bigger regarding it's filesize, but is still not decrypted using the mentioned command. Decryption is working, when applying the TK in Wireshark though.

TShark (Wireshark) 3.6.2 (Git v3.6.2 packaged as 3.6.2-2)

Copyright 1998-2022 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) using GCC 11.2.0, with libpcap, with POSIX capabilities
(Linux), with libnl 3, with GLib 2.71.2, with zlib 1.2.11, with Lua 5.2.4, with
GnuTLS 3.7.3 and PKCS #11 support, with Gcrypt 1.9.4, with MIT Kerberos, with
MaxMind DB resolver, with nghttp2 1.43.0, with brotli, with LZ4, with Zstandard,
with Snappy, with libxml2 2.9.12, with libsmi 0.4.8.

Running on Linux 5.14.0-1045-oem, with Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
(with SSE4.2), with 7661 MB of physical memory, with GLib 2.72.1, with zlib
1.2.11, with libpcap 1.10.1 (with TPACKET_V3), with c-ares 1.18.1, with GnuTLS
3.7.3, with Gcrypt 1.9.4, with nghttp2 1.43.0, with brotli 1.0.9, with LZ4
1.9.3, with Zstandard 1.4.8, with libsmi 0.4.8, with LC_TYPE=en_US.UTF-8, binary
plugins supported (0 loaded).

[0] https://tshark.dev/packetcraft/add_co... [1] https://osqa-ask.wireshark.org/questi...

I am using the "-T ek" option already for parsing and filtering the pcap and finally got it working! The following is a

Went to the office today, because I could not get this out of my head. I have to correct myself. It seems like my tshark

Went to the office today, because I could not get this out of my head. I have to correct myself. It seems like my tshark

Went to the office today, because I could not get this out of my head. I have to correct myself. It seems like my tshark

tshark: How to decode 802.11 capture with temporal key I am used to the "802.11 wireless toolbar" in Wireshark adding a

Both. First I need tshark to decrypt all the according packets using the temporal key and store the whole packet flow in

Both. First I need tshark to decrypt all the according packets using the temporal key and store the whole packet flow in

Hey Chuckc, thanks! Probably I only read what I wanted to read... But you're right about the comments. Since it's the w

Thanks. But Omnipeek won't help me. I am working on a self written CLI test automation, which relies on tshark already

"Wireshark does not save decrypted capture files:" Thanks, but, hm - I am talking about tshark not Wireshark :) And what

"Wireshark does not save decrypted capture files:" Thanks, but, hm - I am talking about tshark not Wireshark :) And what

"Wireshark does not save decrypted capture files:" Thanks, but, hm - I am talking about tshark not Wireshark :) And what

tshark: How to decode 802.11 capture with tk I am used to the "802.11 wireless toolbar" in Wireshark adding a proper "tk

Are there any news on the open case @JulM at IXIA?

Are there any news on the open case @JulM at IXIA?

Thanks Guy, rpcap works now. For the documentation, if someone else stumbles across this: 1. remove wireshark/tshark an

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)? I was used to this on Windows, but can not find this in the linux version? I've compiled v3.2.3 from the source code on my own (https://ask.wireshark.org/question/99...) - do I have to set a special option before compiling?

How to enable rpcap support in linux version How do you enable rpcap support via external interfaces in wireshark on lin