Verify WPA success?
Jouni Malinen
jkmaline
Wed Oct 6 21:38:54 PDT 2004
On Wed, Oct 06, 2004 at 11:01:23AM +0200, Maxim Burgerhout wrote:
> Problem is, I can't seem to figure out whether my connection is now
> encrypted or not. And I'ld really like to be sure... When I do 'wpa_cli
> status' I get this:
>
> bssid=so:me:nu:mb:er:he:re
> ssid=HomeNet
> pairwise_cipher=TKIP
> group_cipher=TKIP
> key_mgmt=WPA-PSK
> wpa_state=COMPLETED
That last line is key here.. So yes, this was successful authentication
and data packets are being encrypted.
> Supplicant PAE state=AUTHENTICATED
> heldPeriod=60
> authPeriod=30
> startPeriod=30
> maxStart=3
> suppPortStatus=Authorized
> portControl=Auto
> Supplicant Backend state=IDLE
> EAP state=SUCCESS
> reqMethod=0
> selectedMethod=0
> methodState=NONE
> decision=COND_SUCC
> ClientTimeout=60
This is "somewhat" too verbose for normal end-user status report, so I
removed most of these lines from the 'wpa_cli status' report. The
verbose version can now be requested with 'wpa_cli status verbose'. In
addition, I added some more information for EAP status (method name, TLS
cipher, Phase2 method).
> Can someone tell me:
> a. why 'Supplicant Backend state' is always IDLE, even if I download
> some hughe file
Supplicant Backend state machine is part of IEEE 802.1X/EAPOL state
machines. Since you are using WPA-PSK, this state machine is idle. This
would remain IDLE for most of the time even when IEEE 802.1X/EAP is used
since like Steven pointed out before, this is only used for
authentication/key exchange, not for data traffic.
> b. why 'decision' says COND_SUCC? Does this mean 'conditional success'?
> Conditional in what meaning? Do I need to do something else to get it to
> say 'SUCC'? Or is this ok?
Yes, this means 'conditional success'. However, this decision is not
with WPA-PSK and the reported value was just the default value. This is
ok.
> When I figure out what these messages in 'wpa_cli status' mean, I'll
> post it to some forums, so other people won't bother you ;)
The current status output from development snapshot is following for
WPA-PSK:
bssid=00:11:22:33:44:55
ssid=wpa-psk-test
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
and for WPA2-EAP-PEAP-MSCHAPv2:
bssid=00:11:22:33:44:55
ssid=wpa-eap-test
pairwise_cipher=CCMP
group_cipher=TKIP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=25 (EAP-PEAP)
EAP TLS cipher=AES256-SHA
EAP-PEAP Phase2 method=MSCHAPV2
Please let me know if any information here is unclear and I'll try to
make it more understandable (or, well at least document this in the
wpa_supplicant README).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list