Wireshark-users: [Wireshark-users] Wireshark and AirPcap
From: Oliver Stock <ohlibaer@xxxxxx>
Date: Sat, 18 Sep 2010 13:25:26 +0200 (CEST)
Dear all,

I'm a network technician and frequently working with wireshark. I'm using the latest release on different systems with no problems in cabled networks. But lately I decided to get a more detailled insight into WLAN traffic and I bought an AirPcap, as it was mentioned that this stick perfectly integrates into wireshark. AirPcap unfortunately only runs under Windows, so I checked it first with a 32Bit version of Windows 7. Hmm, wireshark didn't recognize AirPcap. I checked for the latest driver, installed it, installed wireshark once again, and there it was, although an unreadable error message appeared at startup. I closed wireshark, reopened it, and no AirPcap appeared.
I then checked it with a 64Bit version of Windows 7, running in a VM. Wireshark didn't even start when AirPcap was connected.
Next step was to install a Windows XP SP2 in a VM, and there it worked. AirPcap is recognized and can capture data. I tried to enter the decryption key using wireshark as decryptor, but I could only choose WEP or WPA-PWD / WPA-PSK. When choosing WPA-PSK with my key (exactly 64 characters long), I'm getting an error message that the key is too long. But even when cutting off 1 or 2 chars, I'm still getting this error message. So I'm a bit stuck at the moment.

Is there any known bug with wireshark and Windows 7? I've read that wireshark and AirPcap have difficulties when running under Windows Vista, but haven't found anything regarding Windows 7.
Is there any chance that wireshark can decrypt WPA2-PSK?
Best regards,

Oliver