Hello Frank,
I'm using a WPN824v2 Netgear with WPA2-PSK[AES] key.
In my opinion the paylod should be encrypted as well…but I'm not an expert of the subject.
If they payload is not encrypted what is the wpa-pwd:myPassword setting for??
Kind regards,
Marco - StockTrader
On 11 Nov 2011, at 07:33, Frank Cui wrote:
> Hi Marco,
>
> Is your wifi network using a common wpa/wpa2 pre-shared key configuration? If so, then I believe there is no symmetric encryption algorithm applied to the payload. The key is primarily used to prevent unknown users joining your network.
>
> Thanks
> Frank
>
> Sent from my iPad
>
> On 2011-11-12, at 12:53 AM, Marco Zuppone <msz@xxxxxx> wrote:
>
>> Hello,
>>
>>
>> I'm studying for the certification and so I was trying to capture some Wifi traffic but I have some questions about it:
>> In the IEEE 802.11 protocol configuration I added the key in the format wpa-pwd:myPassword
>> Then I started to capture the traffic with the default options: Monitor mode + promisquous mode + 802.11 plus radio tap header
>> I used this capture filter: wlan host 00:26:08:dc:e1:55 to capture only the communication directed to my pc (I know that I could disable the monitor mode in this case…)
>>
>> I started the capture and browsed to an Internet site for some minutes, I applied the display filter wlan.fc.type_subtype == 0x20 && !llc to get only the data frames and I was able to see some HTTP requests in cleartext in the payload.
>>
>> So far so good but now I have the question:
>>
>> I modified the password using deliberatly a wrong one, applied, even closed and reopened WireShark and repeated the process.
>> I can still see the cleartext….
>> So how come I can see the decrypted cleartext using a password that is wrong? Is this because is the OS driver that decrypts for me??
>> Kind regards & Thanks
>> Marco - StockTrader
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe