Is my connection secure?

- t3sT0r t3st0re at gmail.com
Sun Aug 3 21:50:55 EDT 2008


Hi all,

I'm using hostapd with madwifi drivers as an AP, and connecting from a XP
laptop using wpa_supplicant. I tried to encrypt the connection with WPA, but
I'm not sure if I have done it properly, because when creating a second
virtual interface in monitor mode on the same machine that runs hostapd, I
can see all the packets in plaintext (I use wireshark to see the packets). I
also tried enabling debugging with athdebug and 80211debug , and I also see
the packets as plaintext (at least the ones from the machine running
hostapd).

Does anyone know how can I know if my connection is encrypted and secured
from sniffing? I only have 2 wireless cards so I can't sniff the connection
with other card.

Here is my hostapd.conf:
interface=ath0
bridge=br0
driver=madwifi
logger_syslog=0
logger_syslog_level=0
logger_stdout=0
logger_stdout_level=0
debug=0
eapol_key_index_workaround=0
dump_file=/tmp/hostapd.dump.0.0
ssid=test3
wpa=1
wpa_passphrase=xxxxxxx
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_group_rekey=600

Script I run to configure the AP:
dhclient eth1
wlanconfig ath create wlandev wifi0 wlanmode ap
iwpriv ath0 mode 11g
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 ath0
brctl setfd br0 1
ifconfig ath0 up
ifconfig eth0 up
ifconfig br0 192.168.4.10 up
iwconfig ath0 essid test3
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
hostapd -dd /root/hostapd.conf

Some syslog lines before the ones where plaintext appears:
ug  3 02:45:29 guest-desktop kernel: [ 5056.275579] ath_intr: status 0x40
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275596] ath_tx_processq: tx
queue 1 (0x1ac93600), link dac93600
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275602] ath_tx_processq:
frame's last desc: dac934e0
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275611] T (dac934e0 1ac934e0)
1ac93600 1a6438b0 4321006a 0600a060 03328000 00006d6b 44df0001 0005e867 *
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275626] ath_tx_processq:
updating frame's sequence number from 1950 to 1075
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275674] ath_tx_processq: free
skb da678c00
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275689] ath_tx_processq:
frame's last desc: dac93600
Aug  3 02:45:29 guest-desktop kernel: [ 5056.275696] T (dac93600 1ac93600)
00000000 162058f8 43210092 0600a088 03328000 00006d6b 00000000 00000000
Aug  3 02:45:29 guest-desktop kernel: [ 5056.276015] ath_tx_start: skb0
da678c00 [data d62048f8 len 374] skbaddr 162048f8
Aug  3 02:45:29 guest-desktop kernel: [ 5056.276031] FRDS
00:0a:e6:7c:94:23->00:16:ce:23:60:0f(00:1d:0f:b8:6c:2d) data QoS [TID 0] WEP
[IV 79 14 00 00 00 00 KID 0] 24M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080803/c6270e20/attachment.htm 


More information about the HostAP mailing list