Verify WPA success?

Jouni Malinen jkmaline
Wed Oct 6 21:38:54 PDT 2004 

On Wed, Oct 06, 2004 at 11:01:23AM +0200, Maxim Burgerhout wrote:

> Problem is, I can't seem to figure out whether my connection is now 
> encrypted or not. And I'ld really like to be sure... When I do 'wpa_cli 
> status' I get this:
> 
> bssid=so:me:nu:mb:er:he:re
> ssid=HomeNet
> pairwise_cipher=TKIP
> group_cipher=TKIP
> key_mgmt=WPA-PSK
> wpa_state=COMPLETED

That last line is key here.. So yes, this was successful authentication
and data packets are being encrypted.

> Supplicant PAE state=AUTHENTICATED
> heldPeriod=60
> authPeriod=30
> startPeriod=30
> maxStart=3
> suppPortStatus=Authorized
> portControl=Auto
> Supplicant Backend state=IDLE
> EAP state=SUCCESS
> reqMethod=0
> selectedMethod=0
> methodState=NONE
> decision=COND_SUCC
> ClientTimeout=60

This is "somewhat" too verbose for normal end-user status report, so I
removed most of these lines from the 'wpa_cli status' report. The
verbose version can now be requested with 'wpa_cli status verbose'. In
addition, I added some more information for EAP status (method name, TLS
cipher, Phase2 method).

> Can someone tell me:
> a. why 'Supplicant Backend state' is always IDLE, even if I download 
> some hughe file

Supplicant Backend state machine is part of IEEE 802.1X/EAPOL state
machines. Since you are using WPA-PSK, this state machine is idle. This
would remain IDLE for most of the time even when IEEE 802.1X/EAP is used
since like Steven pointed out before, this is only used for
authentication/key exchange, not for data traffic.

> b. why 'decision' says COND_SUCC? Does this mean 'conditional success'? 
> Conditional in what meaning? Do I need to do something else to get it to 
> say 'SUCC'? Or is this ok?

Yes, this means 'conditional success'. However, this decision is not
with WPA-PSK and the reported value was just the default value. This is
ok.

> When I figure out what these messages in 'wpa_cli status' mean, I'll 
> post it to some forums, so other people won't bother you ;)

The current status output from development snapshot is following for
WPA-PSK:

bssid=00:11:22:33:44:55
ssid=wpa-psk-test
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS


and for WPA2-EAP-PEAP-MSCHAPv2:

bssid=00:11:22:33:44:55
ssid=wpa-eap-test
pairwise_cipher=CCMP
group_cipher=TKIP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=25 (EAP-PEAP)
EAP TLS cipher=AES256-SHA
EAP-PEAP Phase2 method=MSCHAPV2


Please let me know if any information here is unclear and I'll try to
make it more understandable (or, well at least document this in the
wpa_supplicant README).

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list