We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Viewing TKIP-encrypted data

From: "Frank Bulk" <frnkblk@xxxxxxxxx>
Date: Thu, 12 Apr 2007 21:41:52 -0500
Thanks.  I thought that bug had already been filed, but perhaps this had
only been mentioned on this listserv before.


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Soh Kam Yung
Sent: Thursday, April 12, 2007 8:37 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Viewing TKIP-encrypted data

On 4/12/07, Frank Bulk <frnkblk@xxxxxxxxx> wrote:
> David:
> Did you get a chance to review this page?
> http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28CategoryHowTo%29
> Frank

Interesting.  I didn't know that page existed.

The sample capture provided on the page highlights that Wireshark does
not decrypt the WPA group keys properly, either for WPA or WPA2.  (The
method for delivering the WPA group keys differ between the two

In that sample capture, Packet No. 92 is the packet delivering the
group key but is mis-interpreted by Wireshark as a malformed EAPOL
packet.  Packet No. 249 is an example of a broadcast packet that is
not decrypted by Wireshark.

I have filed a bug on this
(http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1420).  Hopefully,
this can be resolved in a future version of Wireshark.

Soh Kam Yung
my delicious links: (http://del.icio.us/SohKamYung)
my simpy links: (http://www.simpy.com/user/kysoh/links)
Wireshark-users mailing list