Wireshark mailing list archives

Re: Decrypte 802.11 frames with user-provided PTK and GTK

From: Joerg Mayer <jmayer () loplof de>
Date: Wed, 22 Jun 2016 12:17:44 +0200

On Tue, Jun 07, 2016 at 05:58:18PM -0700, HONGWANG wrote:

If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK
(user-provided) and 4-Way handshake information.

However, Wireshark does not allow user to provide PTK and GTK directly.
This is the problem I am concerning.

Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk",
instead I can get PTK and GTK. So I am wondering can we add this feature to
Wireashark? It should be easy to implement because when user provides PTK
and GTK, Wireshark will not need 4-way hanshakr frames  any more to
decrypte data frames.


Did you open a bug and attach a sample capture + key information yet?

thanks
   Jörg

-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Decrypte 802.11 frames with user-provided PTK and GTK HONGWANG (Jun 08)
- Re: Decrypte 802.11 frames with user-provided PTK and GTK Alexis La Goutte (Jun 08)
- Re: Decrypte 802.11 frames with user-provided PTK and GTK Joerg Mayer (Jun 22)