I am using Wireshark Version 0.99.5 on Windows XP (SP2) to examine captured 802.11 packets on a network that is using either WPA or WPA-2 PSK security.
I entered my PSK in the "Decryption Keys Management" as a 'wpa-pmd' type. When I view the captured data, I can see that Wireshark is successfully extracting the pairwise keys from the WPA EAPOL packets and can decode data encrypted with the pairwise keys. However, Wireshark does not appear to be extracting the groupwise keys from the EAPOL packet successfully. It appears to believe the EAPOL packets that contain the groupwise keys to be malformed packets. As a result, broadcast data (like ARP and DHCP packets) do not get decoded. Has anybody else encountered this problem? Regards, Kam-Yung -- Soh Kam Yung my delicious links: (http://del.icio.us/SohKamYung) my simpy links: (http://www.simpy.com/user/kysoh/links) _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
