How to Decrypt WPA packet with Wireshark

When troubleshooting wireless issues, we often need to analyze OTA packets. The annoying thing is that most of these packets are encrypted, and we can’t see the contents inside. Fortunately, we can use Wireshark to decrypt these packets.

Go to Edit->Preferences->IEEE 802.11, select Enable decryption and edit Decryption keys.

The wpa-pwd format is MyPassword: MySSID.
The following is an example (ssid: haifeng-ssid, password: cisco123).

After that, you can open an OTA packet, which will display the decrypted data.

  • We can only decrypt PSK encryption (pre-shared key).
  • Decryption requires at least one full four-way handshake packet.

How to Decrypt 802.11

https://wiki.wireshark.org/HowToDecrypt802.11

Leave a Reply

Your email address will not be published.