Installation guide
Wireless Guide 85
Configuring Wireless LANs to Capture
Setting Encryption Options
If the network to be monitored uses Wired Equivalent Policy (WEP) encryption,
you can use the Encryption options in the 802.11 tab to specify the keys in
use on the network to be monitored. If the correct keys are specified, the
Sniffer software can decrypt and decode WEP-encrypted packets during
capture.
An easy way to determine whether you have entered the correct WEP keys is
to check for the presence of a large number of WEP-ICV errors in the
Dashboard’s Detail tab. If the counter indicates an abnormally large number
of these errors, you probably have not entered the correct WEP keys for the
network being monitored.
NOTE: You can also perform postcapture WEP decryption on trace files
saved without the Encryption options specified correctly (if you know the
correct WEP keys). See Postcapture WEP Decryption on page 134 for
information on how to decrypt WEP-encrypted data in a buffer or saved trace
file.
In a WEP-encrypted network, four keys are programmed identically into each
station on the network. These keys can be either 40 bits or 104 bits in length.
Their use is described in the following sections.
IMPORTANT: WEP key entries are always case-sensitive!
40-Bit Encryption
In a network using 40-bit encryption, each station on the network is
programmed with the same four 40-bit shared keys. When a station has
encrypted data to send, it generates a random 24-bit Initialization Vector (IV)
and encrypts the data to be sent with the 24-bit IV and one of its four 40-bit
shared keys. Therefore, the entire key length is 64 bits (40-bit shared key plus
a 24-bit IV).
Stations send the 24-bit IV in the clear along with the encrypted data. A header
field tells the receiving station which of the four shared keys is in use for the
encrypted data. Receiving stations use the received 24-bit IV and their own
stored 40-bit keys to decrypt the received data.
IMPORTANT: 40-bit encryption is often referred to as 64-bit encryption. Both
terms refer to the same thing — a 40-bit stored key used in combination with
a randomly generated 24-bit initialization vector to form a 64-bit key. Since