Wireshark-users: Re: [Wireshark-users] WEP & WPA decryption
From: BigAl.NZ@xxxxxxxxx
Date: Fri, 15 Jul 2011 03:38:57 +0000
I am still getting stuck on 1 aspect of decryption. After putting my card into monitor mode with:
airmon-ng start wlan1 1 (if my AP is on channel 1)
I then run wireshark and enter in my WEP key as wep:1122334455
Then I start to capture on mon0 - but nothing is decrypted. I have decryption on.
If I have networking running and connect wlan1 to my AP and then run wireshark on wlan1 it decrypts fine, as would be expected since wlan1 is connected to AP.
Why is decryption not working on mon0?
Cheers
-Al
On , Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
> The 802.11 WPA passphrase and SSID preferences let you encode
>
> non-printable or otherwise troublesome characters using URI-style
>
> percent escapes, e.g. %20 for a space. As a result you have to escape
>
> the percent characters themselves using %25.
>
>
>
> On 7/14/11 12:41 PM, kevin creason wrote:
>
> > Just a thought- did you try escaping the % sign or enclosing with single quotes?
>
> > So, try \&abcde1234\%, or single quotes as in '%abcde1234%'
>
> >
>
> > Certain specials characters are extra special. :)
>
> >
>
> > On windows, system variables are referenced as %NAME%.
>
> > Other systems it can be Hash variable signifier...
>
> > It's just a thought- I'm not sure if this is even remotely possible,
>
> > but it's always good to check.
>
> >
>
> >
>
> >
>
> > -Kevin
>
> > /*“ I am looking for a lot of men who have an infinite capacity to not
>
> > know what can't be done. ” -- Henry Ford */
>
> >
>
> >
>
> >
>
> >
>
> > On Thu, Jul 14, 2011 at 2:29 PM, Al Grant bigal.nz@xxxxxxxxx> wrote:
>
> >> HI All,
>
> >>
>
> >> A bit of a wireshark newbie here, but its such a powerful tool I am
>
> >> experimenting and learning.
>
> >>
>
> >> So far my experiments have lead me to a few questions. With WPA decryption I
>
> >> found that:
>
> >>
>
> >> With a WPA password of the format %word1234% I could not decrypt the
>
> >> packets? I wonder if the '%' interfered with it? As soon as I changed the
>
> >> password to abcd1234 it decrypted fine? Does anyone know what this was?
>
> >>
>
> >> Also with WEP decryption I assume that I do not need to capture the session
>
> >> handshake?
>
> >> With WEP decryption I have also had problems, I tried to enter the WEP Hex
>
> >> value in several formats:
>
> >>
>
> >> wep:xx:xx:xx:xx:xx
>
> >> xx:xx:xx:xx:xx
>
> >> xxxxxxxxxx
>
> >>
>
> >> None of them worked - any ideas here?
>
> >>
>
> >> THanks in advance,
>
> >>
>
> >> -Al
>
> >>
>
> >>
>
> >> --
>
> >> Between stimulus and response there is a space. In that space is our power
>
> >> to choose our response. In our response lies our growth and our freedom.
>
> >> - Viktor E. Frankl
>
> >>
>
> >> ___________________________________________________________________________
>
> >> Sent via: Wireshark-users mailing list wireshark-users@xxxxxxxxxxxxx>
>
> >> Archives: http://www.wireshark.org/lists/wireshark-users
>
> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> >>
>
> > ___________________________________________________________________________
>
> > Sent via: Wireshark-users mailing list wireshark-users@xxxxxxxxxxxxx>
>
> > Archives: http://www.wireshark.org/lists/wireshark-users
>
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
>
> Sent via: Wireshark-users mailing list wireshark-users@xxxxxxxxxxxxx>
>
> Archives: http://www.wireshark.org/lists/wireshark-users
>
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
airmon-ng start wlan1 1 (if my AP is on channel 1)
I then run wireshark and enter in my WEP key as wep:1122334455
Then I start to capture on mon0 - but nothing is decrypted. I have decryption on.
If I have networking running and connect wlan1 to my AP and then run wireshark on wlan1 it decrypts fine, as would be expected since wlan1 is connected to AP.
Why is decryption not working on mon0?
Cheers
-Al
On , Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
> The 802.11 WPA passphrase and SSID preferences let you encode
>
> non-printable or otherwise troublesome characters using URI-style
>
> percent escapes, e.g. %20 for a space. As a result you have to escape
>
> the percent characters themselves using %25.
>
>
>
> On 7/14/11 12:41 PM, kevin creason wrote:
>
> > Just a thought- did you try escaping the % sign or enclosing with single quotes?
>
> > So, try \&abcde1234\%, or single quotes as in '%abcde1234%'
>
> >
>
> > Certain specials characters are extra special. :)
>
> >
>
> > On windows, system variables are referenced as %NAME%.
>
> > Other systems it can be Hash variable signifier...
>
> > It's just a thought- I'm not sure if this is even remotely possible,
>
> > but it's always good to check.
>
> >
>
> >
>
> >
>
> > -Kevin
>
> > /*“ I am looking for a lot of men who have an infinite capacity to not
>
> > know what can't be done. ” -- Henry Ford */
>
> >
>
> >
>
> >
>
> >
>
> > On Thu, Jul 14, 2011 at 2:29 PM, Al Grant bigal.nz@xxxxxxxxx> wrote:
>
> >> HI All,
>
> >>
>
> >> A bit of a wireshark newbie here, but its such a powerful tool I am
>
> >> experimenting and learning.
>
> >>
>
> >> So far my experiments have lead me to a few questions. With WPA decryption I
>
> >> found that:
>
> >>
>
> >> With a WPA password of the format %word1234% I could not decrypt the
>
> >> packets? I wonder if the '%' interfered with it? As soon as I changed the
>
> >> password to abcd1234 it decrypted fine? Does anyone know what this was?
>
> >>
>
> >> Also with WEP decryption I assume that I do not need to capture the session
>
> >> handshake?
>
> >> With WEP decryption I have also had problems, I tried to enter the WEP Hex
>
> >> value in several formats:
>
> >>
>
> >> wep:xx:xx:xx:xx:xx
>
> >> xx:xx:xx:xx:xx
>
> >> xxxxxxxxxx
>
> >>
>
> >> None of them worked - any ideas here?
>
> >>
>
> >> THanks in advance,
>
> >>
>
> >> -Al
>
> >>
>
> >>
>
> >> --
>
> >> Between stimulus and response there is a space. In that space is our power
>
> >> to choose our response. In our response lies our growth and our freedom.
>
> >> - Viktor E. Frankl
>
> >>
>
> >> ___________________________________________________________________________
>
> >> Sent via: Wireshark-users mailing list wireshark-users@xxxxxxxxxxxxx>
>
> >> Archives: http://www.wireshark.org/lists/wireshark-users
>
> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> >>
>
> > ___________________________________________________________________________
>
> > Sent via: Wireshark-users mailing list wireshark-users@xxxxxxxxxxxxx>
>
> > Archives: http://www.wireshark.org/lists/wireshark-users
>
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
>
> Sent via: Wireshark-users mailing list wireshark-users@xxxxxxxxxxxxx>
>
> Archives: http://www.wireshark.org/lists/wireshark-users
>
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- [Wireshark-users] select multiple packets to mark
- From: vincent paul
- [Wireshark-users] select multiple packets to mark
- References:
- Re: [Wireshark-users] WEP & WPA decryption
- From: Gerald Combs
- Re: [Wireshark-users] WEP & WPA decryption
- Prev by Date: Re: [Wireshark-users] set SSL keys to decrypt encrypted files
- Next by Date: [Wireshark-users] select multiple packets to mark
- Previous by thread: Re: [Wireshark-users] WEP & WPA decryption
- Next by thread: [Wireshark-users] select multiple packets to mark
- Index(es):