I am aware of two attacks against TKIP/RC4 encrypted traffic:
- Beck-Tews attack
- Ohigashi-Morii attack
If I have a network that uses TKIP for the Group Cipher, i.e. multicast and broadcast traffic, TKIP and CCMP for pair-wise traffic i.e. unicast, and 802.1x for authentication (not sure if this is relevant), I believe I have a scenario where at best, all the multicast and broadcast traffic is only encrypted with RC4 via TKIP.
Since there are these attacks against TKIP traffic, does this mean that despite CCMP being supported for unicast traffic, I can capture this traffic with a monitor mode wireless adapter and potentially decrypt the multicast/broadcast traffic? If so, what would the process be to do this?
