Wireshark mailing list archives
Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets
From: Mikael Kanstrup <mikael.kanstrup () gmail com>
Date: Fri, 15 May 2020 19:26:57 +0200
Hi, Fast BSS Transitioning decryption is unfortunately not supported by Wireshark. Wireshark uses passphrase/PSK/PMK together with 4-way handshake to derive PTK and GTK. FT key hierarchy and key derivation is not handled by the decryption engine so PTK remains unknown which makes decryption fail. And unfortunately directly entering PTK for decryption is not supported either. /Mikael Den tors 14 maj 2020 06:01Mohit Khattar via Wireshark-dev < wireshark-dev () wireshark org> skrev:
Hi, We (myself and Jeff Hansen, CC'd) have been having trouble decrypting data packets on a monitor-mode capture involving packets between an ath9k client and a Fast BSS Transition-capable wireless network with WPA-EAP encryption. We have tried using the PMK and the PTK from the AP, with no success. We also tried decrypting data packets on a WPA-PSK wireless network using the passphrase, and were unsuccessful if Fast BSS Transition was enabled on the network. On wireless networks without fast-transition, we have been able to decrypt both WPA-EAP (using PMK) monitor mode pcaps, as well as WPA-PSK pcaps (using passphrase). I am using Version 3.2.3 (v3.2.3-0-gf39b50865a13), which is the newest (stable) version currently available. Is decryption of fast BSS transition data packets supported by Wireshark? If so, could you please suggest what we can do to investigate what is going on? Thanks, Mohit Khattar ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Cannot Decrypt Fast BSS Transition (802.11r) Packets Mohit Khattar via Wireshark-dev (May 13)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 16)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)