Cace Technologies AirPcap Wireless Capture Adapters manual The Decryption Keys Management Dialog

The Decryption Keys Management Dialog

This dialog window (shown in Figure 8) can be used to organize the keys that will be used to decrypt the wireless packets. It is possible to decrypt packets encrypted with WEP, WPA and WPA2. however, notice that:

•In order to decrypt WPA and WPA2 you will need to capture the 4-way EAPOL handshake used to establish the pairwise transient key (PTK) used for a session.

•Wireshark can only decrypt “WPA personal” sessions, which use pre-shared keys. Decryption of “WPA Enterprise” sessions is not supported.

As explained in “The Wireless Toolbar” section, there are three possible decryption modes: None, Driver and Wireshark. The keys specified in this dialog will be used either by the Driver or Wireshark depending upon the selected Decryption Mode. It should be noted that WPA and WPA2 are decrypted only in Wireshark mode.

Note that, no matter which setting is used, the keys are applied to the packets in the same order they appear in the keys list. Therefore, putting frequently used keys at the beginning of the list improves performance.

To add or remove a key, use the “Add New Key” or “Remove Key” buttons, respectively. “Edit Key” allows you to change the value of an existing key. “Move Key Up” and “Move Key Down” can be used to change the order of the keys. This may be an important performance consideration, since the driver uses the keys in the order they appear in this list.

Use the “Select Decryption Mode” drop-down box to switch among the different decryption modes.

Figure 8: Decryption Keys Management Dialog in Wireshark