Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Unable to decrypt wds (4-address atheros openwrt) bridge traff

Date Prev · Date Next · Thread Prev · Thread Next
From: Jacobo Pantoja <jacobopantoja@xxxxxxxxx>
Date: Fri, 4 Aug 2017 16:03:45 +0200
Hi,

I'm trying to capture network traffic between a wireless bridge made with two OpenWRT devices, which means they use 4 address atheros stuff for wireless bridge. For testing, beside the "client" AP, a non-wds client joined to the "master" AP.

The AP is using WPA2-PSK, and I can sucessfully see decrypted traffic for non-wds clients, i.e. frames with both wlan.fc.ds set to 01 and to 10. But traffic from the "client" AP to the "master" AP (i.e. frames with wlan.fc.ds == 11) are not decrypted.

I guess that the PSK should be the same for the non-wds clients than for the wds client, but perhaps I'm wrong. All the EAPOL messages are properly captured. Also, I don't know if the 4address Linux stuff is adding something non-standard that WireShark cannot deal with at this moment.

Any ideas?