It took me a couple of hours of playing with settings to get the WPA2 decode feature of Wireshark to work. I had to do the following
- Navigate to Edit > Preferences > Protocols > IEEE 802.11
- Select Enable Decryption
- Select Assume Packets have FCS
- Select Yes – with IV
- Enter the appropriate keys. To get the keys you may have to do the following
- Capture data with the 802.11 header setting
- Filter on EAPOL packets
- View the key(s) listed in the EAPOL packets
- Enter those keys in the 802.11 preferences above (e.g. wpa-psk:0011223….)
- Click OK
- View captured data and look for TCP packets
- Click on the “Decrypted…” tab in the lower window