Hi, Does Wireshark supports decrypt (802.11) managment packets (as part of PMF connection)? If yes, there is a special way to do so? Because I have tried just to insert the keys and it doesnt work (unicast managment should use the same key as the data)
Thanks
Yes.
https://bugs.wireshark.org/bugzilla/s...
I was able to decode the test data using the keys provided:
https://code.wireshark.org/review/#/c...
Nice description of MFP: https://documentation.meraki.com/MR/W...
Need Association and EAPOL packets:
https://wiki.wireshark.org/HowToDecry...
Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic.
The wiki doesn't mention needing the Association Request but I find the decrypt does not work without it.
Asked: 2020-02-09 21:51:45 +0000
Seen: 1,513 times
Last updated: Feb 09 '20
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
