Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Wishlist Request: 802.11 GTK Decryption

From: Anthony Murabito <anthony.murabito@xxxxxxxxx>
Date: Tue, 02 Nov 2010 11:09:00 -0700
Hi Devs,

I was advised via the wiki to send my request here.

Anyhow, here goes:

Wireshark's current stable release (1.4.1 at this time) does not have the ability to decrypt broadcast/multicast 802.11 frames encrypted with the Group Transient Key (GTK). I'd love to see this feature added. The GTK is distributed in Message 3 of the EAPoL 4-Way Handshake for WPAv2 style authentication, and is a separate 2-Way Handshake in WPAv1 style authentication. For the record,
PTK (unicast) decryption works great.

If this feature is currently available in a development branch feel free to tell me I am silly, and please point me in the right direction.

Best Regards,

Anthony