Sniffer® Portable Professional User's Guide - NetScout
Sniffer® Portable Professional User's Guide - NetScout
Sniffer® Portable Professional User's Guide - NetScout
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 4<br />
58 Sniffer <strong>Portable</strong> <strong>Professional</strong><br />
Notes on WPA/WPA2 Decryption<br />
Sniffer <strong>Portable</strong> <strong>Professional</strong> must observe the four EAPOL exchange<br />
packets for successful WPA decryption to take place. These packets<br />
must be seen for every independent Sniffer <strong>Portable</strong> <strong>Professional</strong> session<br />
and every independent Client > AP session. Each time you restart the<br />
application or use the File > Reset All command, Sniffer <strong>Portable</strong><br />
<strong>Professional</strong> will need to see new EAPOL exhange packets for successful<br />
decryption. Note the following:<br />
EAPOL exchange packets are seen when a client connects to the<br />
access point. After starting Sniffer <strong>Portable</strong> <strong>Professional</strong>, perform a<br />
manual connection to the access point to make sure the EAPOL<br />
packets are exchanged.<br />
Decrypted WPA/WPA2 packets will only appear in the Expert and<br />
Decode displays after the EAPOL exchange packets are seen.<br />
EAPOL packets are only valid for a single session of Client > AP<br />
communications. Sniffer <strong>Portable</strong> <strong>Professional</strong> needs new EAPOL<br />
exchange packets for each new session.<br />
The EAPOL exchange packets must not have CRC errors in order for<br />
decryption to work successfully.<br />
If you suspect that decryption is not working correctly, try<br />
reconnecting a client to the access point with the specified<br />
passphrase.<br />
Sniffer <strong>Portable</strong> <strong>Professional</strong> installations on Windows XP do not<br />
support WPA decryption of traffic seen on Private networks.<br />
You can temporarily disable a particular WPA/WPA2 key using the<br />
Off/On radio buttons.<br />
Specifying WEP Keys<br />
Use the WEP Keys options in the IEEE 802.11 Decryption Keys<br />
dialog box to specify the keys to be used for decryption of<br />
WEP-encrypted packets. You can enter either a Single Key Set for all<br />
wireless channels or specify separate keys for individual channels. Keys<br />
can be entered as either Hex or ASCII characters. If the correct keys<br />
are specified, Sniffer <strong>Portable</strong> <strong>Professional</strong> can decrypt and decode<br />
WEP-encrypted packets during capture.<br />
NOTE: Sniffer <strong>Portable</strong> <strong>Professional</strong> can decrypt both<br />
WPA/WPA2-encrypted and WEP-encrypted data at the same time,<br />
so long as you have enabled and configured both forms of<br />
decryption in the IEEE 802.11 Decryption Keys dialog box.