I'm trying to use the 802.11 wireless decryption features in Wireshark
without much luck. We're using Wireshark 0.99.6a on Windows XP with the
AirPCap Wi-Fi capture card. It can capture non-encrypted data fine.
However, I'm trying to decrypt a CCMP/AES/WPA2 encrypted network. I'm
seeing a couple of odd behaviors:
1. When I go to the Decryption Keys window and try to add a WPA-PSK
entry (giving the key explicitly), it doesn't seem to take it. Once I
click OK and then go back to the Decryption Keys window, the entry has
disappeared.
2. I switched to using the passphrase and SSID (WPA-PWD), but it does
not appear to be working. I'm sure that I have the SSID and the
passphrase correct, and I'm also sure that I'm capturing the 802.11i key
exchange as part of the capture. I'm pinging a device on the Wi-Fi
network while capturing, but the frames are coming across as some sort
of LLC frame--it looks like garbage. In any case, there's definitely no
ping packet in there.
Any hints as to what might be going wrong? Does Wireshark not support
CCMP?
Thanks...
Owen