The Decryption Keys Management Dialog
This dialog window (shown in Figure 8) can be used to organize the keys that will be used to decrypt the wireless packets. It is possible to decrypt packets encrypted with WEP, WPA and WPA2. however, notice that:
•In order to decrypt WPA and WPA2 you will need to capture the
•Wireshark can only decrypt “WPA personal” sessions, which use
As explained in “The Wireless Toolbar” section, there are three possible decryption modes: None, Driver and Wireshark. The keys specified in this dialog will be used either by the Driver or Wireshark depending upon the selected Decryption Mode. It should be noted that WPA and WPA2 are decrypted only in Wireshark mode.
Note that, no matter which setting is used, the keys are applied to the packets in the same order they appear in the keys list. Therefore, putting frequently used keys at the beginning of the list improves performance.
To add or remove a key, use the “Add New Key” or “Remove Key” buttons, respectively. “Edit Key” allows you to change the value of an existing key. “Move Key Up” and “Move Key Down” can be used to change the order of the keys. This may be an important performance consideration, since the driver uses the keys in the order they appear in this list.
Use the “Select Decryption Mode”
Figure 8: Decryption Keys Management Dialog in Wireshark
18 | AirPcap User’s Guide |