This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Do you need a Four-way Handshake for each client?

0

Thank you for your time.

When decrypting 802.11 traffic I understand that we need all 4 portions of the handshake to decrypt the capture file. Assuming that my handshake is valid for that particular session of collection.

Do I need a handshake for each client or will one handshake be able to decrypt multiple clients at the time of collection?

asked 25 Apr '13, 06:24

pyRabbit's gravatar image

pyRabbit
16113
accept rate: 0%


One Answer:

1

For WPA(2) you need each unique handshake to decrpyt the unicast traffic from the associated client. This is due to nonce values being exchanged within the handshake and making each key somewhat unique.

answered 25 Apr '13, 07:59

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%

Thank you for the quick answer. I also just verified this using my own network. You need all four parts of the EAPOL handshake (for each client) that you want to decrypt.

(25 Apr '13, 10:07) pyRabbit