Similarly, the Wireshark Wiki explains how to do this in addition to providing pcap samples that also can be decrypted to yield TCP traffic. In particular, this guide shows how to do it and provides a pcap file on which you can easily decrypt the WPA2 packets and get a bunch of TCP packets in Wireshark. It seems that based on examples of packet data I've been able to play with in Wireshark that I should be able to get this traffic. I even tried to take the data and decrypt it with airdecap-ng but this did not work either.
I can tell that at least the broadcast data is correctly decrypted because I can look at the encrypted and decrypted hex codes for those packets (they happen to primarily be MDNS, ICMP, ARP, etc.). There is no TCP traffic from the computer whose handshake I captured even though I visited unencrypted HTTP sites on it and used netcat on it to communicate with another computer on the WLAN. However, I still seem to only be decrypting "broadcast" traffic.
To do this you can use a tool known as airodump-ng or wash (if the device uses WPS technology) to sniff and determine the encryption method, and other details of the device.This can also be done with wireshark but it is easier to obtain what you need from the sniffing tools mentioned. It is my understanding that with this handshake (and knowing the passphrase for my network), I should be able to decrypt not only broadcast traffic, but also internet traffic from that computer whose handshake I captured, since its communication with the access point is encrypted using data exchanged in the handshake and the PMK (computed from the SSID and passphrase data). First you need to know what type of encryption is used by the neighbours device. On my WPA2 network, I have been successfully able to get intercept a full four-message EAPOL handshake from a particular computer on my network.
0 kommentar(er)
