Hi all:
I am a software developer for Wi-Fi protocols. One of the features that I found very useful in Wireshark is that the encrypted 802.11 frames can be decrypted if user provides "wpa-pwd" or "wpa-psk", and if the 4-way handshakr frames are captured.
Currently it works like this:
if user provides "wpa-pwd" (in other words, "passphrase"), Wireshark will calculate PSK using AP's SSID and BSSID; then calculate PTK and GTK using PSK and 4-Way handshake information.
If user provides "wpa-psk", Wireshark will calculate PTK and GTK using PSK (user-provided) and 4-Way handshake information.
However, Wireshark does not allow user to provide PTK and GTK directly. This is the problem I am concerning.
Actually in many cases in my work I cannot get "wpa-pwd" or "wpa-psk", instead I can get PTK and GTK. So I am wondering can we add this feature to Wireashark? It should be easy to implement because when user provides PTK and GTK, Wireshark will not need 4-way hanshakr frames any more to decrypte data frames.
It will be very helpful for users like me.
Thank you very much.
Regards,
lihw