I know the PSK of a WPA2 network and have a pcap of some images sent through it. In my current situation, is there any software package I can use to decrypt the pcap file (NOT just for a Wireshark viewing session, but actually change the packets in the file)? Does Wireshark offer it indigenously? So I went back over to wireshark and opened the pcap, tinkered with the settings, then realized that it saved the raw version, not the version with the decrypted WPA2 data. However, when I went to driftnet, it didn't see any of the images I expected it to. I saved it into a pcap file so it could be easily read by external programs (the one I had in mind was driftnet). So I was able to successfully capture that data. So I started up my phone and went to a website without SSL that had image data, and saw the data go through wireshark. I then went to Wireshark's Edit>Preferences>Protocols>IEEE 802.11 and enabled key decryption, entering my networks WPA-PSK, and after tinkering with some pesky FCS and protection bit settings, was able to successfully decrypt data in real time. I sent out a few de-authentication packets to capture all nearby devices' WPA2-PSK temporary session keys. I performed a wireless network capture with Wireshark on a WPA2 encrypted network while my adapter was in monitor mode, so the wireless driver didn't automatically decrypt any of the data it passed to Wireshark, thus all I saw was packets labeled with the "802.11" protocol. I'm in a testing environment, so I know all of the variables (WPA2 network password/PSK key). data packets Number of decrypted WEP packets Nunber of decrypted WPA packets C.
Ok, so I realize that my title is very vague. Figure 6.35 Decrypting WEP Traffic with Airdecap - ng LUX C : WINDOWS.
0 kommentar(er)
