4

As the title specifies, I'm trying to understand the minimum requirements for a utility like Wireshark to decrypt the packets from another device on a simple home network using WPA2 personal (AES).

Lets say packets between Device B and the router are captured on Device A through Wireshark's monitor mode. Just making sure, but does Device A have to be already connected to the network to capture these packets? (I believe the answer is no?)

As far as my searching and understanding, at minimum you need to have the preshared key/wireless password as well as have captured the EAPOL packets between the router and Device B to decrypt the packets from the scenario above. Is this correct, or is more/less needed?

XeroAura
  • 43
  • 1
  • 3

1 Answers1

7

Lets say packets between Device B and the router are captured on Device A through Wireshark's monitor mode. Just making sure, but does Device A have to be already connected to the network to capture these packets? (I believe the answer is no?)

The answer is, indeed, no. In monitor mode, you have a radio receiver and hardware that turns the radio signals into 802.11 packet headers and payload and supplies them to the host, regardless of whether you're associated with the network. Obviously, you have to be "connected to the network" in the sense of the radio receiving on the channel that the network is using.

As far as my searching and understanding, at minimum you need to have the preshared key/wireless password as well as have captured the EAPOL packets between the router and Device B to decrypt the packets from the scenario above. Is this correct, or is more/less needed?

That's correct (for WPA/WPA2 personal). See the Wireshark Wiki's "how to decrypt 802.11" page for more details.