On Wed, Jun 8, 2016 at 2:58 AM, HONGWANG <[email protected]> wrote: > Hi all: > > I am a software developer for Wi-Fi protocols. One of the features that I > found very useful in Wireshark is that the encrypted 802.11 frames can be > decrypted if user provides "wpa-pwd" or "wpa-psk", and if the 4-way > handshakr frames are captured. > > Currently it works like this: > if user provides "wpa-pwd" (in other words, "passphrase"), Wireshark will > calculate PSK using AP's SSID and BSSID; then calculate PTK and GTK using > PSK and 4-Way handshake information. > > If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK > (user-provided) and 4-Way handshake information. > > However, Wireshark does not allow user to provide PTK and GTK directly. > This is the problem I am concerning. > > Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk", > instead I can get PTK and GTK. So I am wondering can we add this feature to > Wireashark? It should be easy to implement because when user provides PTK > and GTK, Wireshark will not need 4-way hanshakr frames any more to > decrypte data frames. > > It will be very helpful for users like me. > > Thank you very much. > > Regards, > lihw > Hi,
It is because "normal" user don't have access to PTK/GTK... The better is open a bug on bugtracker and attach a pcap with PTK and GTK Key and may be a guy add this feature on Wireshark... Cheers > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
