The technique to decrypt WEP and WPA traffic is available with the use of Wireshark. As we know, WEP is the weakest security encryption protocol and it has been exploited for a long time. Once you have the key for the wireless network, it becomes a matter of a few clicks to decrypt the traffic.
To demonstrate the same, I have sanitized the wireless traffic between my access point and a client that is connected to it. Refer to the following screenshot where the normal IEEE802.11 traffic is captured using Wireshark:
Figure 5: WLAN traffic before decryption
I hope that by now you must be aware of the kind of packets that we see in the list pane, but still, it does not make much sense in terms of network-activity-related traffic. This is why you need to learn the technique to make the entire traffic more readable. Before you proceed, you need to make some changes in the preferences section of the IEEE 802.11 protocol.
Go to Edit | Preferences, expand protocol section and select IEEE 802.11 and make the changes. Refer to the following screenshot and make the changes that are highlighted:
Once you have set the configuration as shown in the preceding screenshot, click on the Edit button next to Decryption Keys (to add the WEP/WPA key). Refer to the following screenshot:
Click on New and you will be presented with the same dialog where you can add the WEP/WPA key in order to decrypt the preceding communication that we saw. After all the changes have been made, click on OK under Apply. Now, you will be shown the decrypted traffic similar to the one shown here:
Figure 6: WLAN traffic after decryption
The same list pane that we saw in the beginning of this section for this capture file is shown in a decrypted format now. Here, we are able to see the ICMP and DNS packets (normal network traffic); this is the normal traffic I was talking about. To manage the keys, there is a more effective way where you are not required to open the Decryption keys dialog from the Preferences section under IEEE 802.11. Just navigate to View | Wireless toolbar; this will add a new toolbar just below the display filter area.
Once added, you can easily mage the WEP/WPA keys. The dropdown showing Wireshark is really helpful and will enable you to toggle encryption on/off. If you choose None from the list, the decryption will be disabled and your traffic will be back to normal from just 802.11 wireless traffic. If you choose Wireshark, as in the preceding screenshot, then the decryption will be applied.