Sniffer® Portable Professional User's Guide - NetScout
Sniffer® Portable Professional User's Guide - NetScout Sniffer® Portable Professional User's Guide - NetScout
Chapter 8 Sniffer Portable Professional can decrypt both WPA/WPA2 and WEP encrypted packets simultaneously. Use these options to specify the keys to use for decryption of WEP-encrypted data. WEP is an early 802.11 encryption technology and is not as commonly seen as WPA-WPA2. Use these options to specify the passphrase used to decrypt data on different SSIDs (wireless networks). 200 Sniffer Portable Professional Figure 8-18. Select WEP - WPA Keys Dialog Box Use the Select WEP-WPA Keys dialog box (Figure 8-18) to specify the WEP and/or WPA keys to be used for decrypting the data in the selected buffer or trace file. 4 To specify new WEP keys for decryption, start by setting the WEP Key Entry Mode option to specify whether you want to enter the keys as either Hex or ASCII. Then, enter up to four separate encryption keys. For each key, do the following: a Specify the length of the key by selecting the appropriate option. Keys can be either None, 40-bit, or 128-bit. Use the None option if no encryption is used on the network. Depending on the length of the key specified, some or all of the adjacent fields become active, enabling you to specify the keys in use. b Specify the exact value for each key in the adjoining spaces provided. NOTE: The four encryption keys in use on a WEP-encrypted network are all typically the same length — either 40-bit or
128-bit. 5 To specify new WPA-WPA2 keys for decryption: Displaying Captured Data a Turn on the encryption key by checking its On radio button. b Specify the SSID for the WPA/WPA2-encrypted network. This is typically a short string used to identify a wireless network (for example, labnet). c WPA/WPA2 encryption relies on a pre-shared passphrase for encryption. Enter the passphrase associated with this SSID. d Repeat Step a though Step c for each SSID you expect Sniffer Portable Professional to monitor. 6 Click OK on the Select WEP-WPA Keys dialog box. Sniffer Portable Professional attempts to use the specified keys to decrypt the data in the selected buffer or trace file and opens a new window with the results. If you specified the correct keys, the new window displays the newly-decrypted data. You can save the decrypted data to a new trace file using the usual File > Save command. IMPORTANT: Make sure the data to decrypt includes four EAPOL Exchange packets for each SSID/passphrase combo you have entered. You can obtain these packets by capturing the Client to AP association packets. If these EAPOL Exchange Packets are not present, the corresponding WPA/WPA2-encrypted packets cannot be decrypted. NOTE: An easy way to determine whether you have entered the correct WEP keys is to check for the presence of a large number of WEP-ICV Error Expert alarms. If there are an abnormally large number of these alarms, you probably have not entered the correct WEP keys for the encrypted data in the selected buffer or trace file. User’s Guide 201
- Page 150 and 151: Chapter 7 Expert Oracle Options 150
- Page 152 and 153: Chapter 7 Limitations of the Expert
- Page 154 and 155: Chapter 7 Click to show the packet
- Page 156 and 157: Chapter 7 156 Sniffer Portable Prof
- Page 158 and 159: Chapter 8 Displaying Captured Packe
- Page 160 and 161: Chapter 8 Postcapture Views for Wir
- Page 162 and 163: Chapter 8 162 Sniffer Portable Prof
- Page 164 and 165: Chapter 8 164 Sniffer Portable Prof
- Page 166 and 167: Chapter 8 Table 8-3. Decode Tab Too
- Page 168 and 169: Chapter 8 168 Sniffer Portable Prof
- Page 170 and 171: Chapter 8 b 170 Sniffer Portable Pr
- Page 172 and 173: Chapter 8 a 172 Sniffer Portable Pr
- Page 174 and 175: Chapter 8 174 Sniffer Portable Prof
- Page 176 and 177: Chapter 8 176 Sniffer Portable Prof
- Page 178 and 179: Chapter 8 178 Sniffer Portable Prof
- Page 180 and 181: Chapter 8 Display Setup > Summary D
- Page 182 and 183: Chapter 8 182 Sniffer Portable Prof
- Page 184 and 185: Chapter 8 184 Sniffer Portable Prof
- Page 186 and 187: Chapter 8 Searching for Frames in t
- Page 188 and 189: Chapter 8 Searching for Frames Matc
- Page 190 and 191: Chapter 8 Searching for Frames Matc
- Page 192 and 193: Chapter 8 Searching for Data Patter
- Page 194 and 195: Chapter 8 194 Sniffer Portable Prof
- Page 196 and 197: Chapter 8 Printing Decoded Packets
- Page 198 and 199: Chapter 8 Using Protocol Forcing Yo
- Page 202 and 203: Chapter 8 Postcapture Matrix Tab 20
- Page 204 and 205: Chapter 8 More about the Matrix Tra
- Page 206 and 207: Chapter 8 Postcapture Host Table Ta
- Page 208 and 209: Chapter 8 Postcapture Protocol Dist
- Page 210 and 211: Chapter 8 Postcapture Statistics Ta
- Page 212 and 213: Chapter 8 212 Sniffer Portable Prof
- Page 214 and 215: Chapter 9 4 Click OK. 214 Sniffer P
- Page 216 and 217: Chapter 9 216 Sniffer Portable Prof
- Page 218 and 219: Chapter 9 218 Sniffer Portable Prof
- Page 220 and 221: Chapter 10 220 Sniffer Portable Pro
- Page 222 and 223: Chapter 10 Using a Defined Filter U
- Page 224 and 225: Chapter 10 224 Sniffer Portable Pro
- Page 226 and 227: Chapter 10 Drag and drop a symbolic
- Page 228 and 229: Chapter 10 Setting Filter Options i
- Page 230 and 231: Chapter 10 Setting Filter Options i
- Page 232 and 233: Chapter 10 Add or Edit Pattern Dial
- Page 234 and 235: Chapter 10 234 Sniffer Portable Pro
- Page 236 and 237: Chapter 10 Specify one or more netw
- Page 238 and 239: Chapter 10 Setting Filter Options i
- Page 240 and 241: Chapter 10 240 Sniffer Portable Pro
- Page 242 and 243: Chapter 10 242 Sniffer Portable Pro
- Page 244 and 245: Chapter 10 244 Sniffer Portable Pro
- Page 246 and 247: Chapter 10 5 Click OK. 246 Sniffer
- Page 248 and 249: Chapter 10 248 Sniffer Portable Pro
Chapter 8<br />
Sniffer <strong>Portable</strong> <strong>Professional</strong> can decrypt<br />
both WPA/WPA2 and WEP encrypted<br />
packets simultaneously.<br />
Use these options to specify the<br />
keys to use for decryption of<br />
WEP-encrypted data. WEP is an<br />
early 802.11 encryption<br />
technology and is not as<br />
commonly seen as WPA-WPA2.<br />
Use these options to specify<br />
the passphrase used to<br />
decrypt data on different SSIDs<br />
(wireless networks).<br />
200 Sniffer <strong>Portable</strong> <strong>Professional</strong><br />
Figure 8-18. Select WEP - WPA Keys Dialog Box<br />
Use the Select WEP-WPA Keys dialog box (Figure 8-18) to specify<br />
the WEP and/or WPA keys to be used for decrypting the data in the<br />
selected buffer or trace file.<br />
4 To specify new WEP keys for decryption, start by setting the WEP<br />
Key Entry Mode option to specify whether you want to enter the<br />
keys as either Hex or ASCII. Then, enter up to four separate<br />
encryption keys. For each key, do the following:<br />
a Specify the length of the key by selecting the appropriate<br />
option. Keys can be either None, 40-bit, or 128-bit. Use the<br />
None option if no encryption is used on the network.<br />
Depending on the length of the key specified, some or all of<br />
the adjacent fields become active, enabling you to specify the<br />
keys in use.<br />
b Specify the exact value for each key in the adjoining spaces<br />
provided.<br />
NOTE: The four encryption keys in use on a WEP-encrypted<br />
network are all typically the same length — either 40-bit or