or does wpa_supplicant get it right? :-)

Holger Schurig hs4233 at mail.mn-solutions.de
Fri Jan 13 10:17:26 EST 2006

I've got a Packet Trace, made with a Windows tool called "Observer". I loaded 
this into Ethereal and found this behavior when roaming from one AP to the 

Here is the beginning of the roaming sequence with the Cisco Airespace 
4012/4010 accesspoints. It looks quite different to the output of the Ciscos, 
show below.

Basically, my Client looks for APs (frame 282), gets two responsses (283, 
284), selects one (285) and get's an acknowledge (287). Then the AP sense the 
WPA key nonce (288):

282 87.248480 Usi_55:5e:c9          Broadcast    
  Probe Request Probe Request,SN=123,FN=0, SSID: "MNFUNK1"
283 87.249727 Airespac_5a:a6:4f     Usi_55:5e:c9
  Probe Response Probe Response,SN=1430,FN=0,BI=100, SSID: "MNFUNK1"
284 87.251024   Airespac_5a:a7:df     Usi_55:5e:c9
  Probe Response Probe Response,SN=1261,FN=0,BI=100, SSID: "MNFUNK1"
285 87.483119   Usi_55:5e:c9          Airespac_5a:a7:df
  Reassociation Request Reassociation Request,SN=128,FN=0, SSID: "MNFUNK1"
286 87.483376                         Usi_55:5e:c9 (RA)
  Acknowledgement Acknowledgement
287 87.493144   Airespac_5a:a7:df     Usi_55:5e:c9
  Reassociation Response Reassociation Response,SN=1265,FN=0
288 87.514853   Airespac_5a:a7:df     Usi_55:5e:c9
  EAPOL    Key

When I roam between Cisco 1200 APs, it looks different. I request APs (222), 
get two responses (223, 224) and select one AP (225).

But now the difference: the old Cisco 1200 de-authenticates me (227). This was 
not the case above. Can it be the case this this signal was, via the driver 
and the wireless events, relayed into wpa_supplicant and reset the EAPOL/WPA 
state machine in some way?

Anyway, maybe the firmware didn't expect this, because in (228) it tries to 
authenticate to the old AP again, which is O.K. for the AP (230).

My client sends another Reassociation (231) and this time the AP sends us an 
re-association response (233) and an EAP-key with the key nonce (234)

222 78.265858   Usi_55:5e:c9          Broadcast
  Probe Request Probe Request,SN=72,FN=0, SSID: "MNFUNK1"
223 78.267422   Cisco_80:da:30        Usi_55:5e:c9
  Probe Response Probe Response,SN=2006,FN=0,BI=100, SSID: "MNFUNK1"
224 78.268929   Cisco_80:d6:f0        Usi_55:5e:c9
  Probe Response Probe Response,SN=843,FN=0,BI=100, SSID: "MNFUNK1"
225 78.345884   Usi_55:5e:c9          Cisco_80:da:30
  Reassociation Request Reassociation Request,SN=73,FN=0, SSID: "MNFUNK1"
226 78.346140                         Usi_55:5e:c9 (RA)
  Acknowledgement Acknowledgement
227 78.346431   Cisco_80:da:30        Usi_55:5e:c9
  Deauthentication Deauthentication,SN=2008,FN=0
228 78.347404   Usi_55:5e:c9          Cisco_80:da:30
  Authentication Authentication,SN=74,FN=0
229 78.350130                         Usi_55:5e:c9 (RA)
  Acknowledgement Acknowledgement
230 78.350134   Cisco_80:da:30        Usi_55:5e:c9
  Authentication   Authentication,SN=2009,FN=0
231 78.350142   Usi_55:5e:c9          Cisco_80:da:30
  Reassociation Request Reassociation Request,SN=75,FN=0, SSID: "MNFUNK1"
232 78.350145                         Usi_55:5e:c9 (RA)
  Acknowledgement Acknowledgement
233 78.350151   Cisco_80:da:30        Usi_55:5e:c9
  Reassociation Response Reassociation Response,SN=2010,FN=0
234 78.350747   Cisco_80:da:30        Usi_55:5e:c9
  EAPOL    Key

More information about the HostAP mailing list