Wireshark Now Supports WPA Decryption

Good to see that Wireshark, my favorite network analysis tool is now able to decrypt Wifi WPA protection. Starting with release 0.99.5, WPA information can be entered as shown here. It’s important that the trace also includes the authentication sequences for all mobiles in the network. This is necessary as each connection uses different session keys which are negotiated when a device enters the network.

Most of the time, it’s the beacon frames and other management information that is important when tracing Wifi. This is possible even without decrypting the conntent of the package. However, once packets are decrypted their content can be analyzed by Wireshark and frames are marked in different colors in the main window. This makes it very simple for example to detect Wifi retransmissions due to missing ACKnolwedgement frames for example. Without the different colors such retransmissions are much harder to spot.