Page 1 of 1

Problem Decrypting Packets on WPA2-PSK AES + TKIP WLAN

Posted: Sun Sep 18, 2011 11:44 pm
by jeff0000
I'm having issues decrypting packets on my WPA2-PSK WLAN that uses AES and TKIP concurrently to support our older clients. I'm currently using the OmniPeek Evaluation edition version 6.6I looked on the forums for any other people who might have had the same issue, and one thread had a suggestion to capture the EAPOL handshake when the station associates with the access point. I tried this, and OmniPeek is still saying that it is having trouble decrypting the encrypted packets.

When I go up to the "Tools" menu and select "Decrypt WLAN Packets..." I get the following message:

"checksum errors (packet error or bad key) and 510 decryption errors were encountered while decrypting."

If I go into packet decode mode on a packet that has "802.11 Encrypted Data" as the protocol, this dialog pops up:

"An error occurred while decrypting this packet. This is usually occurs when the packet requires a key that has not been entered in the key set or the packet was corrupt."

I have already entered the correct key in the key sets and don't know what to do. I also tried switching my network encryption mode to WEP 64 bits, and I have no problem decrypting packets. I then changed the encryption mode to WPA-PSK with TKIP ONLY and no dice.

From what I've been told, I am supposed to be able to decrypt WPA and WPA2 packet data given that I've provided the correct key. Does anyone have any ideas? I'm using a Linksys AE1000 adapter with the WildPackets driver. The router is using DD-WRT if that makes a difference. Thanks in advance.

RE: Problem Decrypting Packets on WPA2-PSK AES + TKIP WLAN

Posted: Tue Sep 20, 2011 8:19 am

In order to decrypt 802.11 WPA2-PSK you must capture all of the necessary EAPOL packets which contain the handshake between the client and the AP. You will need to start the capture before the handshake takes place in order to do this.

RE: RE: Problem Decrypting Packets on WPA2-PSK AES + TKIP WL

Posted: Thu Sep 22, 2011 8:30 am
by jeff0000
Thanks for the suggestion. When I tried decrypting the encrypted packets, I did make sure to start the capture before having the client connect (handshake) to the access point.

How do I create a filter so that it will only capture EAPOL packets?

RE: RE: RE: Problem Decrypting Packets on WPA2-PSK AES + TKI

Posted: Thu Sep 22, 2011 12:39 pm
It is easier to just go to the Protocols view and look for the EAPOL packets. If they are not there, the traffic will not be decrypted.

RE: RE: RE: RE: Problem Decrypting Packets on WPA2-PSK AES +

Posted: Wed Feb 08, 2012 7:44 pm
by jeff0000
Ok. Looks like that works for most of the machines, but there is only traffic from one station that I cannot decrypt. I captured the EAPOL key between the system and the access point, but Omnipeek still cannot decrypt packets for that one system. I am running an 802.11n network. Is there anything else that it needs for decryption to occur?

RE: Problem Decrypting Packets on WPA2-PSK AES +

Posted: Thu Feb 09, 2012 9:38 am
Filter on those two nodes and make sure you capture all four of the necessary EAPOL packets. Filtering out other traffic will help to find the cause of the problem and ensure you are getting the necessary data. If you still have issues, contact support here: