As shown in the window you can select between three decryption modes: None, Wireshark, and Driver: This will open the decryption key managment window. If the toolbar isn't visible, you can show it by selecting View->Wireless Toolbar.
If you are using the Windows version of Wireshark and you have an AirPcap adapter you can add decryption keys using the wireless toolbar. Wpa-psk The key is parsed as a raw pre-shared WPA key. This may not work for captures taken in busy environments, since the last-seen SSID may not be correct. You can optionally omit the colon and SSID, and Wireshark will try to decrypt packets using the last-seen SSID. Wpa-pwd The password and SSID are used to create a raw pre-shared WPA key. Wep The key must be provided as a string of hexadecimal numbers, with or without colons, and will be parsed as a WEP key. When you click the + button to add a new key, there are three key types you can choose from: wep, wpa-pwd, and wpa-psk: You should see a window that looks like this: You should see a window that looks like this:Ĭlick on the "Edit." button next to "Decryption Keys" to add keys. Go to Edit->Preferences->Protocols->IEEE 802.11. You can add decryption keys using Wireshark's 802.11 preferences or by using the wireless toolbar. WPA/WPA2 enterprise mode decryption works also since Wireshark 2.0, with some limitations. Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode.
0 kommentar(er)
