Wireshark-users: [Wireshark-users] WAPI decode and decryption
From: Sreenivasulu Yellamaraju <[email protected]>
Date: Tue, 30 Aug 2011 11:51:43 +0000

We are using Wireshark to decode WAPI ( Chinese WLAN security standard) frames. The following are my observations/queries.

I am using Wireshark Version 1.6.1 (SVN Rev 38096 from /trunk-1.6) which is a stable released version.
I am using this version only to do an offline analysis of .pcap files and did not capture any WAPI data traffic myself.

1) Wireshark is not decoding the WAPI Information Element(Tag number 68) in beacons,probe req/rsp,association req/rsp packets.
  Is this support not implemented?
2) Wireshark is decoding WAI protocol packets like 
      Unicast key negotiation request/response/confirm 
	Multicast key/STAKey announcement
	Multicast key/STAKey announcement response
3) Next, is there any provision to decode the WLAN data packets that are exchanged between a WAPI STA and WAPI AP both of which
    are using Preshared key method ?  The assumption is that I have captured association,WAI authentication and unicast/multicast
   key exchanges in the same .pcap file.
Basically, I am expecting a decryption similar to WPA(2)-PSK decryption that is supported by Wireshark.

Please share your comments.

Sreenivasulu Y
Senior Lead Engineer,
CSR India Pvt Ltd,
Direct Dial: +91 80 25183091

Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom
More information can be found at www.csr.com. Follow CSR on Twitter at http://twitter.com/CSR_PLC and read our blog at www.csr.com/blog