From: Kevin Matthews (kbm23_at_drexel.edu)
Date: 2002-08-24 17:58:04 UTC
Hi,
Thanks for the reply. I did try it without encryption, but it
didn't seem to make a difference. The output from "tcpdump -ni wlan0"
(produced using "nmap -sU kong") is:
13:40:39.988921 192.168.0.4 > 64.194.235.253: icmp: echo request
13:40:39.989931 192.168.0.4.41878 > 64.194.235.253.80: . ack 3414257864
win 3072
13:40:46.005231 192.168.0.4 > 64.194.235.253: icmp: echo request
13:40:46.006242 192.168.0.4.41879 > 64.194.235.253.80: . ack 2146067699
win 3072
13:40:52.020592 192.168.0.4 > 64.194.235.253: icmp: echo request
13:40:52.021609 192.168.0.4.41880 > 64.194.235.253.80: . ack 1275087489
win 3072
13:40:52.488850 129.25.9.167.49332 > 64.194.235.253.143: FP
4218169437:4218169448(11) ack 2793359896 win 33304 <nop,nop,timestamp
45950 16356444> (DF)
13:40:52.989122 129.25.9.167.49331 > 129.25.3.58.143: FP
3695708487:3695708498(11) ack 1706098811 win 33304 <nop,nop,timestamp
45951 98655201> (DF)
13:40:58.035113 192.168.0.4 > 64.194.235.253: icmp: echo request
13:40:58.036130 192.168.0.4.41881 > 64.194.235.253.80: . ack 4029370556
win 3072
13:41:04.046779 192.168.0.4 > 64.194.235.253: icmp: echo request
13:41:04.047795 192.168.0.4.41882 > 64.194.235.253.80: . ack 1583697515
win 3072
13:41:08.492097 129.25.9.167.49162 > 64.194.235.253.22: P
4122187920:4122188400(480) ack 3110810519 win 33304 <nop,nop,timestamp
45982 16366192> (DF) [tos 0x10]
I'm not sure what this means though. Thanks.
Jouni Malinen wrote:
>On Wed, Aug 21, 2002 at 12:28:13AM -0400, Kevin Matthews wrote:
>
>
>
>>wlan0 IEEE 802.11-DS ESSID:"Defender"
>> Mode:Master Frequency:2.462GHz Access Point: 00:03:2F:00:C5:D9
>> Encryption key:xxxx-xxxx-xx Encryption mode:restricted
>> Rx invalid nwid:0 Rx invalid crypt:29 Rx invalid frag:0
>> Tx excessive retries:86 Invalid misc:38 Missed beacon:0
>>
>>
>
>Have you tested this without WEP? At least some of the packets seem to
>have been encrypted incorrectly (Rx invalid crypt counter 29).
>
>
>
>>wlan0 Link encap:Ethernet HWaddr 00:03:2F:00:C5:D9
>> inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:1979 errors:0 dropped:7 overruns:0 frame:0
>> TX packets:65 errors:4 dropped:0 overruns:0 carrier:0
>>
>>
>
>At least the driver seems to be receiving some packets..
>
>
>
>>wlan0: authentication: 00:30:65:02:b0:18 len=6, auth_alg=1,
>>auth_transaction=1, status_code=0, fc=0x00b0
>>wlan0: new STA 00:30:65:02:b0:18
>>wlan0: authentication: 00:30:65:02:b0:18 len=136, auth_alg=1,
>>auth_transaction=3, status_code=0, fc=0x40b0
>>wlan0: STA 00:30:65:02:b0:18 authenticated
>>wlan0: association request: from 00:30:65:02:b0:18 to 00:03:2f:00:c5:d9
>>len=20
>> capability=0x0011, listen_interval=1 - new AID 1
>>
>>
>
>The authentication was using 'shared key' algorithms, so it would seem
>that WEP is working fine. In addition, association succeeded so
>everything should be ready for data transmit.
>
>Have you checked with 'tcpdump -ni wlan0' whether the AP is getting any
>packets when you send something from the associated station?
>
>
>