Hi Devs,
I was advised via the wiki to send my request here.
Anyhow, here goes:
Wireshark's current stable release (1.4.1 at this time) does not
have the ability to decrypt broadcast/multicast 802.11 frames
encrypted with the Group Transient Key (GTK). I'd love to see
this feature added. The GTK is distributed in Message 3 of the
EAPoL 4-Way Handshake for WPAv2 style authentication, and is a
separate 2-Way Handshake in WPAv1 style authentication. For the
record, PTK
(unicast) decryption works great.
If this feature is currently available in a development branch
feel free to tell me I am silly, and please point me in the
right direction.
Best Regards,
Anthony
|