Identifying proto

[Dan Williams]

On Sat, 2008-08-16 at 19:18 +0530, Paresh Sawant wrote:
> Hi,
> 
> I'm trying to figure out how wpa_supplicant identifies the proto.
> 
> It seems if the scanned BSS  description contains RSN IE ( # 0x30)
> then it is WPA2, if it has WPA IE (# 0xDD) it is WPA, else it is WEP.
> 
> Is it a correct way to identify the proto?

More or less; there's also Dynamic WEP and LEAP.  I've seen some cases
where the AP does not set the Privacy bit but still supports Dynamic
WEP.

There's also LEAP, which from a scan looks just like WEP to a client.
Not sure if I've encountered a LEAP-enabled AP that sets the Privacy bit
to 0, but they may be around depending on how the admin set the AP up.

So when the AP is definitely not using WPA[2], it could be any of the
following:

1) unencrypted
2) Static WEP
3) LEAP
4) Dynamic WEP

And you don't have a good way of telling which of these it is.  WEP just
sucks.  If the Privacy bit is 0, it's _probably_ unencrypted, but I
can't say that with 100% certainty.

> In case if the BSS is found to be WEP then is there a way to know what
> is encryption supported i.e whether it is WEP-40 or WEP-104?

No.  You need to know the following things in order to successfully
connect to a WEP-encrypted network, but you can't figure any of them out
before trying to connect because none of them are indicated anywhere in
the beacon:

a) authentication method (Shared Key or Open System)
b) WEP key index being used (?) (1, 2, 3, or 4)
c) WEP key length (40 bit, 104 bit, 152-bit, etc)

Did I say WEP sucks?

Dan