Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AIRPCAP and wireshark 1.8.4

From: Giuseppe Montanarella <giuseppe.montanarella () gmail com>
Date: Fri, 8 Feb 2013 15:33:55 +0100
Maybe I did not explain properly.
I use wireshark 1.8.4 and I want to understand what traffic goes in my wifi,
if I go to set the network key to decrypt the traffic, the password is not
stored and can not decrypt the traffic,
Someone using Windows and AirPcap to sniff wireless?

Thanks
Giuseppe


2013/1/31 Prigge Scott <PriggeScottM () johndeere com>


if there is some problem with this version of wireshark because i am not

able to decript wireless traffic?

Doubtful, these guys are pretty good. What is probably more likely is that
you are attempting to view a cached SSL session which bypasses the full SSL
key exchange. I can't remember where in the I saw/heard this, but I can
tell you from personal experience that Wireshark can only decrypt SSL when
the entire key exchange sequence has been captured. I'm sure someone on
this board who is a lot smarter than me will give you a better way, but I
can typically tell if the SSL session is cached because the Server Hello
packet is approximately the same size as the Client Hello - meaning that
the certificate was never transmitted. In a full key exchange, the entire
certificate is transmitted which typically results in  one or more
full-sized TCP segments before Wireshark rolls them up into a Server Hello
in the Info column.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: