speedtouch 580

[Jouni Malinen]

On Sat, Aug 05, 2006 at 07:06:02PM +0200, Santiago Garcia Mantinan wrote:
> > I would be interested in seeing a successful and a failed authentication
> > captured with a wireless sniffer (i.e., including the association frames
> > and all EAPOL frames exchanged between the devices).
> 
> I believe this is what you want, I captured them setting a madwifi-ng card
> on monitor mode and using tcpdump on it, if this is not the right way to do
> it because they don't provide what you need, just tell me.

Thanks! These are otherwise fine, but for some reason, only the frames
from client to the AP are included, not the frames in the other
directions. I can probably figure out what is going on here even without
full capture log, but it would be nice to get complete log.

It looks like wpa_supplicant ends up sending the EAPOL frames to the
ethernet side MAC address (which, I would assume, was the source address
of the EAPOL frame from the AP). I can make a patch to force
wpa_supplicant to use BSSID (wlan side address) here. It is already done
with number of EAPOL frames, but not with 4-way handshake. That is
probably not enough, though, since the authenticator address is also
used in key derivation. I would do this testing in couple of steps,
though, just to make sure that the exact AP behavior can be determined.

What would be the easiest mechanism for you to test some changes? I can,
for example, create a set of patch files against the latest release
(0.5.4).

-- 
Jouni Malinen                                            PGP id EFC895FA