Wireshark · Wireshark-dev: [Wireshark-dev] Decrypt encrypted eapol key data (in 802.11 4-way handshake)

Wireshark-dev: [Wireshark-dev] Decrypt encrypted eapol key data (in 802.11 4-way handshake)

From: Mikael Kanstrup <mikael.kanstrup@xxxxxxxxx>

Date: Fri, 26 Oct 2018 08:14:21 +0200

Hi,

I'm analyzing a couple of wireless sniffer logs and trying to dig into the key exchange messages passed during the 4-way handshake process. Specifically I need to decrypt the encrypted key data field of message 3/4.

Can this be done already with Wireshark? If not supported I'm thinking Wireshark might already internally decrypt this field to get the GTK and verify PTK. With slight modification I can perhaps get this printed to the console as first step.

Any advice on how to proceed would be great. If I get this working I'll make an attempt on adding support for dissecting this properly.

/Mikael

Prev by Date: Re: [Wireshark-dev] Lua dissector adds trees but they have (null) in front of the tree label
Next by Date: [Wireshark-dev] A Wireshark dissector generator for both C and Lua
Previous by thread: Re: [Wireshark-dev] Lua dissector adds trees but they have (null) in front of the tree label
Next by thread: [Wireshark-dev] A Wireshark dissector generator for both C and Lua
Index(es):
- Date
- Thread