Timeline for Wireshark WPA 4-way handshake
Current License: CC BY-SA 3.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 29, 2012 at 23:23 | comment | added | Paul | I don't see how the fourth packet would eliminate or require additional "what key checks"? | |
| Apr 29, 2012 at 19:40 | comment | added | cYrus | @OldPro: I don't think that Wireshark implemented that to discourage such attacks. Anyway, packets arrive already decrypted to Wireshark when capturing your own traffic. Yep, maybe it's just a matter of performances. | |
| Apr 29, 2012 at 18:52 | comment | added | Old Pro | @cYrus, if you are a 3rd party intercepting the traffic, then you are mounting a network attack (even if it's your network with your permission) and WireShark is quite reasonable in limiting the functionality of their tool to make it less helpful in mounting that sort of attack. The legitimate use case is where you have WireShark on the computer running one half of the session and are only listening into your own conversation. To make it work when 3 and 4 are missing you have to implement a lot of testing of "which key are we using now?" which is work I wouldn't expect WireShark to do. | |
| Apr 29, 2012 at 18:27 | comment | added | cYrus | @OldPro: I'm not talking about the protocol. Both sides can receive all the packets, but they might be dropped or not captured by the entity that passively captures the traffic. | |
| Apr 29, 2012 at 18:20 | comment | added | Old Pro | @cYrus, waiting for 4 is essential, as encryption keys have to be changed simultaneously on both sides. If the client doesn't receive 4, it doesn't know that the base received 3. If the client doesn't receive 4, it sends 3 again (which triggers a resend of 4) until it either receives 4 or gives up trying to create the connection. | |
| Apr 29, 2012 at 18:14 | comment | added | cYrus | @OldPro, I'm not sure that waiting for 4° is a good idea, packets captured tend to get lost especially when they travel through the air. | |
| Apr 29, 2012 at 16:02 | comment | added | Old Pro | @Paul, that's sort of like saying "resume" isn't necessary after a "pause". | |
| Apr 29, 2012 at 12:02 | comment | added | Paul | Seems to me that packet 4 isn't necessary either right - it is just designed to wait for it. | |
| Apr 29, 2012 at 0:13 | history | answered | Old Pro | CC BY-SA 3.0 |