Hi all: I am a software developer for Wi-Fi protocols. One of the features that I found very useful in Wireshark is that the encrypted 802.11 frames can be decrypted if user provides "wpa-pwd" or "wpa-psk", and if the 4-way handshakr frames are captured.
Currently it works like this: if user provides "wpa-pwd" (in other words, "passphrase"), Wireshark will calculate PSK using AP's SSID and BSSID; then calculate PTK and GTK using PSK and 4-Way handshake information. If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK (user-provided) and 4-Way handshake information. However, Wireshark does not allow user to provide PTK and GTK directly. This is the problem I am concerning. Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk", instead I can get PTK and GTK. So I am wondering can we add this feature to Wireashark? It should be easy to implement because when user provides PTK and GTK, Wireshark will not need 4-way hanshakr frames any more to decrypte data frames. It will be very helpful for users like me. Thank you very much. Regards, lihw
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
