CloudShark Support

Wireless Decryption

Wireless Decryption

CloudShark can be used to decrypt WPA/WPA2 wireless traffic in situations where the pass-phrase is known. The Wireless Keys analysis tool lets users configure an SSID along with the key.

Specifying Wireless Keys

SSID

The Wireless Keys dialog allows you to add decryption rules for different SSIDs that are found in the capture file. The list of available SSIDs are scanned from the captured beacons and shown in the SSID drop-down. If your SSID is hidden, or was not captured, you can specify a custom SSID.

Type

There are two types of values for key information. The WPA password is a string of text commonly used to secure WiFi networks. This may be something as simple as the word “cloudshark”.

Key value

WPA key is a 64-character string of hexadecimal digits representing the derived Pre-Shared Key (PSK). There is an online PSK generator hosted by the Wireshark project.

The WPA pre-shared key must be 64 characters.

Options

Depending on how your wireless card delivers captured frames, you may need to change the options to Assume packets have FCS and to Ignore the protection bit.

Potential Problems

The capture file must contain the EAPOL packets transmitted to authenticate the client. If these packets are not in the capture file then 802.11 traffic from that client will not be able to be decrypted.

You can use the eapol protocol filter expression to see if EAPOL packets are present in your capture file.

View an example wireless capture that can be decrypted.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: