Wireshark · Wireshark-dev: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets

Wireshark-dev: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>

Date: Fri, 15 May 2020 10:39:14 -0700

On Fri, May 15, 2020 at 10:27 AM Mikael Kanstrup
<mikael.kanstrup@xxxxxxxxx> wrote:
>
> Hi,
>
> Fast BSS Transitioning decryption is unfortunately not supported by Wireshark.
>
> Wireshark uses passphrase/PSK/PMK together with 4-way handshake to derive PTK and GTK. FT key hierarchy and key derivation is not handled by the decryption engine so PTK remains unknown which makes decryption fail. And unfortunately directly entering PTK for decryption is not supported either.

It could be but it would take some work :-)

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)

Follow-Ups:
- Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Mikael Kanstrup

References:
- [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Mohit Khattar
- Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Mikael Kanstrup

Prev by Date: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
Next by Date: Re: [Wireshark-dev] Dissecting http2 traffic
Previous by thread: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
Next by thread: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
Index(es):
- Date
- Thread