0

Decrypting SAE packets in Wireshark

asked 2019-10-23 15:50:20 +0000

Amato_C
1158 ●15 ●28 ●35

updated 2019-10-24 10:13:31 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

Is it possible to decrypt Simultaneous Authentication of Equals (SAE) using Wireshark? SAE is part of WPA-3 personal authentication.

I have a capture that I can share, but I wanted to know if it is technically possible.

edit retag flag offensive close merge delete

Comments

Wildshark? Presumably a typo.

grahamb ( 2019-10-23 16:48:14 +0000 )edit

Yes, it was a typo. I corrected it. Sorry for the confusion

Amato_C ( 2019-10-23 17:42:30 +0000 )edit

1

https://www.wireshark.org/lists/wireshark-dev/201903/msg00067.html

At least some work in the area from the great people working on Wireshark.

Bob Jones ( 2019-10-24 13:28:52 +0000 )edit

Thank you Mr. Bob Jones!

Amato_C ( 2019-10-24 17:11:46 +0000 )edit

1 Answer

Sort by » oldest newest most voted

0

answered 2023-05-03 13:47:39 +0000

Sascha
1

Hi Amato,

funny to see you again in a Wireshark forum after all those years. We used to work together, remember? I am one of the Bochum guys...

To answer your question: You need to retrieve not only the air traffic, but also the key from either hostapd or wpa_supplicant by using the -d -K flags. You'll find it explained in more detail here: https://wiki.wireshark.org/HowToDecry...

Hope this helps (although it may be way too late),

Sascha

edit flag offensive delete link

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2019-10-23 15:50:20 +0000

Seen: 931 times

Last updated: May 03 '23

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Powered by Askbot version 0.10.2