Help understanding WPS trace

Dani Camps danicamps81 at yahoo.com
Tue Sep 27 09:29:34 EDT 2011



Dear all,

I attach at the end of this email a WPS trace that I am having trouble to understand. I would appreciate if somebody can help me decipher what is going on. The trace is obtained using the P2P implementation in wpa_supplicant when the P2P Client is trying to obtain the network credentials from the P2P GO. The chipset being used is AR5412 with ath5k. These are the steps that look strange to me in the trace:

1) After the M1-M8 messages to convey network credentials to the P2P Client, the P2P Client disassociates in order to reconnect to the network with the proper credentials. You can see in frames 508 and 509 how the P2P Client is authenticating with the P2P GO in order to re-enter the network. However, when authentication completes instead of proceeding with the re-association the P2P Client stays quiet for 5 seconds, i.e. 6.779815 seconds to 11.779928 seconds. My guess is that the P2P Client is doing scanning through the 2.4Ghz band during this time. Finally at 11.779928 seconds the re-connection with the P2P GO starts. What I do not understand here, is why does the P2P Client in the middle of the re-connection with the P2P GO in WPS goes to do an scanning ?

2) When the P2P Client attempts the re-connection to the P2P GO with the proper network credentials, this re-connection fails for two times and finally succeeds the third time. In particular the P2P GO disassociates the P2P Client after this one submits the WPA key. You can see this happening at times 14.654176 seconds and 17.853630 seconds, and finally succeeds at time 21.064690 seconds. Why would the first two connection attempts fail ? Checking the format of the packet they seem identical to the one that succeeds, the WPA key is the same and only differ on the Nonce and the MIC. Can it be that the P2P GO is not ready and that is why it cancels the procedure? But then I do not understand why does the P2P GO initiate the key exchange in the first place.

Thanks for your help

Best Regards

Daniel

Wireshark Trace:

     No.     Time        Source                Destination           Protocol Info
    224 3.111613    D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Authentication, SN=48, FN=0, Flags=........
    225 3.112065    D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Authentication, SN=16, FN=0, Flags=........
    227 3.112558    D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Association Request, SN=49, FN=0, Flags=........, SSID="DIRECT-BT"
    230 3.130242    D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Association Response, SN=17, FN=0, Flags=........
    232 3.131710    D-Link_c5:56:a4       D-Link_c5:53:93       EAP      Request, Identity [RFC3748]
    234 3.132895    D-Link_c5:53:93       D-Link_c5:56:a4       EAP      Response, Identity [RFC3748]
    235 3.133302    D-Link_c5:56:a4       D-Link_c5:53:93       EAP      Request, Expanded Type [RFC3748]
    242 3.212666    D-Link_c5:53:93       D-Link_c5:56:a4       EAP      Response, Expanded Type [RFC3748]
    247 3.245831    D-Link_c5:56:a4       D-Link_c5:53:93       EAP      Request, Expanded Type [RFC3748]
    262 3.333194    D-Link_c5:53:93       D-Link_c5:56:a4       EAP      Response, Expanded Type [RFC3748]
    263 3.337864    D-Link_c5:56:a4       D-Link_c5:53:93       EAP      Request, Expanded Type [RFC3748]
    267 3.342888    D-Link_c5:53:93       D-Link_c5:56:a4       EAP      Response, Expanded Type [RFC3748]
    268 3.372607    D-Link_c5:56:a4       D-Link_c5:53:93       EAP      Request, Expanded Type [RFC3748]
    270 3.373002    D-Link_c5:53:93       D-Link_c5:56:a4       EAP      Response, Expanded Type [RFC3748]
    273 3.410399    D-Link_c5:56:a4       D-Link_c5:53:93       EAP      Failure
    274 3.415030    D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Deauthentication, SN=56, FN=0, Flags=........
    275 3.420762    D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Deauthentication, SN=28, FN=0, Flags=........
    292 3.631890    D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Probe Response, SN=31, FN=0, Flags=........, BI=100, SSID="DIRECT-BT"
    508 6.468064    D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Authentication, SN=74, FN=0, Flags=........
    509 6.468524    D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Authentication, SN=61, FN=0, Flags=........
    527 6.779815    D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Probe Response, SN=65, FN=0, Flags=........, BI=100, SSID="DIRECT-BT"
   1003 11.779928   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Probe Response, SN=117, FN=0, Flags=........, BI=100, SSID="DIRECT-BT"
   1172 14.616333   D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Authentication, SN=109, FN=0, Flags=........
   1174 14.616734   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Authentication, SN=146, FN=0, Flags=........
   1176 14.617248   D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Association Request, SN=110, FN=0, Flags=........, SSID="DIRECT-BT"
   1177 14.618125   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Association Response, SN=147, FN=0, Flags=........
   1183 14.651225   D-Link_c5:56:a4       D-Link_c5:53:93       EAPOL    Key
   1185 14.654176   D-Link_c5:53:93       D-Link_c5:56:a4       EAPOL    Key
   1186 14.654540   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Deauthentication, SN=149, FN=0, Flags=........
   1434 17.808337   D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Authentication, SN=129, FN=0, Flags=........
   1436 17.808759   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Authentication, SN=186, FN=0, Flags=........
   1438 17.809217   D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Reassociation Request, SN=130, FN=0, Flags=........, SSID="DIRECT-BT"
   1439 17.812823   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Reassociation Response, SN=187, FN=0, Flags=........
   1444 17.850420   D-Link_c5:56:a4       D-Link_c5:53:93       EAPOL    Key
   1446 17.853630   D-Link_c5:53:93       D-Link_c5:56:a4       EAPOL    Key
   1447 17.853975   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Deauthentication, SN=189, FN=0, Flags=........
   1468 18.172101   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Probe Response, SN=194, FN=0, Flags=........, BI=100, SSID="DIRECT-BT"
   1687 21.008353   D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Authentication, SN=149, FN=0, Flags=........
   1688 21.008784   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Authentication, SN=225, FN=0, Flags=........
   1690 21.009235   D-Link_c5:53:93       D-Link_c5:56:a4       IEEE 802.11 Reassociation Request, SN=150, FN=0, Flags=........, SSID="DIRECT-BT"
   1691 21.013081   D-Link_c5:56:a4       D-Link_c5:53:93       IEEE 802.11 Reassociation Response, SN=226, FN=0, Flags=........
   1696 21.060251   D-Link_c5:56:a4       D-Link_c5:53:93       EAPOL    Key
   1698 21.063466   D-Link_c5:53:93       D-Link_c5:56:a4       EAPOL    Key
   1699 21.064253   D-Link_c5:56:a4       D-Link_c5:53:93       EAPOL    Key
   1701 21.064690   D-Link_c5:53:93       D-Link_c5:56:a4       EAPOL    Key
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20110927/565d39c9/attachment.htm 


More information about the HostAP mailing list