Wireshark-bugs: [Wireshark-bugs] [Bug 11158] acquire wifi passwords from the OS when possible

Date: Wed, 29 Apr 2015 03:57:38 +0000

Comment # 4 on bug 11158 from
(In reply to shawnlandden from comment #3)
> At the very least the IEEE 802.11 decrypt option should allow inserting the
> SSID and password, et cetera, instead of looking up the algorithm to derive
> the key:

What do you mean by "looking up the algorithm"?

As the "How to decrypt 802.11" page:

    https://wiki.wireshark.org/HowToDecrypt802.11

Wireshark (and TShark) currently allow you to specify:

    a WEP key, for WEP networks;

    a password and an SSID, from which is calculated a raw key, for WPA PSK
networks;

    a raw PSK, for WPA PSK networks.

So is the "algorithm" to which you're referring the algorithm used to choose
which of those keys to use?

> but yes, this is data it would be wise to get at the time the dump
> is taken, as then is the most likely point to have the password and SSID.

Unless a new pcap-ng record type is added, to store the SSID and (if available)
password, that would work only immediately after the capture.

(Note also that a monitor-mode capture can capture traffic from multiple
networks, so "the" password and SSID might not exist.  MAC addresses for the AP
for non-ad-hoc networks should perhaps also be sent, to identify the network on
which a packet was sent.)


You are receiving this mail because:
  • You are watching all bug changes.