Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets

[Richard Sharpe <realrichardsharpe () gmail com>]

On Wed, May 13, 2020 at 9:01 PM Mohit Khattar via Wireshark-dev
<wireshark-dev () wireshark org> wrote:
> Hi,
>
> We (myself and Jeff Hansen, CC'd) have been having trouble decrypting data packets on a monitor-mode capture 
> involving packets between an ath9k client and a Fast BSS Transition-capable wireless network with WPA-EAP encryption. 
> We have tried using the PMK and the PTK from the AP, with no success.
> We also tried decrypting data packets on a WPA-PSK wireless network using the passphrase, and were unsuccessful if 
> Fast BSS Transition was enabled on the network.
>
> On wireless networks without fast-transition, we have been able to decrypt both WPA-EAP (using PMK) monitor mode 
> pcaps, as well as WPA-PSK pcaps (using passphrase).
>
> I am using Version 3.2.3 (v3.2.3-0-gf39b50865a13), which is the newest (stable) version currently available.
>
> Is decryption of fast BSS transition data packets supported by Wireshark? If so, could you please suggest what we can 
> do to investigate what is going on?

It is not currently supported. The WFA uses an external tool to
decrypt those packets.


-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe