[Off topic] Difference between wpa: tkip & aes

Jar jar at pcuf.fi
Mon Nov 7 14:29:34 EST 2005


Jar wrote:
> OK now I sniff iit with Kismet, the security mode is WPA_PSK_AES. The 
> data packet looks like this:
> 
> No.     Time        Source                Destination           Protocol 
> Info
>     5655 342.729498  00:14:bf:2e:2e:2e     EdimaxTe_5a:5a:5a     IEEE 
> 802.11 Data
> 
> Frame 5655 (1554 bytes on wire, 1554 bytes captured)
> IEEE 802.11
>      Type/Subtype: Data (32)
>      Frame Control: 0x4308 (Normal)
>          Version: 0
>          Type: Data frame (2)
>          Subtype: 0
>          Flags: 0x43
>              DS status: Frame part of WDS (To DS: 1  From DS: 1) (0x03)
>              .... .0.. = More Fragments: This is the last fragment
>              .... 0... = Retry: Frame is not being retransmitted
>              ...0 .... = PWR MGT: STA will stay up
>              ..0. .... = More Data: No data buffered
>              .1.. .... = WEP flag: WEP is enabled
>              0... .... = Order flag: Not strictly ordered
>      Duration: 213
>      Receiver address: 00:14:bf:48:48:48 (00:14:bf:48:48:48)
>      Transmitter address: 00:14:bf:bf:bf:bf (00:14:bf:bf:bf:bf)
>      Destination address: 00:50:fc:5a:5a:5a (EdimaxTe_5a:5a:5a)
>      Fragment number: 0
>      Sequence number: 769
>      Source address: 00:14:bf:2e:2e:2e (00:14:bf:2e:2e:2e)
>      TKIP/CCMP parameters
>          CCMP Ext. Initialization Vector: 0x0000000000DA
>          Key: 0
> Data (1516 bytes)
> 
> 0000  af e0 27 6b be 48 34 ba 61 10 7e 20 71 dd 56 f6   ..'k.H4.a.~ q.V.
> 0010  33 ef 6d 67 64 fe 40 7a 88 88 0e da 94 c5 d2 0f   3.mgd. at z........
> ....

But sometimes data packets show both CCMP and TKIP and sometimes just 
CCMP. I don't know what it means?

     TKIP/CCMP parameters
         TKIP Ext. Initialization Vector: 0x00000000D100
         CCMP Ext. Initialization Vector: 0x00000000ACD1
         Key: 0
Data (1516 bytes)
0000  54 36 bd ae e1 d3 b6 68 9b 3c 11 41 3b f6 6b a9   T6.....h.<.A;.k.
...
...

-- 
Best Regards, Jar



More information about the HostAP mailing list