wpasupplicant and WEP

Erich Titl erich.titl at think.ch
Tue Dec 30 10:10:12 EST 2014


Hi Jouni

Am 30.12.2014 um 15:40 schrieb Jouni Malinen:
> On Tue, Dec 30, 2014 at 02:16:55PM +0100, Erich Titl wrote:
>> When connecting to a WEP based AP I am getting status COMPLETED, so it
>> appears as if the connection was established at the network level, but
>> then dhcpcd sends a broadcast to obtain a lease, this broadcat is then
>> received and replied to by the dhcp server, but looking with tcpdump at
>> the wlan0 interface the reply never reaches the adapter. Using WPA
>> everything works fine.
> 
> Are you sure you have the correct WEP key set on the devices? WEP allows
> the connection to be completed with Open System authentication algorithm
> even if the keys do not match. This results in a state where state is
> COMPLETED, but no Data frames get through.

I am pretty confident. I am not specifying the auth_alg thoug.

Retrying with the following network definition

network={
    ssid="scoobly"
    key_mgmt=NONE
    auth_alg=OPEN
    wep_key0="12345"
    wep_tx_keyidx=0
}

<3>CTRL-EVENT-SCAN-RESULTS
reconfigure
> OK
<3>CTRL-EVENT-SCAN-RESULTS
<3>Trying to associate with f8:1a:67:56:42:96 (SSID='scoobly' freq=2427 MHz)
<3>Association request to the driver failed
<3>Associated with f8:1a:67:56:42:96
<3>CTRL-EVENT-CONNECTED - Connection to f8:1a:67:56:42:96 completed
[id=0 id_str=]
list_networks
> network id / ssid / bssid / flags
0       scoobly any     [CURRENT]

> status
bssid=f8:1a:67:56:42:96
ssid=scoobly
id=0
mode=station
pairwise_cipher=WEP-40
group_cipher=WEP-40
key_mgmt=NONE
wpa_state=COMPLETED
address=00:1a:2b:5f:61:11

AP# dhcpcd wlan0
dhcpcd[29375]: version 5.2.11 starting
dhcpcd[29375]: wlan0: rebinding lease of 194.124.158.79
dhcpcd[29375]: wlan0: broadcasting for a lease
dhcpcd[29375]: timed out

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This is from the WPA client

AP# tcpdump -i wlan0
tcpdump: WARNING: wlan0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:54:42.351855 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 320
14:54:46.576887 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 320
14:54:52.359379 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 314
14:54:56.277075 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 314
14:55:04.783487 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 314

>>>>>>>>>>>>>>>>>>>>>>>>>>
This is from the dhcp server

bash-4.2#  tcpdump -i eth0 port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:54:42.389180 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 320
15:54:42.474265 IP luna.think.ch.bootps > 194.124.158.79.bootpc:
BOOTP/DHCP, Reply, length 300
15:54:46.612359 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 320
15:54:46.711028 IP luna.think.ch.bootps > 194.124.158.79.bootpc:
BOOTP/DHCP, Reply, length 300
15:54:52.397833 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 314
15:54:52.398610 IP luna.think.ch.bootps > 194.124.158.79.bootpc:
BOOTP/DHCP, Reply, length 300
15:54:56.312470 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 314
15:54:56.313635 IP luna.think.ch.bootps > 194.124.158.79.bootpc:
BOOTP/DHCP, Reply, length 300
15:55:04.818982 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:1a:2b:5f:61:11 (oui Unknown), length 314
15:55:04.819765 IP luna.think.ch.bootps > 194.124.158.79.bootpc:
BOOTP/DHCP, Reply, length 300

So it appears that the reply packets are not reaching the wlan interface.
The wpa status is

AP# wpa_cli status
Selected interface 'wlan0'
bssid=f8:1a:67:56:42:96
ssid=scoobly
id=0
mode=station
pairwise_cipher=WEP-40
group_cipher=WEP-40
key_mgmt=NONE
wpa_state=COMPLETED
address=00:1a:2b:5f:61:11

Switching auth_alg to SHARED on both ends will not connect at all

network={
    ssid="scoobly"
    key_mgmt=NONE
    auth_alg=SHARED
    wep_key0="12345"
    wep_tx_keyidx=0
}

> reconfigure
OK
<3>CTRL-EVENT-SCAN-RESULTS
<3>Trying to associate with f8:1a:67:56:42:96 (SSID='scoobly' freq=2427 MHz)
<3>Association request to the driver failed
<3>Authentication with f8:1a:67:56:42:96 timed out.
<3>CTRL-EVENT-DISCONNECTED bssid=f8:1a:67:56:42:96 reason=3
locally_generated=1
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="scoobly" auth_failures=1
duration=10 reason=CONN_FAILED
<3>CTRL-EVENT-SCAN-RESULTS
<3>CTRL-EVENT-SCAN-RESULTS
<3>CTRL-EVENT-SCAN-RESULTS
<3>CTRL-EVENT-SSID-REENABLED id=0 ssid="scoobly"
<3>Trying to associate with f8:1a:67:56:42:96 (SSID='scoobly' freq=2427 MHz)
<3>Association request to the driver failed
<3>Authentication with f8:1a:67:56:42:96 timed out.
<3>CTRL-EVENT-DISCONNECTED bssid=f8:1a:67:56:42:96 reason=3
locally_generated=1
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="scoobly" auth_failures=2
duration=20 reason=CONN_FAILED
<3>CTRL-EVENT-SCAN-RESULTS

AP# wpa_cli scan_results
Selected interface 'wlan0'
bssid / frequency / signal level / flags / ssid
f8:1a:67:56:42:96       2427    -71     [WEP][ESS]      scoobly
00:0b:6b:36:bc:c9       2412    -74     [WPA2-EAP+PSK-CCMP][ESS]        SALT
00:24:c9:6e:ea:d0       2437    -78
[WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][ESS]    mpr-90887
dc:71:44:ae:fd:89       2437    -72     [WPA2-EAP-CCMP][ESS]    UPC Wi-Free
dc:71:44:ae:fd:88       2437    -70     [WPA2-PSK-CCMP+TKIP][ESS]
UPC248834387
8e:04:ff:02:0e:80       2462    -82     [WPA2-EAP-CCMP+TKIP][ESS]
UPC Wi-Free
	

>>>>>>>>>>>>>>>>

So Shared Key Authentication fails completely, while Open System gets to
somewhere but apparently it never gets a lease.

Using my Android Phone will get me through without problems on either
WEP or WPA-PSK

Thanks

Erich




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1908 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20141230/0d6f5c17/attachment-0001.bin>


More information about the HostAP mailing list