Wireshark-bugs: [Wireshark-bugs] [Bug 11973] New: 802.11 Enable to decrypt some broadcast messag
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 07 Jan 2016 14:00:52 +0000
Bug ID 11973
Summary 802.11 Enable to decrypt some broadcast messages
Product Wireshark
Version Git
Hardware x86
OS Ubuntu
Status CONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter cedric.izoard@ceva-dsp.com 

Created attachment 14209 [details]
wlan capture (password for 802.11 key is 12345678)

Build Information:
Wireshark 2.1.0 (v2.1.0rc0-1339-gf052e02 from master)
--
Hi,

In some cases multicast wlan frames are not decrypted, whereas all information
to decrypt is available.

You can find attached several captures containing both unicast and multicast
frames (wpa password is 12345678).

- wpa_tkip.pcap:
when using WPA both unicast and multicast frames are correctly decrypted

- rsn_grp_ccmp.pcap:
when using RSN and CCMP for group cipher, both unicast and multicast frames are
correctly decrypted

- rsn_grp_tkip.pcap:
when using RSN and TKIP for group cipher, we can see that first multicast frame
is not decrypted. 
multicast are correctly decrypted after group rekey

=> GTK is not correctly parsed in the 4-way handshake. (but correctly done in
group handshake)

- rsn_mfp_grp_ccmp.pcap:
when using RSN with CCMP for group cipher and management frame protection,
multicast frames are not decrypted

=> GTK is correctly parsed but seen as a TKIP key and not CCMP

- rsn_mfp_grp_tkip.pcap:
when using RSN with TKIP for group cipher and management frame protection,
multicast frames are not decrypted

=> GTK is not parsed because message size is greater than the arbitrary limit
set


cedric

You are receiving this mail because:
  • You are watching all bug changes.