As it has been mentioned throughout this product's documentation,
CommView for WiFi is capable of decrypting WEP- and
WPA/WPA2-encrypted network traffic on the fly. To take full
advantage of this functionality, you should have a good
understanding of the underlying cryptographic principles.
WEP
(Wired
Equivalent Privacy)
is a mechanism used to provide data security in wireless networks.
WEP allows the administrator to define a set of keys (or just one
key) for the WLAN. These keys are shared among the clients and
access points and are used for encrypting data before it is
transmitted. If a client does not have the correct WEP key, it
cannot decrypt the received packets or send data to other clients,
which prevents unauthorized network access and eavesdropping. WEP
decryption is rather straightforward as long as you have the
correct key. WEP is a static and stateless encryption system, which
means that once you have entered the correct key in the
WEP/WPA Keys
dialog, CommView for WiFi will be immediately able to decrypt
packets.
WPA (Wi-Fi Protected Access)
came as a replacement for the less secure WEP standard.
WPA addresses many of WEP's security and privacy concerns,
significantly increasing the level of data protection and access
control for WLANs. Unlike WEP, WPA is a dynamic encryption system
that uses rekeying, unique per-station keys, and a number of other
measures to improve security.
WPA features two modes, PSK (Pre-Shared Key) and Enterprise, which
differ in a number of ways. CommView for WiFi supports decryption
of WPA in PSK mode.
Given the dynamic nature of WPA encryption, knowing the WPA
passphrase alone does not allow you to decrypt traffic immediately
after entering the correct passphrase. To be able to decrypt
WPA-encrypted traffic, CommView for WiFi must be running and
capturing packets during the key exchange phase (key exchange is
carried out using the EAPOL protocol). It is important that all of
the EAPOL key exchange packets be successfully captured. A damaged
or missing EAPOL packet will make it impossible for CommView for
WiFi to decrypt packets that will be sent to/from the given
station, and capturing the next EAPOL conversation between the AP
and station may be required. This is an important distinction in
the way WEP and WPA traffic is decrypted.
The principles explained above mean that once you have entered the
WPA passphrase, closed the
WEP/WPA Keys
dialog, and started capturing packets, you will need to wait for
the next authentication and key exchange event before the packets
can be decrypted for the station that has been authenticated.
Naturally, it is not uncommon that the program can decrypt packets
to/from one client, but not to/from another, as it may have not yet
captured EAPOL packets for all of the clients.
Re-authentication can be triggered by using the
Node
Reassociation
tool, by restarting the AP (for all authenticated stations), or by
reconnecting to the network (for the given client).
|
|
|
|
IMPORTANT:
Please note that packet traffic encrypted with WPA3 cannot be
decrypted. WPA3 uses the passphrase only for authentication;
decryption is impossible.
|
|
|
|
|
|
|
|
|
|
|