Dominic Gifford
changed
bug 8734
Comment # 3
on bug 8734
from Dominic Gifford
There is a problem with the 802.11 dissector so broadcast frames (i.e. frames
with the receiver address of FF:FF:FF:FF:FF:FF) don't get decrypted.
It is correct that these frames are encrypted using the group temporal key, but
from a user perspective they don't need to know this - the group key is derived
from the PMK and in WPA2 is sent during EAPOL 4-way handshake in the M3
message.
In WPA, the group key is not conveyed in M3, but in a separate group key
message just after the 4 way handshake. WPA2 also uses this group key message
for rekeying.
There are a couple of bugs to do with length checks in the 802.11 dissector
that stop the group key being extracted from the M3/group key messages
successfully. Also a TKIP group key with a CCMP pairwise key is unsupported
(mixed mode).
I have submitted a change to fix this, and when I test the trace attached to
this bug with my fixed build, I can correctly decrypt the DHCP offer messages
starting at frame 2821.
You are receiving this mail because:
- You are watching all bug changes.