Wireshark-users: Re: [Wireshark-users] Unable to decode WPA2

From: "Matt Roberts" <k141@xxxxxxxxxxx>
Date: Wed, 7 Jan 2009 16:15:29 -0800

Hi,

well I have the password, I'm not trying to crack anything. The example capture that is given in the link I gave in my initial post works fine with me, so I'm not sure what I'm doing wrong.

Matt.

--------------------------------------------------
From: "Jorge L. Vazquez" <jlvazquez825@xxxxxxxxx>
Sent: Wednesday, January 07, 2009 9:12 AM
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Unable to decode WPA2

well, you already capture the 4 way handshake with the encryption key,
all you need is a tool capable of decrypting it, with either a
dictionary attack or rainbow tables....... I don't think wireshark can
do this


thanks
-JV
blog: www.pctechtips.org



Matt Roberts wrote:
Hi,

thanks for your reply.

Yes I have the 4 EAPOL entries, but now what do I do with them? I'm not sure
what key to use from the entries I see?

Thanks,

Matt.

--------------------------------------------------
From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx>
Sent: Tuesday, January 06, 2009 4:44 PM
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Unable to decode WPA2


On Tue, Jan 6, 2009 at 3:01 AM, Matt Roberts <k141@xxxxxxxxxxx> wrote:

Hello all,

I have spent countless hours trying to decode my own traffic using WPA2
and
I need some help.

My WPA2-PSK passphrase is "testpass". This is what I enter on my router
configuration and my PC. I can connect to the internet no problem.
My SSID is "globul".

When I sniff the traffic I see the 4 EAPOL entries. I can't figure out
what
to put in the wireshark 802.11 preference. I tried:

wpa-pwd:testpass:globul

That didn't decrypt anything.
 [...]

Did you capture the initial (EAPOL) 4-Way Pairwise handshake, which
usually happens immediately after you have associated with the
network?

That handshake contains additional information required to decode the
WPA2-PSK encrypted traffic.

The passphrase alone is not enough to decode WPA2-PSK traffic (which
is why WPA2 is more secure than WEP).

Regards,
Kam-Yung
--
Soh Kam Yung
my Google Reader Shared links:
(http://www.google.com/reader/shared/16851815156817689753)
my Google Reader Shared SFAS links:
(http://www.google.com/reader/shared/user/16851815156817689753/label/sfas)
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe