Comment # 4
on bug 11158
from Guy Harris
(In reply to shawnlandden from comment #3)
> At the very least the IEEE 802.11 decrypt option should allow inserting the
> SSID and password, et cetera, instead of looking up the algorithm to derive
> the key:
What do you mean by "looking up the algorithm"?
As the "How to decrypt 802.11" page:
https://wiki.wireshark.org/HowToDecrypt802.11
Wireshark (and TShark) currently allow you to specify:
a WEP key, for WEP networks;
a password and an SSID, from which is calculated a raw key, for WPA PSK
networks;
a raw PSK, for WPA PSK networks.
So is the "algorithm" to which you're referring the algorithm used to choose
which of those keys to use?
> but yes, this is data it would be wise to get at the time the dump
> is taken, as then is the most likely point to have the password and SSID.
Unless a new pcap-ng record type is added, to store the SSID and (if available)
password, that would work only immediately after the capture.
(Note also that a monitor-mode capture can capture traffic from multiple
networks, so "the" password and SSID might not exist. MAC addresses for the AP
for non-ad-hoc networks should perhaps also be sent, to identify the network on
which a packet was sent.)
You are receiving this mail because:
- You are watching all bug changes.