Can two users on an 802.11n network with WPA/WPA2 intercept each other's traffic?
Solution 1:
The short answer is, no, with only the pre-shared key (PSK) you cannot decrypt other user's traffic, but, it is fairly simple to collect the additional information needed. Stations don't directly use the PSK to encrypt packets. Instead, they use the PSK to generate a Pairwise Master Key (PMK) which in turn generates the Pairwise Transient Key (PTK) used for encrypting packets. Both parties, the station and access point (AP), calculate the PTK using nonces (random numbers), the MAC addresses, and a couple other pieces of data combined with the PMK. All the data other than the PSK is in the 4-way handshake and is not encrypted.
So knowing the PSK and collecting the 4 frames of the RSN protocol (a.k.a the 4-way handshake) is enough information to feed into something like Wireshark and decrypt traffic between a station and AP. You can argue that collecting the data from the 4-way handshake is timing sensitive, but several (free) tools exist that allow a third party to forge de-authentication packets enabling an attacker to better predict when to capture this information.
Solution 2:
No they can't. WPA/WPA2 provides different per session key for data encryption. PSK start with the same passphrase, however each station is given different key for unicast traffic. The only traffic you will see(or decrypt) through sniffer is broadcast packet. So the situation is same as you sniffer traffic when you are connected to wire switch.
q2) No. alice is not able to intercept.
Solution 3:
Sadly, the answers to this question are out of date and therefore incorrect. Even user 'ctuffli' claims that the short answer is 'no' while providing a possible way afterwards. It is indeed possible and rather easy to eavesdrop if you are already authenticated inside a WPA/WPA2-PSK wireless network.
Although every wireless client uses individual session keys with the access point (AP), it is possible to perform a de-authentication attack against such a client, which leads to it repeating it's 4-way-handshake with the AP. If this handshake is successfully captured, the attacker can eavesdrop on the data transmitted between victim and AP.
Please note that such an attack is also depending on physical factors, such as the locations of AP, victim and attacker device and may become more difficult through beamforming. Moreover, you need a WIFI adapter that can be put into monitoring mode, which not every model provides.
This attack is inside the standard hacking repertoire and may easily be conducted with tools such as wireshark or aircrack-ng.
Similar questions were posted here and here, where the latter one luckily contains an answer with an update to these circumstances.