1

I'm trying to decrypt captured wpa-psk traffic with tshark, but it's not recognizing the option I'm trying to override. This option allows me to specify a PSK to use for decrypting. I'm using tshark 1.8.1 from the Backtrack R3. 

# tshark -o wlan.wep_key1:wpa-pwd:foo:bar
tshark: -o flag "wlan.wep_key1:wpa-pwd:foo:bar" specifies unknown preference

It appears from other posts that this option has worked before (here and here).

Community
  • 1
sybind
  • 307
  • 1
  • 4
  • 14

1 Answers1

0

That option seems to have changed as of 1.8; here is the new syntax:

 tshark  -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"wpa-pwd\",\"{PASS}:{SSID}\"" ...

You do need the quote escaping as shown, and obviously substitute {PASS} and {SSID}.

thetoolman
  • 111
  • 2