wpa_supplicant: should "Associated with" and "RX EAPOL from" report the same MAC?

Arjan van Bentem hostap at avbentem.dds.nl
Tue Apr 19 14:19:07 EDT 2005


Hi all,

for the sake of the archives, so just for (your) information:

Below I wondered about seeing two different MAC addresses when 
connecting to a Speedtouch 580 access point using wpa_supplicant and 
ndiswrapper. I used Ethereal to check what's sent on Windows, and in 
fact it's the very same behavior.

Given the resolved name "AskeyCom" in the Ethereal output I guess that 
Thomson (who makes the Speedtouch ADSL modems/wireless access points) 
uses some third-party stuff from www.askey.com for the wireless stuff. 
And also the comments in the source code suggest that it might be 
expected. So: no worries, I guess...

In Windows XP I see:

Sent to 00:90:96:cf:43:cf "AskeyCom"
    802.1x Authentication
       Version: 1
       Type: Start (1)
       Length: 0

Received from 00:0e:50:26:45:b6 "ThomsonM"
    802.1x Authentication
       Version: 1
       Type: Key (3)
       Length: 95
       Descriptor Type: EAPOL WPA key (254)

Sent to 00:90:96:cf:43:cf "AskeyCom"
    802.1x Authentication
       Version: 1
       Type: Key (3)
       Length: 121
       Descriptor Type: EAPOL WPA key (254)

Received from 00:0e:50:26:45:b6 "ThomsonM"
    802.1x Authentication
       Version: 1
       Type: Key (3)
       Length: 119
       Descriptor Type: EAPOL WPA key (254)

Sent to 00:90:96:cf:43:cf "AskeyCom"
    802.1x Authentication
       Version: 1
       Type: Key (3)
       Length: 95
       Descriptor Type: EAPOL WPA key (254)

...and then the authentication is completed and the client connected to 
the access point. Still no luck on Linux, but that's another message...

Ciao,
Arjan.


Arjan van Bentem wrote:

>
> Hi all,
>
> Is seeing two different MAC's for "Associated with" and "RX EAPOL 
> from" to be expected?
>
> The details...
>
> My wpa_supplicant 0.3.8 / ndiswrapper 1.1 / Linksys WMP54G do not get 
> any further than "WPA: Sending EAPOL-Key 2/4" while my Speedtouch 580 
> access point then logs that the client is associated, but is still 
> authenticating.
>
> Trying to figger out what's wrong I noticed two different MAC's in the 
> debug information: wpa_supplicant says it has associated with the MAC 
> I know to be my access point, but later on seems to indicate it 
> receives a reply from some other MAC I do not recognize at all. I've 
> not seen this while looking at dumps many others posted on the 
> internet. "ifconfig -a" or "arp" do not list this MAC either.
>
> The log I see (non-stripped log and dmesg output at the end of this 
> message) when using default settings:
>
>
> Initializing interface (2) 'wlan0'
>       >>> Arjan: is the next line OK...? This only
>       >>> occurs for the snapshot build, not for 0.3.8
> ioctl[SIOCSIWPMKSA]: No such device
>       >>> Arjan: the Linksys WMP54G
> Own MAC address: 00:12:17:94:9b:1b
> :
> Starting AP scan (broadcast SSID)
> Scan timeout - try to get results
>       >>> Arjan: allright, a single BSS found
> Received 308 bytes of scan results (1 BSSes)
> :
>       >>> Arjan: indeed, the Speedtouch 580
> Trying to associate with 00:90:96:cf:43:cf (SSID='Palahala' freq=2412 
> MHz)
> :
> No keys have been configured - skip key clearing
> State: SCANNING -> ASSOCIATING
> :
> Wireless event: new AP: 00:90:96:cf:43:cf
> State: ASSOCIATING -> ASSOCIATED
> :
> Associated to a new BSS: BSSID=00:90:96:cf:43:cf
> :
> Setting authentication timeout: 10 sec 0 usec
>       >>> Arjan: a reply from a different MAC?
> RX EAPOL from 00:0e:50:26:45:b6
> :
> State: ASSOCIATED -> 4WAY_HANDSHAKE
>       >>> Arjan: the very same 3rd MAC again...
> WPA: RX message 1 of 4-Way Handshake from 00:0e:50:26:45:b6 (ver=1)
> WPA: Renewed SNonce - hexdump(len=32): 23 c0 ...
> :
> WPA: Sending EAPOL-Key 2/4
>       >>> Arjan: and the above is repeated for ever,
>       >>> sometimes with timeout message...
>
> I'm using ndiswrapper 1.1 on Ubuntu 5.04, installed as described at 
> http://dossy.org/archives/000110.html (which uses Linksys WMP54GS 
> whereas my card is a WMP54G), after first running "apt-get install 
> linux-headers-2.6.10-5-386 build-essential fakeroot".
>
> Same behavior for wpa_supplicant yesterday's snapshot (log above) and 
> 0.3.8, both ONLY using CONFIG_DRIVER_NDISWRAPPER=y and 
> CONFIG_CTRL_IFACE=y, and even when I doubled the timeout periods in 
> the source code. When setting the access point to use EAS, then 
> wpa_supplicant will also log it will use CCMP.
>
> And same behavior when using, for example, all kind of combinations 
> for ap_scan=2, eapol_version=2, explicitely setting BSSID to match the 
> MAC of the base station, scan_ssid, proto=WPA, pairwise=TKIP, 
> group=TKIP, setting the access point to not allow broadcasts, using a 
> short plain text PSK, et cetera, ...
>
> The very same Linksys card and PSK work fine on Windows XP (dual boot 
> with Ubuntu), using the same NDIS drivers, and using the same access 
> point settings.
>
> Thanks for any input (like I cannot even come up with a decent Google 
> search phrase...),
> Arjan.
>
>



More information about the HostAP mailing list