Saving 802.11 WPA/WPA2 decrypted packets
2011-05-01 08:10:18 GMT
All of us who are working with 802.11 protocol know that Wireshark can decrypt WEP/WPA/WPA2 traffic if passphrase is provided by the user.
Is there any method to save the decrypted WEP or WPA or WAP2 traffic of 802.11 protocol to an output pcap file?
My requirement is to
- decrypt a huge file containing WPA2 traffic and save the decrypted packets to the output pcap file.
- Split the output pcap file to smaller and manageable files, using the File Save As and Range feature. For example save packet number 1 to 1000,1001 to 2000, 2001 to 3000 etc in separate files
- Open any one smaller output file for analysis. Since the file size will be less, it can even be e-mailed across to someone else
The disadvantages with the bigger input file are
- although it can be opened and decrypted in Wireshark, it takes longer to load ( for example a 800KB file takes 3 minutes to load).
- even if the input file can be split into smaller files using the File Save As and Range feature,not all of the output files can be decrypted with the known passphrase as only one of
the split files will have the EAPOL 4-way key handshake captured and the rest will have only data traffic without EAPOL 4-way handshake captured in them.
Please suggest if there are any known solutions?
Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@...> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@...?subject=unsubscribe