Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
sthampi_FTNT
Staff
Staff

Created on ‎04-18-2016 02:42 AM

Article Id 197857

Technical Note: How to decrypt WPA/WPA2 Encrypted WLAN traffic

Description
Certain wireless devices support only WPA/WPA2 PSK Encrypted SSID and not Open Encryption SSID. Hence making it difficult to analyse the 802.11 data frames for troubleshooting purpose.

This article provides the steps to decrypt the WPA/WPA2 PSK Encrypted WLAN traffic using Wireshark.

sthampi_FD38595_tn_FD38595-1.jpg

Scope
FortiOS v4.x, v5.x, FortiAP OS v5.x

Solution
This article assumes that the following configuration is already in place:
  • Configure FortiAP to broadcast a WPA/WPA2 Preshared Key SSID.
  • Configure firewall policies allowing  traffic to flow from the Wireless User to the Internet.
  • A wireless sniffer capturing the 802.11 traffic over the air on the same channel as the wireless user.

1) Open Wireshark > Wireless > WLAN Traffic, check for the number of Data Frames.

sthampi_FD38595_tn_FD38595-2.jpg

2) Check for WPA Key exchange, make sure that WPA Key1-4 are captured.

sthampi_FD38595_tn_FD38595-3.jpg

3) Check for the encrypted data packets. No information is available apart from a few random characters.

sthampi_FD38595_tn_FD38595-4.jpg

4) In the Wireshark, go to Edit > Preferences > IEEE 802.11 > Decryption Keys > Edit

In this example, the name of the SSID: "preshared" , PSK Passphrase: fortinet123

sthampi_FD38595_tn_FD38595-5.jpg

5) Go back to the Packet capture and see the Data Frames. The data packets can now be seen (in this case ARP packets) inside the 802.11 Data Frame.

sthampi_FD38595_tn_FD38595-6.jpg

The related KB articles provide more information on how to capture wireless traffic using Linux and using the FortiAP.

Related Articles

Technical Note : Sniffing wireless between FortiAP and wireless Client before 5.0

Technical Note : FortiAP Wireless Sniffer

6156
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.