Wireshark mailing list archives
Re: Unable to capture wireless traffic
From: Frank Barta <fbarta () gmail com>
Date: Mon, 29 Mar 2010 12:26:16 -0400
The 4-way handshake which the EAPOL frames accomplish is what derives the actual encryption keys to be used for the data, or the PTK (and later the GTK). WPA is disimilar from WEP in that, with WEP, the static encryption key was used to encrypt and decrypt data in the same method across all stations in a wireless network. Without getting into a long winded explination, the best resource I would advise for understanding how encryption with WPA works would be the white paper 802.11i Authentication and Key Management (AKM), which is available as a free white paper on www.cwnp.com . You will need to register to access it. You're correct in that if the Wireless client you are looking to monitor is already connected to the AP, you will not be able to decrypt the traffic. The 4-Way handshake of EAPOL frames occurs immediately after association to the AP. Without capturing the EAPOL frames, Wireshark cannot derive the PTK/GTK and will not be able to decrypt the data successfully. On Mon, Mar 29, 2010 at 6:19 AM, Cae Sium <caesium5 () gmail com> wrote:
Frank, I am able to capture the EAPOL only if I start wireshark first, then I start the desktop's (the computer that I wanted to monitor) connection to my router. if the desktop is already connection then I start wireshark, all I'll get is the IEEE802.11 , LLC protocol etc, no eapol or tcp traffic captured at all. anway, am I right to say that to get eapol is for the wpa-psk, which I have since I have access to the router's config? From: Frank Barta <fbarta@xxxxxxxxx> Date: Sun, 28 Mar 2010 20:47:53 -0400 Cae, Are you capturing the EAPOL keys for the 4-way handshake? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Unable to capture wireless traffic Ng (Mar 27)
- <Possible follow-ups>
- Unable to capture wireless traffic Cae Sium (Mar 27)
- Message not available
- Re: Unable to capture wireless traffic Frank Barta (Mar 27)
- Re: Unable to capture wireless traffic Steve Evans (Mar 27)
- Message not available
- Re: Unable to capture wireless traffic Cae Sium (Mar 28)
- Re: Unable to capture wireless traffic Frank Barta (Mar 28)
- Unable to capture wireless traffic Cae Sium (Mar 29)
- Re: Unable to capture wireless traffic Frank Barta (Mar 29)