During a wireless penetration test you capture a full 4-way handshake from an 802.11 network using WPA2-Personal with AES-CCMP. After cracking the pre-shared key offline, you want to decrypt the previously recorded data frames in Wireshark. Apart from the recovered passphrase, which additional elements from the handshake are required to reconstruct the Pairwise Transient Key (PTK) and successfully decrypt the traffic?
The access point and client MAC addresses together with the ANonce and SNonce values exchanged during the 4-way handshake
The RSN capabilities field obtained from beacon or probe response frames
The Group Temporal Key (GTK) delivered in message 3 of the 4-way handshake
Only the network SSID and the RF channel number on which the capture was made
In WPA2-Personal, the passphrase is converted into a Pairwise Master Key (PMK) through PBKDF2. To turn that PMK into the Pairwise Transient Key (PTK) that actually encrypts unicast data, the 4-way handshake combines four values: the access point's MAC address (AA), the client station's MAC address (SPA), the AP-generated nonce (ANonce) and the client-generated nonce (SNonce). Tools such as Wireshark or Aircrack-ng need these two MAC addresses and both nonces-together with the PMK-to run the key-derivation function and recover the temporal encryption keys.
The Group Temporal Key (GTK) only protects broadcast/multicast traffic and alone is insufficient for decrypting unicast frames. The RSN capabilities element and the SSID/channel information do not participate in PTK generation. Therefore, the only correct choice is the combination of both MAC addresses and both nonces taken from the captured 4-way handshake.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the 4-way handshake in WPA2-Personal networks?
Open an interactive chat with Bash
What is the role of ANonce and SNonce in the 4-way handshake?
Open an interactive chat with Bash
How does Wireshark decrypt captured WPA2 data frames using the 4-way handshake?
Open an interactive chat with Bash
What is a 4-way handshake in WPA2?
Open an interactive chat with Bash
What is AES-CCMP in WPA2-Personal?
Open an interactive chat with Bash
How does PBKDF2 generate the Pairwise Master Key (PMK)?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .