Bug ID |
11973
|
Summary |
802.11 Enable to decrypt some broadcast messages
|
Product |
Wireshark
|
Version |
Git
|
Hardware |
x86
|
OS |
Ubuntu
|
Status |
CONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 14209 [details]
wlan capture (password for 802.11 key is 12345678)
Build Information:
Wireshark 2.1.0 (v2.1.0rc0-1339-gf052e02 from master)
--
Hi,
In some cases multicast wlan frames are not decrypted, whereas all information
to decrypt is available.
You can find attached several captures containing both unicast and multicast
frames (wpa password is 12345678).
- wpa_tkip.pcap:
when using WPA both unicast and multicast frames are correctly decrypted
- rsn_grp_ccmp.pcap:
when using RSN and CCMP for group cipher, both unicast and multicast frames are
correctly decrypted
- rsn_grp_tkip.pcap:
when using RSN and TKIP for group cipher, we can see that first multicast frame
is not decrypted.
multicast are correctly decrypted after group rekey
=> GTK is not correctly parsed in the 4-way handshake. (but correctly done in
group handshake)
- rsn_mfp_grp_ccmp.pcap:
when using RSN with CCMP for group cipher and management frame protection,
multicast frames are not decrypted
=> GTK is correctly parsed but seen as a TKIP key and not CCMP
- rsn_mfp_grp_tkip.pcap:
when using RSN with TKIP for group cipher and management frame protection,
multicast frames are not decrypted
=> GTK is not parsed because message size is greater than the arbitrary limit
set
cedric
You are receiving this mail because:
- You are watching all bug changes.