Wireshark · Wireshark-users: Re: [Wireshark-users] Is there any switch or option to decrypt 802.11 parket through tshark ?

Wireshark-users: Re: [Wireshark-users] Is there any switch or option to decrypt 802.11 parket thr

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sun, 23 Nov 2008 09:22:21 +0100

On Sat, Nov 22, 2008 at 09:52:48PM -0500, LI, Feng wrote:
>     
>    I have notice wireshark can decode WEP 802.11 packets by setting the IEEE
>    802.11 protocol preferences (Edit->Preferences->IEEE 802.11)
>    http://wiki.wireshark.org/HowToDecrypt802.11
>     
>    Is there any option or switch for tshark (cmd line version) to decode WEP
>    packets ?

Yes, you can. You can see all the current preferences with 

tshark -G currentprefs | grep wlan

The preferences are shared between Wireshark and Tshark, so you can set
preferences in Wireshark first and then use Tshark.

Or you can edit the preferences file in a text editor before starting Tshark.

Or you can use command line options to set preferences like this:

tshark -o "wlan.enable_decryption: TRUE" -o "wlan.wep_key1: wpa-pwd:1f2e3d4c5b:myssid -i wifi etc...

Hope this helps,
Cheers,
    Sake

Follow-Ups:
- Re: [Wireshark-users] Is there any switch or option to decrypt 802.11 parket through tshark ?
  - From: Guy Harris

References:
- [Wireshark-users] Is there any switch or option to decrypt 802.11 parket through tshark ?
  - From: LI, Feng

Prev by Date: Re: [Wireshark-users] Fw: Report Vulnerability WireShark 1.0.4 - SVRT-Bkis
Next by Date: Re: [Wireshark-users] Is there any switch or option to decrypt 802.11 parket through tshark ?
Previous by thread: [Wireshark-users] Is there any switch or option to decrypt 802.11 parket through tshark ?
Next by thread: Re: [Wireshark-users] Is there any switch or option to decrypt 802.11 parket through tshark ?
Index(es):
- Date
- Thread