Wireshark-users: [Wireshark-users] Wireshark 802.11 WPA Decryption unable to get Group Keys
From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx>
Date: Wed, 28 Feb 2007 17:16:49 +0800
I am using Wireshark Version 0.99.5 on Windows XP (SP2) to examine
captured 802.11 packets on a network that is using either WPA or WPA-2
PSK security.

I entered my PSK in the "Decryption Keys Management" as a 'wpa-pmd' type.

When I view the captured data, I can see that Wireshark is
successfully extracting the pairwise keys from the WPA EAPOL packets
and can decode data encrypted with the pairwise keys.

However, Wireshark does not appear to be extracting the groupwise keys
from the EAPOL packet successfully.  It appears to believe the EAPOL
packets that contain the groupwise keys to be malformed packets.

As a result, broadcast data (like ARP and DHCP packets) do not get decoded.

Has anybody else encountered this problem?

Regards,
Kam-Yung
--
Soh Kam Yung
my delicious links: (http://del.icio.us/SohKamYung)
my simpy links: (http://www.simpy.com/user/kysoh/links)