Web and Application Security is failing and the breaches keep on coming! (by The Oldcommguy®)
LMTV Sharkfest | TRANSUM How-To Part 1 - Troubleshooting Network and Application Performance Problems (by Paul Offord)

How To Decrypt WPA2 Trace With Wireshark (by Tony Fortunato)

Packet analysis was tricky enough without layering WiFi on top of it.

First you need to know if you have a WiFi card that can capture the WiFi radio header, then you have to figure out if you can capture in promiscuous mode, then you need to understand if the wireless network has client isolation or similar configurations.  Whew…  yeah real straight forward.

That's where having a specifically designed WiFi tool helps. In this example I used a Fluke Networks One Touch to capture some packets.  Capturing them was the easy part.  Now I have to decrypt them.

I chose to use Wireshark and want to share with you how to decrypt a trace file when the client is using WPA2 encryption.

As I said in the video, the key (no pun) here is to start your capture before the client authenticates with the access point.

Enjoy

 

Comments