Wireshark mailing list archives

Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Fri, 15 May 2020 10:39:14 -0700

On Fri, May 15, 2020 at 10:27 AM Mikael Kanstrup
<mikael.kanstrup () gmail com> wrote:


Hi,

Fast BSS Transitioning decryption is unfortunately not supported by Wireshark.

Wireshark uses passphrase/PSK/PMK together with 4-way handshake to derive PTK and GTK. FT key hierarchy and key 
derivation is not handled by the decryption engine so PTK remains unknown which makes decryption fail. And 
unfortunately directly entering PTK for decryption is not supported either.


It could be but it would take some work :-)

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Cannot Decrypt Fast BSS Transition (802.11r) Packets Mohit Khattar via Wireshark-dev (May 13)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
  - Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)
    - Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
    - Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 16)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)