Why no Secure flag when using WPA (not WPA2) in 3/4 and 4/4 EAPOL messages
j at w1.fi
Thu Jan 5 06:42:37 PST 2017
On Thu, Jan 05, 2017 at 06:08:32AM -0800, Ben Greear wrote:
> I do not see any further EAPOL messages in the capture that I did.
You are not looking carefully enough.. Based on the frame lengths, the
frames 86 and 88 are most likely EAPOL-Key messages 1/2 and 2/2 from the
group message exchange. They were encrypted here, so if you want to take
a look at the payload, you'd need to decrypt the capture log first.
> When is the group key handshake supposed to happen?
Immediately after the initial 4-way handshake. (And then whenever the AP
decides to rekey GTK.)
Jouni Malinen PGP id EFC895FA
More information about the Hostap