how to decrypt 802.11 without all of EAPOL packets?

Hi, I am trying to solve a forensics challenge and now I'm stuck with a PCAP file which contains some 801.11 encrypted packets. I have the wifi-password, but it seems that I need 4 EAPOL packets to be able to decrypt the conversation. Unfortunately I cant find all required EAPOL packets in the PCAP. Is there any other way to decrypt this packets?

Wifi Password: 2bqWIk4cRFONqpvo24We Pcap file: here and also here

Try a different tool - in fact, all four EAPOLs are not required to collect the necessary keys for decryption. I was able to collect three decrypted frames with airdecap:

user@host:~/tmp$ airdecap-ng -l -e AP-Clusir-1 -p 2bqWIk4cRFONqpvo24We clusir8-01.cap
Total number of stations seen            1
Total number of packets read           127
Total number of WEP data packets         0
Total number of WPA data packets         6
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of corrupted WEP  packets         0
Number of decrypted WPA  packets         3
Number of bad TKIP (WPA) packets         0
Number of bad CCMP (WPA) packets         0

1.5k

Bob Jones

answered 2021-12-19 15:59:43 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

how to decrypt 802.11 without all of EAPOL packets? edit

Comments

1 Answer

Comments