Sometimes, as a forensics investigator, you will receive PCAP files that contain WLAN packets, and to make sense out of them, you need the key. Obtaining the key should not be difficult in forensic scenarios where you have the authority, but as a forensic investigator, you must be prepared for all possible situations. In the next scenario, we have a PCAP file from https://github.com/ctfs/write-ups-2015/raw/master/codegate-ctf-2015/programming/good-crypto/file.xz, and as soon as we open it up in Wireshark, we have 802.11 packets right in front of us:
We cannot figure out what activities were performed in the network unless we remove the 802.11 encapsulation. However, let's see what sort of statistics are available in Wireshark by navigating to the Wireless tab and choosing WLAN traffic:
We can see that we have 100% packets in the Wireless segment...
