Hi, On a station or AP device, I'd like to capture packets in monitor mode (ie. with radiotap headers). Normally this captures the encrypted packets as they appear on the air. In my case, I'd like to capture the *decrypted* packets where possible (ie. packets communicating with this node, where the local machine already knows the session key and is presumably decrypting the packets anyway so that it can carry on the session). I know wireshark (etc) can decrypt packets for a given session if you capture the EAPOL frames. The advantages of having the driver do it in hardware are a) hopefully less performance impact, and b) you can easily start capturing at any time, even post EAPOL, because the driver already has a cached copy of the keys. Is there a flag somewhere I can set to make this happen? Is this even a feature supported by most hardware? Thanks, Avery -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html