I am having trouble decrypting this Wireshark trace (C:fakepathsample ublox capture with tablet connect.pcapng). The AP is a ublox wifi module that is a part of an embedded system, and there are two clients. One is another one of the same ublox radios, and the other client is an Asus tablet. The tablet-AP link is decrypted without issue, but only a few of the ubloxClient-AP packets are decrypted.
tablet-AP link:All 4 EAPOL packets are captured (starts with packet 563) and the traffic is all decrypted.
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3. 6 References; 7 External links. WPA-Personal: Also referred to as WPA-PSK (pre-shared key) mode, this is designed for home. As a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. A wireless network with WPA-PSK encryption requires a passphrase (the. And the passphrase (at least 8 and at most 63 ASCII characters) in the form above.
ubloxClient-AP Link:All 4 EAPOL packets were captured (starts with packet 111), but the data isn't all decrypted. For example, packet 134 is encrypted, but packet 139 is decrypted.
Here is some more info:
- SSID: testSSID
- password: pass1234
- BSSID: d4:ca:6e:70:39:07
- A helpful filter I used: (wlan.addr d4:ca:6e:70:39:07) && !(wlan.fc.type_subtype 8)
- I tried toggling the the 'Enabledecryption' checkbox under the IEEE802.11 settings.
- The messages that would decrypt are 1Mbps, while the packets that wouldn'tdecrypt are 65 Mbps.
- It was captured with an AirPcap Nx,but I have tried capturing with aLinksys AE3000 and got similarresults.
- I am using Wireshark Version 2.6.1 onWindows, but I have tried to decryptthe same trace on a Linux machine.
- I tried using airdecap-ng but got thesame results.
- It seems like it may be a modulationrelated issue, but the adaptercaptured the packets, so I thoughtWireshark would be able to decryptthem.
Any ideas on why I cannot get this trace to decrypt?
editretagflag offensiveclosemergedelete