Wireshark mailing list archives
Decrypt encrypted eapol key data (in 802.11 4-way handshake)
From: Mikael Kanstrup <mikael.kanstrup () gmail com>
Date: Fri, 26 Oct 2018 08:14:21 +0200
Hi, I'm analyzing a couple of wireless sniffer logs and trying to dig into the key exchange messages passed during the 4-way handshake process. Specifically I need to decrypt the encrypted key data field of message 3/4. Can this be done already with Wireshark? If not supported I'm thinking Wireshark might already internally decrypt this field to get the GTK and verify PTK. With slight modification I can perhaps get this printed to the console as first step. Any advice on how to proceed would be great. If I get this working I'll make an attempt on adding support for dissecting this properly. /Mikael
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decrypt encrypted eapol key data (in 802.11 4-way handshake) Mikael Kanstrup (Oct 25)