wpa_supplicant & winpcap & windows 2000

Jouni Malinen jkmaline at cc.hut.fi
Sun Nov 20 19:09:41 EST 2005


On Sun, Nov 20, 2005 at 02:20:02PM -0700, engage wrote:

> IEEE 802.1X RX: version=1 type=3 length=95
>   EAPOL-Key type=254
> State: ASSOCIATED -> 4WAY_HANDSHAKE
> WPA: RX message 1 of 4-Way Handshake from 00:12:17:e2:8d:05 (ver=2)
> WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 04 
> 01 00 00 50 f2 04 01 00 00 50 f2 02
> WPA: Renewed SNonce - hexdump(len=32): b3 12 4d c8 43 bb 8b a6 1f 03 5a 7d 09 
> 38 25 1f 5d d4 cb fc 96 f5 45 3b 13 0d 89 0a 1c db ae 32
> WPA: PMK - hexdump(len=32): [REMOVED]
> WPA: PTK - hexdump(len=64): [REMOVED]
> WPA: Sending EAPOL-Key 2/4
> RX EAPOL from 00:12:17:e2:8d:05
> Setting authentication timeout: 10 sec 0 usec
> IEEE 802.1X RX: version=1 type=3 length=121
>   EAPOL-Key type=254

It looks like the first two messages of WPA 4-Way Handshake are
correctly received. However, something odd happens with the third
message:

> WPA: Invalid EAPOL-Key MIC when using TPTK - ignoring TPTK
> WPA: Could not verify EAPOL-Key MIC - dropping packet

It looks like the AP accepted message 2/4, but then send out message 3/4
with incorrect MIC. This is quite odd behavior.. What AP (vendor/model)
are you using?

> RX EAPOL from 00:12:17:e2:8d:05
> IEEE 802.1X RX: version=1 type=3 length=119
>   EAPOL-Key type=254
> WPA: Invalid EAPOL-Key MIC when using TPTK - ignoring TPTK
> WPA: Could not verify EAPOL-Key MIC - dropping packet

Interestingly, this frame is two bytes shorter than the previous frame
even though I would have assumed this to be a retransmitted message
3/4..

Could you please send me debug log with -dd on the command line so that
these two frames are included in full in the log? In addition, if you
happen to have Ethereal installed or can install it easily, it would be
nice to receive a capture log from the network interface with these
EAPOL-Key frames.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list