On Wed, May 13, 2020 at 9:01 PM Mohit Khattar via Wireshark-dev <wireshark-dev@wireshark.org> wrote: > > Hi, > > We (myself and Jeff Hansen, CC'd) have been having trouble decrypting data > packets on a monitor-mode capture involving packets between an ath9k client > and a Fast BSS Transition-capable wireless network with WPA-EAP encryption. > We have tried using the PMK and the PTK from the AP, with no success. > We also tried decrypting data packets on a WPA-PSK wireless network using the > passphrase, and were unsuccessful if Fast BSS Transition was enabled on the > network. > > On wireless networks without fast-transition, we have been able to decrypt > both WPA-EAP (using PMK) monitor mode pcaps, as well as WPA-PSK pcaps (using > passphrase). > > I am using Version 3.2.3 (v3.2.3-0-gf39b50865a13), which is the newest > (stable) version currently available. > > Is decryption of fast BSS transition data packets supported by Wireshark? If > so, could you please suggest what we can do to investigate what is going on?
It is not currently supported. The WFA uses an external tool to decrypt those packets. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
