Decrypt encrypted eapol key data (in 802.11 4-way handshake)

[Mikael Kanstrup <mikael.kanstrup () gmail com>]

Hi,

I'm analyzing a couple of wireless sniffer logs and trying to dig into the
key exchange messages passed during the 4-way handshake process.
Specifically I need to decrypt the encrypted key data field of message 3/4.

Can this be done already with Wireshark? If not supported I'm thinking
Wireshark might already internally decrypt this field to get the GTK and
verify PTK. With slight modification I can perhaps get this printed to the
console as first step.

Any advice on how to proceed would be great. If I get this working I'll
make an attempt on adding support for dissecting this properly.

/Mikael

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe