On 2/7/07, Thomas Nyheim <[EMAIL PROTECTED]> wrote: > [...] > Firstly, how does the WPA decryption work? > [...]
If I am not mistaken, WPA decryption in Wireshark only works for WPA/WPA2-PSK (WPA/WPA2-Personal). Even then, the four-way pairwise handshake (EAPOL packets) must be captured to decrypt packets. But this does not work for broadcast packets (e.g., ARP packets). For that, the two-way groupwise handshake must also be captured. The pairwise handshake is usually done when a device associates with the AP. The groupwise handshake also takes place at the start (or as part of the pairwise handshake) and, depending on AP settings, may be periodically updated. To know more, you'll need to read up the IEEE 802.11i spec as well as the Wi-Fi Association's WPA/WPA2 specs (which differs in some ways from 802.11i). Regards, Kam Yung -- Soh Kam Yung my delicious links: (http://del.icio.us/SohKamYung) my simpy links: (http://www.simpy.com/user/kysoh/links) _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
