[aklug] Re: wpa_supplicant

From: <jonr@destar.net>
Date: Thu Feb 28 2008 - 08:20:28 AKST

Quoting jonr@destar.net:

> Quoting barsalou <barjunk@attglobal.net>:
>
>> Quoting jonr@destar.net:
>>
>>> Quoting barsalou <barjunk@attglobal.net>:
>>>
>>>> Here is my wpa_suplicant.conf:
>>>>
>>>> ---
>>>> ctrl_interface=3D3D/var/run/wpa_supplicant
>>>> eapol_version=3D3D1
>>>> ap_scan=3D3D1
>>>> fast_reauth=3D3D1
>>>>
>>>> network=3D3D{
>>>> auth_alg=3D3DOPEN
>>>> ssid=3D3D"myssid"
>>>> proto=3D3DWPA2
>>>> scan_ssid=3D3D1
>>>> psk=3D3D"mysecretpskkey"
>>>> key_mgmt=3D3DWPA-PSK
>>>>
>>>> }
>>>> ---
>>>>
>>>> This is what ended up working, but I'm not confident it is actually
>>>> using WPA2...anyone know a good way to tell?
>>>>
>>>> I think I was missing the auth_alg=3D3DOPEN part when I tried it last.
>>>>
>>>> Mike B.
>>>>
>>> Can you sniff the wire and watch the authentication request?
>>>
>>>
>> Sure. I can even run the wpa_supplicant deamon in debug mode...what
>> exactly am I looking for?
>>
>> Mike B.
>>
> I would guess that you would be watching for the psk handshake at the =3D2=
0
> beginning of the authentication. Do you see the server and the client =3D2=
0
> doing a handshake before you are authenticated?
>
> Jon
>
So that wouldn't tell you what you are trying to figure out, you would =20
want to use kismet, airsniff, airsnort etc, etc. Then I asked the =20
question and got this response:

"WPA2 is a product certification that is available through the Wi-Fi =20
Alliance. WPA2
certifies that wireless equipment is compatible with the IEEE 802.11i =20
standard. The WPA2
product certification formally replaces Wired Equivalent Privacy (WEP) =20
and the other
security features of the original IEEE 802.11 standard. The goal of =20
WPA2 certification is
to support the additional mandatory security features of the IEEE =20
802.11i standard that
are not already included for products that support WPA.

The only way sniffing tools can tell that you're running 802.11i (WPA2) it b=
y
looking in the beacons (or probe responses) for Information Elements =20
(IEs) that advertise TKIP (WPA) or CCMP (WPA2).

So if the sniffing tools say you're running WPA2 (or 802.11i, or CCMP =20
(AES), then its likely that you are, but...

its not perfect.

Jim Thompson"

Hope that helps,

Jon

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Feb 28 08:21:09 2008

This archive was generated by hypermail 2.1.8 : Thu Feb 28 2008 - 08:21:10 AKST