Verify WPA success?

Steven Ihde x-hostap
Wed Oct 6 10:59:31 PDT 2004

On Wed, 06 Oct 2004 10:37:38 -0400, Brad Langhorst wrote:
> On Wed, 2004-10-06 at 11:01 +0200, Maxim Burgerhout wrote:
> > Hi,
> > 
> > I'm sorry I have to ask you guys a pretty n00bish question, but I don't 
> > know where else to turn. This WLAN stuff on Linux is all pretty new to 
> > me and I haven't found any serious sites concerning it yet. Apart from 
> > yours that is.
> > 
> > I recently shoved a WLAN card into my laptop and got it to work with 
> > ndiswrapper, which is great. Then I decided to get WEP to work and that 
> > proved easy too. Enabling WPA was a little (but only a little trickier, 
> > but only a litte: it too was set up in minutes.
> > 
> > Problem is, I can't seem to figure out whether my connection is now 
> > encrypted or not. And I'ld really like to be sure...
> i don't know anything about wpa... but if you did a tcpdump you'd be
> able to tell if everything is encrypted or not (instead of trusting that
> the tools are reporting correctly)

Actually if everything is set up correctly (i.e. your card is
associated and authenticated, and all traffic is encrypted), tcpdump
will show you the cleartext, since the card hardware or driver will
decrypt everything before passing the frames in to the OS via the
network interface.  You'd need to set up a second station with another
card that didn't have the WPA key to verify that you couldn't read the

But to answer the posters original concern, my wpa_supplicant output
looks much like yours, and I believe it to be operating correctly. :)

The reason wpa_supplicant doesn't burn CPU when you're moving lots of
data is that the card itself is doing the encryption/decryption.
wpa_supplicant's role is to authenticate to the AP and negotiate a new
set of temporary encryption keys every few minutes.  It sets these new
keys in the card, and the card encrypts/decrypts everything for you.
The IDLE state just means that it's not actively negotiating a new set
of keys with the AP.  If you let wpa_cli sit there for a while, every
few minutes you'll see it output a message that it's renegotiating
keys with the AP.  In my case at least the connection sometimes
hiccups during these events.

I think in some cases (such as the madwifi driver?) the encryption
happens in the wireless driver rather than on the card hardware, which
would burn CPU cycles, but it's still not wpa_supplicant that is
encrypting/decrypting each frame, it would be the kernel-mode driver
in this case.


More information about the Hostap mailing list