Controller Based WLANs

How do I use Odyssey to grab the PMK and input the key into OmniPeek for decoding WPA-TKIP or WPA-PSK-TKIP?

Product and Software: This article applies to all Aruba controllers and ArubaOS versions. 

1)  Set up the Odyssey client to log the EAP exchange that includes the PMK. 

•     Using Odyssey 4.72, the logging level can be changed directly in the logging settings. From the Tools tab, select Logs and click the Settings tab. Select debug option 4. 
•     If you are using an Odyssey version that does not have the capability to change the debug option, you can set registry settings to change it: 

      Do a “regedit” and go to the Funk/Odyssey client/configuration/console and add the following variables: 
      loglevel 4 
      logSetOID 1 
      maxlines 20 

      For the registry entries to take effect, exit the Odyssey client, go to Control Panel > Administration Tools/Services, and restart the Juniper OAC process. 

Now that you are set up for logging, the next step is to capture the EAP exchange in the Odyssey logs and in OmniPeek. 

2)  Launch the Odyssey Access Client Manager, click the Tools tab and select Logs.  If the settings are correct, the window will show the EAP exchange and other information. 

3)  Launch OmniPeek on another laptop or on another adapter for capturing the exchange in the air and start the capture. 

4)  Set up Odyssey to connect to your WPA-TKIP or WPA-PSK-TKIP SSID and connect to the SSID. 
In the Odyssey logs, you should see something like this: 

15:35:51.991  0  odClientService.exe  OdysseySupplicantMgr.cpp:258  [DTL] PMK: 
15:35:51.991  4  odClientService.exe  <>:0  0000  b9 ac 14 50 e5 44 71 73:b3 4b b6 20 ec 88 6e 09  ...P.Dqs.K. ..n. 
15:35:51.991  4  odClientService.exe  <>:0  0010  55 c4 fb 93 8d 9a ba 7b:b7 79 01 e9 3c 8c 94 fb  U......{.y..<... 

5)  Use your favorite editor to remove the hex section, which is the PMK, and make it one long string.  It should look like this: 

b9ac1450e544717:b34bb620ec886e0955c4fb938d9aba7bb77901e93c8c94fb 

6)  In OmniPeek, click the Tools/Decrypt WLAN Packets tab, click the … tab to insert the key, and then select it for decoding your stream. You should now be able to decode your stream.

Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 02:22 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.