Does Wireshark supports decryption of 802.11 packets with PTK as user's input (instead of PMK/password)?

asked 2020-01-01 09:42:26 +0000

Yedivach
3 ●1 ●4

updated 2020-01-01 18:42:59 +0000

When Wireshark decrypt 802.11 packets, it uses the password to generate the PMK. The next step is to take the 4-way handshake (EAPOLS) and create (using the PMK and the EAPOLS) the unicast keys - Pairwise transient key (PTK).

In case of not capturing the 4-way handshake the calculation of the PTK is impossible.

Does provide the PTK straight from the user is something possible on Wireshark (bypass the PTK calculation that exists today)?

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2020-01-02 13:06:11 +0000

Bob Jones
1481 ●2 ●171 ●22 Boston, MA

Not directly, no. The UI entry that is exposed is to enter in either the passphrase/SSID or the PMK directly, but at least part of the 4-way handshake is needed to derive the PTK and GTK (you didn't mention the group key, but it may be important to others).

You could enter an enhancement request over at https://bugs.wireshark.org/bugzilla/.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-01-01 09:42:26 +0000

Seen: 561 times

Last updated: Jan 02 '20

Does Wireshark supports decryption of 802.11 packets with PTK as user's input (instead of PMK/password)? edit

1 Answer