Decrypt 802.11 packets

Hi,
I am using tp link archer t9 uh v2 adapter and capturing wireless packets between my mobile phone and home AP on WPA2-Personal.

I have disabled ‘trim data payload’ and captured the 4-way handshake between my mobile phone and the AP. I have exported the packet captures to wireshark. I would like to seek advice on how can I decrypt the upper layer protocols. I went to Preference > IEEE 802.11 and selected the Enable Decryption and using WPA-PWD, I entered the key in the format passphrase:SSID (e.g. Mypassword:MySSID). However, it did not manage to decrypt the captures.

I understand it may be a wireshark selection/settings but I would be most grateful if you can point me in the correct direction.

Thanks and appreciate it.

Regards,
Simon

1 Like

Hi Simon,

As you know for decrypt packets wireshark need to have the payload, it’s why you have uncheck 'trim data payload".
I’ve experince the behavior with 2.3.0.22 and older versions, unfortunately EyePA doesn’t do what is suppose to do. Whatever you disable or not “trim data payload”, EyePA always remove the payload.

If we look at the frame info in wireshark, we can see the “bytes captured” value is lower

I hope the developer could fix that.

Regards,

EyePA-Payload-Issue

1 Like

Hi simon.limkm,

This issue will be correct in a future release, (see this post: Wireshark captures)

Regards

1 Like

Hi Simon.limkm,

For information this issue is not solved in the new release 2.3.1.8 of EyePA, maybe in an another version.

Regards

Hi simon.limkm,

This issue is solved with the 2.3.1.11 version. See this post https://community.metageek.com/t/wireshark-captures/420/15

Regards

Hey digtheweb

Thanks for the information. Yes, I have tried that out. It worked.