Thomas Morton wrote:
> I was under the impression using airpcap was an optional extra on
> WIndows - but that Wireshark could decrypt packets (the userguide
> suggests this). I will have a re-read.
That's correct. 802.11 decryption should work no matter what on any
platform provided:
- You've captured the 4-way EAPOL handshake necessary to derive the
keys (try filtering for "eapol").
- You've toggled the "Assume Packets Have FCS" and "Ignore the
Protection bit" appropriately for the way your driver delivers
802.11 frames
- You're using pre-shared keys.
- You have a recent version of Wireshark. Various decryption bugs
have cropped up in older versions.
--
Join us for Sharkfest ’10! · Wireshark® Developer and User Conference
Stanford University, June 14-17 · http://www.cacetech.com/sharkfest.10/