Monday, June 29, 2015

How to Decrypt 802.11

How to Decrypt 802.11

Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption is not yet supported.
You can add decryption keys using Wireshark's 802.11 preferences or by using the wireless toolbar. Up to 64 keys are supported.

Adding Keys: 802.11 Preferences

Go to Edit->Preferences->IEEE 802.11. You should see a window that looks like this:
dot11-wep-wpa.png
Note that the key examples mention WPA, and that each key item is labeled "Key". If your preferences window doesn't mention WPA, like this
dot11-wep-only.png
then your version of Wireshark only supports WEP decryption. This might be the case with older versions of Wireshark, particularly the 64-bit Windows version.
In all versions WEP keys can be specified as a string of hexadecimal numbers, with or without colons: 
    a1:b2:c3:d4:e5
    0102030405060708090a0b0c0d
In versions that support WPA decryption you should use a prefix to tell Wireshark what kind of key you're using:
  • wep The key is parsed as a WEP key. 
    wep:a1:b2:c3:d4:e5
  • wpa-pwd The password and SSID are used to create a raw pre-shared key. 
    wpa-pwd:MyPassword:MySSID
  • wpa-psk The key is parsed as a raw pre-shared key. 
    wpa-psk:0102030405060708091011...6061626364
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)