Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
1) Set up the Odyssey client to log the EAP exchange that includes the PMK.
• Using Odyssey 4.72, the logging level can be changed directly in the logging settings. From the Tools tab, select Logs and click the Settings tab. Select debug option 4.
• If you are using an Odyssey version that does not have the capability to change the debug option, you can set registry settings to change it:
Do a “regedit” and go to the Funk/Odyssey client/configuration/console and add the following variables:
For the registry entries to take effect, exit the Odyssey client, go to Control Panel > Administration Tools/Services, and restart the Juniper OAC process.
Now that you are set up for logging, the next step is to capture the EAP exchange in the Odyssey logs and in OmniPeek.
2) Launch the Odyssey Access Client Manager, click the Tools tab and select Logs. If the settings are correct, the window will show the EAP exchange and other information.
3) Launch OmniPeek on another laptop or on another adapter for capturing the exchange in the air and start the capture.
4) Set up Odyssey to connect to your WPA-TKIP or WPA-PSK-TKIP SSID and connect to the SSID.
In the Odyssey logs, you should see something like this:
15:35:51.991 0 odClientService.exe OdysseySuppl
15:35:51.991 4 odClientService.exe <>:0 0000
15:35:51.991 4 odClientService.exe <>:0 0010
5) Use your favorite editor to remove the hex section, which is the PMK, and make it one long string. It should look like this:
6) In OmniPeek, click the Tools/Decrypt WLAN Packets tab, click the … tab to insert the key, and then select it for decoding your stream. You should now be able to decode your stream.