CloudShark can be used to decrypt WPA/WPA2 wireless traffic in situations where the pass-phrase is known. The Wireless Keys analysis tool lets users configure an SSID along with the key.
The Wireless Keys dialog allows you to add decryption rules for different SSIDs that are found in the capture file. The list of available SSIDs are scanned from the captured beacons and shown in the SSID drop-down. If your SSID is hidden, or was not captured, you can specify a custom SSID.
There are two types of values for key information. The WPA password is a string of text commonly used to secure WiFi networks. This may be something as simple as the word “cloudshark”.
WPA key is a 64-character string of hexadecimal digits representing the derived Pre-Shared Key (PSK). There is an online PSK generator hosted by the Wireshark project.
The WPA pre-shared key must be 64 characters.
Depending on how your wireless card delivers captured frames, you may need to change the options to Assume packets have FCS and to Ignore the protection bit.
The capture file must contain the EAPOL packets transmitted to authenticate the client. If these packets are not in the capture file then 802.11 traffic from that client will not be able to be decrypted.
You can use the
eapol protocol filter expression to see if EAPOL packets are
present in your capture file.