Hacker News new | ask | show | jobs
by justquest 4214 days ago
This is pretty standard wireshark stuff; showing data that was on an unencrypted network.

What I've been wondering about for a while now is, can wireshark show data on an encrypted network, assuming it has the key? Can wireshark take a known WEP/WPA2 key and use it to decrypt the packets on an encrypted network on the fly? I haven't found any CLI's or GUI's that have been able to do this out of the box. But surely someone has made this somewhere.

Wireshark is straightforward for revealing data on unencrypted wireless, but I haven't discovered how it could be used to monitor network users when someone has deciphered the key unbeknownst to the users who assume they are operating on an encrypted network such as WEP/WPA2.

Does the nature of the encrypted handshake make this impossible?
1 comments
geoah 4214 days ago
You can decrypt keys in wireshark once you have the key, you can also provide a key to wireshark to decrypt streams on the fly using said key.

http://wiki.wireshark.org/HowToDecrypt802.11

link
justquest 4214 days ago
Thanks, I'd been wondering this in the back of my head for a while, last time I searched for some reason I couldn't find much.

edit: Now that I see the wiki, I remember correctly that the version of Linux I was using didn't work with this feature in the GUI. Maybe I'll look for the CLI version again soon.

link