Re: WEP and ethereal

From: Jouni Malinen (
Date: 2002-08-31 08:28:48 UTC

On Thu, Aug 29, 2002 at 11:28:14PM +0200, Peter Nobels wrote:

> However, when using ethereal to sniff on wlan0 i discovered every packet
> is non-encrypted (telnet logins and passwd go straight through)...
> Am i fooled because the driver (soft-or hardware) already decrypted the
> packages?

Assuming you are using the driver in normal AP/station mode (i.e., not monitoring all 802.11 frames), wlan0 will never see encrypted frames. If you would like to see the encrypted packets, you would need to use monitor mode with another wlan card to capture the raw frames.

In normal operation modes, driver gets outgoing plaintext packets with 802.3 headers, adds needed 802.11 headers and encrypts the packets (if host encryption is used; otherwise firmware takes care of encryption). Incoming packets are decrypted either by firmware or the driver (depending on host_decrypt option) and only after this will the packet be delivered to wlan0 as a plaintext packet (and with 802.11 headers stripped).

Jouni Malinen                                            PGP id EFC895FA

This archive was generated by hypermail 2.1.4.