Wireshark mailing list archives

Re: Decrypte 802.11 frames with user-provided PTK and GTK

From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Wed, 8 Jun 2016 21:30:09 +0200

On Wed, Jun 8, 2016 at 2:58 AM, HONGWANG <hoakee () gmail com> wrote:

Hi all:

I am a software developer for Wi-Fi protocols. One of the features that I
found very useful in Wireshark is that the encrypted 802.11 frames can be
decrypted if user provides "wpa-pwd" or "wpa-psk", and if the 4-way
handshakr frames are captured.

Currently it works like this:
if user provides "wpa-pwd" (in other words, "passphrase"), Wireshark will
calculate PSK using AP's SSID and BSSID; then calculate PTK and GTK using
PSK and 4-Way handshake information.

If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK
(user-provided) and 4-Way handshake information.

However, Wireshark does not allow user to provide PTK and GTK directly.
This is the problem I am concerning.

Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk",
instead I can get PTK and GTK. So I am wondering can we add this feature to
Wireashark? It should be easy to implement because when user provides PTK
and GTK, Wireshark will not need 4-way hanshakr frames  any more to
decrypte data frames.

It will be very helpful for users like me.

Thank you very much.

Regards,
lihw

Hi,

It is because "normal" user don't have access to PTK/GTK...

The better is open a bug on bugtracker and attach a pcap with PTK and GTK
Key and may be a guy add this feature on Wireshark...

Cheers


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Decrypte 802.11 frames with user-provided PTK and GTK HONGWANG (Jun 08)
- Re: Decrypte 802.11 frames with user-provided PTK and GTK Alexis La Goutte (Jun 08)
- Re: Decrypte 802.11 frames with user-provided PTK and GTK Joerg Mayer (Jun 22)