This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wi-Fi direct

0

Hi, We have encountered a problem using Wireshark to capture traffic between two nodes communicating with the Wi-Fi direct protocol. Encryption seems to be mandatory. Is there a way to decrypt tne packets and show them in Wireshark?

--Thomas

This question is marked "community wiki".

asked 13 May '15, 08:49

Thomaslindh's gravatar image

Thomaslindh
6112
accept rate: 0%

edited 13 May '15, 09:29

grahamb's gravatar image

grahamb ♦
19.8k330206


2 Answers:

2

In all WiFi Direct connections, there is a Group Owner (GO) that has the authority to issue and revoke credentials. Also, the WiFi Direct Specification uses WiFi Protected Setup (WPS) or sometimes referred to as WiFi Simple Configuration (WSC) to exchange credentials. So the GO becomes the WSC Registrar and the other devices become Enrollees.

The WSC Registrar (GO) generates and issues the network credentials (security keys) to the Enrollee (Client). In a WSC connection, all credential exchanges between enrollee and registrar are encrypted. If you perform a WiFi capture of the WSC exchange, the user will not be able to determine the PSK passphrase. The only way to determine the passphrase is to query the registrar (GO).

So you need a way to get the credential from the GO. This requires the GO to be rooted - in Android vocabulary. Then you need to know how to extract the WiFi credentials.

answered 13 May '15, 09:18

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%

If a supplied answer resolves your question can you please "accept" it by clicking the check mark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(14 May '15, 08:24) Amato_C

1

Try this blog https://androcraftsite.wordpress.com/2017/03/01/decrypting-wifi-direct-packets-in-wireshark/ it explains how to get PSK for android phones and you can use those PSK to decrypt your packets

answered 01 Mar '17, 08:11

rajat27's gravatar image

rajat27
213
accept rate: 0%

1

Thanks for providing the location of where to find the credentials within Android!

(01 Mar '17, 09:52) Amato_C