Wireshark-users: Re: [Wireshark-users] Viewing TKIP-encrypted data

From: "Soh Kam Yung" <sohkamyung@xxxxxxxxx>
Date: Fri, 13 Apr 2007 09:36:34 +0800

On 4/12/07, Frank Bulk <frnkblk@xxxxxxxxx> wrote:

David:

Did you get a chance to review this page?
http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28CategoryHowTo%29

Frank

Interesting.  I didn't know that page existed.

The sample capture provided on the page highlights that Wireshark does
not decrypt the WPA group keys properly, either for WPA or WPA2.  (The
method for delivering the WPA group keys differ between the two
specs.)

In that sample capture, Packet No. 92 is the packet delivering the
group key but is mis-interpreted by Wireshark as a malformed EAPOL
packet.  Packet No. 249 is an example of a broadcast packet that is
not decrypted by Wireshark.

I have filed a bug on this
(http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1420).  Hopefully,
this can be resolved in a future version of Wireshark.

Regards,
Kam-Yung
--
Soh Kam Yung
my delicious links: (http://del.icio.us/SohKamYung)
my simpy links: (http://www.simpy.com/user/kysoh/links)