This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Thank you for your time.

When decrypting 802.11 traffic I understand that we need all 4 portions of the handshake to decrypt the capture file. Assuming that my handshake is valid for that particular session of collection.

Do I need a handshake for each client or will one handshake be able to decrypt multiple clients at the time of collection?

asked 25 Apr '13, 06:24

pyRabbit's gravatar image

pyRabbit
16113
accept rate: 0%


For WPA(2) you need each unique handshake to decrpyt the unicast traffic from the associated client. This is due to nonce values being exchanged within the handshake and making each key somewhat unique.

permanent link

answered 25 Apr '13, 07:59

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%

Thank you for the quick answer. I also just verified this using my own network. You need all four parts of the EAPOL handshake (for each client) that you want to decrypt.

(25 Apr '13, 10:07) pyRabbit
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×38

question asked: 25 Apr '13, 06:24

question was seen: 1,748 times

last updated: 25 Apr '13, 10:07

p​o​w​e​r​e​d by O​S​Q​A