[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    [Wireshark-users] Unable to decrypt wds (4-address atheros openwrt) bridge traffic
From:       Jacobo Pantoja <jacobopantoja () gmail ! com>
Date:       2017-08-04 14:03:45
Message-ID: B2822B06-AEAF-41E1-ADB6-858A2AD5B678 () gmail ! com
[Download RAW message or body]

Hi,

I'm trying to capture network traffic between a wireless bridge made with two OpenWRT \
devices, which means they use 4 address atheros stuff for wireless bridge. For \
testing, beside the "client" AP, a non-wds client joined to the "master" AP.

The AP is using WPA2-PSK, and I can sucessfully see decrypted traffic for non-wds \
clients, i.e. frames with both wlan.fc.ds set to 01 and to 10. But traffic from the \
"client" AP to the "master" AP (i.e. frames with wlan.fc.ds == 11) are not decrypted.

I guess that the PSK should be the same for the non-wds clients than for the wds \
client, but perhaps I'm wrong. All the EAPOL messages are properly captured. Also, I \
don't know if the 4address Linux stuff is adding something non-standard that \
WireShark cannot deal with at this moment.

Any ideas?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe


[prev in list] [next in list] [prev in thread] [next in thread]