failure after 4 way handshake

matthieu castet castet.matthieu at free.fr
Sun Oct 16 06:45:59 EDT 2005


Hi Jouni,

Jouni Malinen wrote:
> On Sat, Oct 15, 2005 at 01:46:16PM +0200, matthieu castet wrote:
> 
> 
>>I am trying to add native support for WPA for Aironet WPA cards.
> 
> 
> Do you mean that you are modifying the airo_cs driver to allow WPA
> support?
> 
yes the airo driver

> 
>>With ndiswrapper everything works correctly, but with my implementation
>>the master don't send anything after the "4 way handshake" (I have check
>>that with a card in monitor mode) and the Managed client fails with
>>timeout failure. See the ethereal dump (ether file) and wpa_supplicant 
>>log (case1)
> 
> 
> Can you send a wireless sniffer log showing this behavior? I'm assuming
> you have two cards, one acting as a client and the other one in monitor
> mode.
> 
The ethereal sniffer log isn't enough ?
It was done in monitor mode.
In this log I filtered broadcast, but I could provide a full log if you 
want.



> 
>>Sometimes the Master send a packet and is received by the client. But
>>this packet seems incorrect : the size is too long (wpa_supplicant
>>ignore the end) and the key seems wrong : after an exchange of 2-4 
>>packets the client is disassociated. [2]
>>
>>Why the master don't send an encrypted packet after the '4 way handshake' ?
>>Is it because of some failure in '4 way handshake' ?
> 
> 
> This sounds like the PTK configuration could have failed. I would need
> to see the sniffer log to verify whether there is a Group Key packet
> (the first encrypted frames that is sent just after 4-Way Handshake).
In the ethereal dump you could see :

No.     Time        Source                Destination           Protocol 
Info
     104 2.759370    FreeboxS_50:0d:e6     Cisco_fd:44:fc        IEEE 
802.11 Association Response
[...]
No.     Time        Source                Destination           Protocol 
Info
     113 2.838733    Cisco_fd:44:fc        FreeboxS_50:0d:e6     EAPOL 
   Key
No.     Time        Source                Destination           Protocol 
Info
     114 2.838968                          Cisco_fd:44:fc (RA)   IEEE 
802.11 Acknowledgement
No.     Time        Source                Destination           Protocol 
Info
     213 12.832420   FreeboxS_50:0d:e6     Cisco_fd:44:fc        IEEE 
802.11 Probe Response, SSID: "_0_"

So there no traffic from the master after the '4 way handshake'. And 
after a 10 seconds timeout client card start probing.


> Have you tried swapping Michael MIC TX/RX keys? That is one of the most
> common problems with TKIP key configuration. This can be done be
> swapping bytes 16..23 and 24..31 in the TKIP key.
Yes I need to swapp the key.

But as the master don't seem to reply, the key isn't used...


Thanks you for your reply.
I believe, I need first to understand why I recieve an encrypted packet 
after the '4 way handshake'


Matthieu CASTET




More information about the HostAP mailing list