Chop Chop attack decrypting ARP results in multicast traffic takeover only
I read about chop chop attack and how it is used to decrypt packets on a WPA TKIP network, by chopping off byte by byte and bruteforcing the byte to trigger MIC failure. In case of MIC failure, would mean that CRC32 is correct and we get the plaintext for that byte.
The attacks are mostly performed on ARP packets, since they are small and easy to decrypt as a whole, containing mostly known bytes. Now, my question is, since ARP packets are multicast packets, they are encrypted by a GTK correct? If so, the attacker who is able to retrieve the keystream on packet ARP chop chop, would be retrieving GTK which is intended for multicast traffic, correct?
If so, this chop chop attack against ARP would only crack the multicast traffic and NOT unicast traffic. So it is not as bad as it actually looks correct?
If there is a way to crack PTK, what would it be? other than trying to chop big sized packets unlike ARP packets ?
