I have a 16 Meg capture file, and I can't for the life of me decrypt the WEP on it.
I started the capture, configured the WEP and everything worked fine (it is my LAN so I know I have the right key), and it decrypted the frames.
I know that the monitor mode worked, as I could see HTTP requests and whatnot, and it was the traffic from my machines.
Then I disabled Wifi on the router, enabled it again, and can no longer decrypt anything; the only protocol I see is IEEE 802.11.
The router administration page shows me the key is the same, and still in WEP, and all the machines on my LAN reconnected, so the key is definitely still valid.
I tried changing the FCS / IV parts as per the wiki (http://wiki.wireshark.org/HowToDecrypt802.11), yet nothing works.
Does anyone have a clue as to what the problem could be?
P.S.: I tried restarting Wireshark and even the machine, to no avail.
Edit: I am using 1.4.7-bt0 from BT5, so will try and update everything now.
Edit 2: Just ran airdecap-ng on the file:
Opening the -dec file works, but I wish I could just get it working in Wireshark.
Total number of packets read 90184
Total number of WEP data packets 39589
Total number of WPA data packets 20
Number of plaintext data packets 0
Number of decrypted WEP packets 38832
Number of corrupted WEP packets 0
Number of decrypted WPA packets 0
Edit 3: Updated to wireshark 1.6.1-bt4, problem still persists.
Edit 4: Same problem using Wireshark 1.2.7-1 in Ubuntu 10.04.3.