tshark | Decrypting WPA-PSK

by pocc 5 years ago

macOS ◆ xterm-256color ◆ bash 5027 views

Info

Wireshark Equivalent: Decrypt WPA2-PSK using Wireshark

With help from ^ article and this Wireshark answer.

NOTE: WPA3 decryption in Wireshark is currently a work in progress.

Transcript

#   === Decrypting WPA-PSK ===
cd /tmp

# Get a sample.pcap from Rasika Nayanajith's website
pcap_url="https://mrncciew.files.wordpress.com/2014/08/wpa2-psk-final.zip"
curl $pcap_url | tar -xzv
ls *.cap

# Set the values of vars to whatever they are in your case.
infile="WPA2-PSK-Final.cap"
outfile="decrypted.pcap"
ssid='TEST1'
psk='Cisco123Cisco123'

# Base tshark snippet
tshark -r $infile -w $outfile \
       -o wlan.enable_decryption:TRUE \
       -o "uat:80211_keys:\"wpa-pwd\",\"${psk}:${ssid}\""

# We can then analyze the decrypted pcap for something we care about,
# like TCP resets (filter 'tcp.connection.rst')
tshark -r decrypted.pcap -Y "tcp.connection.rst
  487  38.407227 192.168.140.1 → 192.168.140.100 TCP 112 2000 → 1091 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
  626  41.687352 192.168.140.1 → 192.168.140.100 TCP 112 2000 → 1092 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 1226  52.758103 192.168.140.1 → 192.168.140.100 TCP 112 2000 → 1093 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

More by pocc

Falcon Heavy Rocket 00:14

by pocc 5 years ago

Editing hex in vim (xxd -p) 00:56

by pocc 5 years ago

randpkt usage 01:05

by pocc 5 years ago

tshark | Check traffic on default interface 00:09

by pocc 5 years ago

See all

You can download this recording in asciicast v2 format, as a .cast file.

Download

Replay in terminal

You can replay the downloaded recording in your terminal using the asciinema play command:

asciinema play 239577.cast

If you don't have asciinema CLI installed then see installation instructions.

Use with stand-alone player on your website

Download asciinema player from the releases page (you only need .js and .css file), then use it like this:

<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
  <div id="player"></div>
  <script src="asciinema-player.min.js"></script>
  <script>
    AsciinemaPlayer.create(
      '/assets/239577.cast',
      document.getElementById('player'),
      { cols: 80, rows: 25 }
    );
  </script>
</body>
</html>

See asciinema player quick-start guide for full usage instructions.

While this site doesn't provide GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.

Once you have it installed, generate a GIF with the following command:

agg https://asciinema.org/a/239577 demo.gif

Or, if you already downloaded the recording file:

agg demo.cast demo.gif

Check agg --help for all available options. You can change font family and size, select color theme, adjust speed and more.

See agg manual for full usage instructions.