Wireshark · Wireshark-dev: Re: [Wireshark-dev] Decrypte 802.11 frames with user-provided PTK and GTK

Wireshark-dev: Re: [Wireshark-dev] Decrypte 802.11 frames with user-provided PTK and GTK

From: Joerg Mayer <jmayer@xxxxxxxxx>

Date: Wed, 22 Jun 2016 12:17:44 +0200

On Tue, Jun 07, 2016 at 05:58:18PM -0700, HONGWANG wrote:
> If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK
> (user-provided) and 4-Way handshake information.
> 
> However, Wireshark does not allow user to provide PTK and GTK directly.
> This is the problem I am concerning.
> 
> Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk",
> instead I can get PTK and GTK. So I am wondering can we add this feature to
> Wireashark? It should be easy to implement because when user provides PTK
> and GTK, Wireshark will not need 4-way hanshakr frames  any more to
> decrypte data frames.

Did you open a bug and attach a sample capture + key information yet?

thanks
   Jörg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

References:
- [Wireshark-dev] Decrypte 802.11 frames with user-provided PTK and GTK
  - From: HONGWANG

Prev by Date: Re: [Wireshark-dev] Determining how Wireshark detects T.38
Next by Date: [Wireshark-dev] Multiple UAC requests when starting/using Wireshark with Npcap's "Admin-only" mode ON
Previous by thread: Re: [Wireshark-dev] Decrypte 802.11 frames with user-provided PTK and GTK
Next by thread: [Wireshark-dev] Reminder - nmake deprecation
Index(es):
- Date
- Thread