Wireless Decryption

CloudShark can be used to decrypt WPA/WPA2 wireless traffic in situations where the pass-phrase is known. The Wireless Keys profile setting lets users configure the keys that should be used for wireless decryption.

Specifying Wireless Keys

There are two types of values for key information:

  • WPA Password: A string of text commonly used to secure Wi-Fi networks. This may be something as simple as the word “cloudshark”.
  • WPA Key: A 64-character string of hexadecimal digits representing the derived Pre-Shared Key (PSK). There is an online PSK generator hosted by the Wireshark project. The WPA key must be 64 characters.

Options

Depending on how your wireless card delivers captured frames, you may need to change the options to Assume packets have FCS and to Ignore the protection bit.

Potential Problems

The capture file must contain the EAPOL packets transmitted to authenticate the client. If these packets are not in the capture file then 802.11 traffic from that client will not be able to be decrypted.

You can use the eapol protocol filter expression to see if EAPOL packets are present in your capture file.

View an example wireless capture that can be decrypted.