There are some tools you can use to decrypt WPA within PCAP files if WPA decryption is not possible on Linux wireshark. Aircrack-ng includes a tool called Airdecap-ng which you can use to decrypt the traffic. It's not a perfect solution however if your use airdecap-ng and leave the 802.11 headers intact, you can match the WLAN SEQ #s from the outfile and the infile.
Hope this helps!
On Wed, Feb 17, 2010 at 3:27 PM, Joerg Mayer
<jmayer@xxxxxxxxx> wrote:
On Wed, Feb 17, 2010 at 04:44:57PM +0000, Thomas Morton wrote:
> I have tried adding WPA decryption keys to Wireshark as well (just in
> case...) with no joy.
IIRC WPA decryption is not available on Linux - it requires the use of
airpcap on Windows and if on windows, it will only work with PSK, not
802.1X of course.
ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.