First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to decrypt 802.11 for wpa2 enterprise

  • retag add tags

I have found a document which explained how to decrypt WPA2 enterprise, but I couldn't reproduce it in my PC.

https://wiki.wireshark.org/HowToDecry...

I have downloaded the capture from the link which the document showed,

https://wiki.wireshark.org/SampleCapt...

and used the PMK in the document. Tried 'wpa-psk' and 'wpa-pwd', both of them were not working.

a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4 79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a 23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162

But it shown as invalid key format.

My Wireshark version is

Version 2.4.6 (v2.4.6-0-ge2f395aa12)

xiaohaozi0's avatar
3
xiaohaozi0
asked 2018-07-11 06:26:19 +0000, updated 2018-07-11 06:33:21 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

Seems to work fine on all versions I have tested - decrypts up to the first rekey as I only tested the first PMK. When I paste the PMK into the field for wpa-psk (in this case, as we only have the PMK, NOT a passphrase/SSID), it says invalid but when I press enter or leave the dialog box and come back, this notice is cleared. Wireshark 2.6.1 is current; I doubt it matters, but if you did stumble across a defect, they would only fix in the latest version anyway so you might as well be using that if you can. Tested in Linux/2.4.6 and Windows/2.6.1.

image description

Bob Jones's avatar
1.5k
Bob Jones
answered 2018-07-11 09:41:37 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks, I have found what my issue is. I input 3 Keys in the same line.

a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d479258f6ceeecedd3482b92deaabdb675f09bcb403ef5074f5ddb10a94ebe00a 23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162

Actually, they are 3 PMK keys.

xiaohaozi0's avatar xiaohaozi0 (2018-07-13 08:36:54 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer