S.A. Moeys wrote:
> Hi,
>
> I'm trying to monitor traffic on my home network. I got my wireless
> adapter in monitor mode, capturing traffic works fine when I remove WPA
> from my network. When WPA is on though, I do not succeed in decrypting
> the IEEE 802.11 packets. I've tried entering the SSID and WPA (TKIP) in
> numerous formats in the IEEE 802.11 protocol section in wireshark,
> trying every possible combination of security bit, FCS etc. but no
> usable data.
>
> What am I doing wrong. I read that wireshark uses EAPOL packets to
> decrypt the data, but I'm not capturing any of those. Could that be the
> problem?
Yes. The EAPOL packets contain the keying material used for a particular
wireless session. If you don't capture the EAPOL packets (specifically, all four
packets in the "four-way handshake"), Wireshark can't decrypt the traffic.