Hi, We have encountered a problem using Wireshark to capture traffic between two nodes communicating with the Wi-Fi direct protocol. Encryption seems to be mandatory. Is there a way to decrypt tne packets and show them in Wireshark? --Thomas This question is marked "community wiki". asked 13 May '15, 08:49  Thomaslindh edited 13 May '15, 09:29  grahamb ♦ |
2 Answers:
In all WiFi Direct connections, there is a Group Owner (GO) that has the authority to issue and revoke credentials. Also, the WiFi Direct Specification uses WiFi Protected Setup (WPS) or sometimes referred to as WiFi Simple Configuration (WSC) to exchange credentials. So the GO becomes the WSC Registrar and the other devices become Enrollees. The WSC Registrar (GO) generates and issues the network credentials (security keys) to the Enrollee (Client). In a WSC connection, all credential exchanges between enrollee and registrar are encrypted. If you perform a WiFi capture of the WSC exchange, the user will not be able to determine the PSK passphrase. The only way to determine the passphrase is to query the registrar (GO). So you need a way to get the credential from the GO. This requires the GO to be rooted - in Android vocabulary. Then you need to know how to extract the WiFi credentials. answered 13 May '15, 09:18  Amato_C |
Try this blog https://androcraftsite.wordpress.com/2017/03/01/decrypting-wifi-direct-packets-in-wireshark/ it explains how to get PSK for android phones and you can use those PSK to decrypt your packets answered 01 Mar '17, 08:11  rajat27 1 Thanks for providing the location of where to find the credentials within Android! (01 Mar '17, 09:52) Amato_C |
If a supplied answer resolves your question can you please "accept" it by clicking the check mark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.