Wireshark mailing list archives
Re: Decrypte 802.11 frames with user-provided PTK and GTK
From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Wed, 8 Jun 2016 21:30:09 +0200
On Wed, Jun 8, 2016 at 2:58 AM, HONGWANG <hoakee () gmail com> wrote:
Hi all: I am a software developer for Wi-Fi protocols. One of the features that I found very useful in Wireshark is that the encrypted 802.11 frames can be decrypted if user provides "wpa-pwd" or "wpa-psk", and if the 4-way handshakr frames are captured. Currently it works like this: if user provides "wpa-pwd" (in other words, "passphrase"), Wireshark will calculate PSK using AP's SSID and BSSID; then calculate PTK and GTK using PSK and 4-Way handshake information. If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK (user-provided) and 4-Way handshake information. However, Wireshark does not allow user to provide PTK and GTK directly. This is the problem I am concerning. Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk", instead I can get PTK and GTK. So I am wondering can we add this feature to Wireashark? It should be easy to implement because when user provides PTK and GTK, Wireshark will not need 4-way hanshakr frames any more to decrypte data frames. It will be very helpful for users like me. Thank you very much. Regards, lihw
Hi, It is because "normal" user don't have access to PTK/GTK... The better is open a bug on bugtracker and attach a pcap with PTK and GTK Key and may be a guy add this feature on Wireshark... Cheers
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decrypte 802.11 frames with user-provided PTK and GTK HONGWANG (Jun 08)
- Re: Decrypte 802.11 frames with user-provided PTK and GTK Alexis La Goutte (Jun 08)
- Re: Decrypte 802.11 frames with user-provided PTK and GTK Joerg Mayer (Jun 22)