7

I'm testing sniffing and decrypting my WPA2 wifi network traffic. But when using airdecap to decrypt the capture file (created by airodump) using my WPA passphrase I only get broadcast traffic. If I understand it correctly (after reading the question below) that's because I have to capture session keys when other users start their sessions. So my question is how do I capture and use session keys to decrypt traffic in the capture file? I know I can force clients to deauthenticate but somehow I guess I have to extract the session keys and use them in e.g. Wireshark.

Any advantage to securing WiFi with a PSK, other than to keep out unauthorized

Community
  • 1
LinusK
  • 171
  • 2

1 Answers1

4

In Wireshark, filter for "eapol" packets. You can read RFC 4764 to figure out how to derive the encryption key from those packets, or look at the Wireshark decryption source code.

They say this exchange pattern is for the sake of simplicity, though I consider not using a Diffie-Hellman exchange to have been foolish (see section 1.1.1).

Bruno Rohée
  • 5,221
  • 28
  • 39
Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171