Thanks. I thought that bug had already been filed, but perhaps this had
only been mentioned on this listserv before.
Frank
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Soh Kam Yung
Sent: Thursday, April 12, 2007 8:37 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Viewing TKIP-encrypted data
On 4/12/07, Frank Bulk <frnkblk@xxxxxxxxx> wrote:
> David:
>
> Did you get a chance to review this page?
> http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28CategoryHowTo%29
>
> Frank
Interesting. I didn't know that page existed.
The sample capture provided on the page highlights that Wireshark does
not decrypt the WPA group keys properly, either for WPA or WPA2. (The
method for delivering the WPA group keys differ between the two
specs.)
In that sample capture, Packet No. 92 is the packet delivering the
group key but is mis-interpreted by Wireshark as a malformed EAPOL
packet. Packet No. 249 is an example of a broadcast packet that is
not decrypted by Wireshark.
I have filed a bug on this
(http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1420). Hopefully,
this can be resolved in a future version of Wireshark.
Regards,
Kam-Yung
--
Soh Kam Yung
my delicious links: (http://del.icio.us/SohKamYung)
my simpy links: (http://www.simpy.com/user/kysoh/links)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users