This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, We have encountered a problem using Wireshark to capture traffic between two nodes communicating with the Wi-Fi direct protocol. Encryption seems to be mandatory. Is there a way to decrypt tne packets and show them in Wireshark?

--Thomas

This question is marked "community wiki".

asked 13 May '15, 08:49

Thomaslindh's gravatar image

Thomaslindh
6112
accept rate: 0%

edited 13 May '15, 09:29

grahamb's gravatar image

grahamb ♦
19.8k330206


In all WiFi Direct connections, there is a Group Owner (GO) that has the authority to issue and revoke credentials. Also, the WiFi Direct Specification uses WiFi Protected Setup (WPS) or sometimes referred to as WiFi Simple Configuration (WSC) to exchange credentials. So the GO becomes the WSC Registrar and the other devices become Enrollees.

The WSC Registrar (GO) generates and issues the network credentials (security keys) to the Enrollee (Client). In a WSC connection, all credential exchanges between enrollee and registrar are encrypted. If you perform a WiFi capture of the WSC exchange, the user will not be able to determine the PSK passphrase. The only way to determine the passphrase is to query the registrar (GO).

So you need a way to get the credential from the GO. This requires the GO to be rooted - in Android vocabulary. Then you need to know how to extract the WiFi credentials.

permanent link

answered 13 May '15, 09:18

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%

If a supplied answer resolves your question can you please "accept" it by clicking the check mark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(14 May '15, 08:24) Amato_C

Try this blog https://androcraftsite.wordpress.com/2017/03/01/decrypting-wifi-direct-packets-in-wireshark/ it explains how to get PSK for android phones and you can use those PSK to decrypt your packets

permanent link

answered 01 Mar '17, 08:11

rajat27's gravatar image

rajat27
213
accept rate: 0%

1

Thanks for providing the location of where to find the credentials within Android!

(01 Mar '17, 09:52) Amato_C
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×13
×5

question asked: 13 May '15, 08:49

question was seen: 3,750 times

last updated: 01 Mar '17, 09:52

p​o​w​e​r​e​d by O​S​Q​A