Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
wpa_capture [2008/01/26 17:37] – updated version and date fields mister_x | wpa_capture [2009/09/19 04:09] – "is using is using" changed to "is using" mister_x |
---|
The [[http://aircrack-ng.org|Wiki]] links page has a [[links#wpa_wpa2_information|WPA/WPA2 section]]. The best document describing WPA is [[http://www.hsc.fr/ressources/articles/hakin9_wifi/index.html.en|Wi-Fi Security - WEP, WPA and WPA2]]. This is the [[http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf|link]] to download the PDF directly. | The [[http://aircrack-ng.org|Wiki]] links page has a [[links#wpa_wpa2_information|WPA/WPA2 section]]. The best document describing WPA is [[http://www.hsc.fr/ressources/articles/hakin9_wifi/index.html.en|Wi-Fi Security - WEP, WPA and WPA2]]. This is the [[http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf|link]] to download the PDF directly. |
| |
To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All". This shows all the sections and fields expanded. You will need to scroll through the fields for each packet to locate the ones mentioned. See this [[http://aircrack-ng.org/doku.php?id=faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark. | To view the capture, use [[http://www.wireshark.org/|Wireshark]] to open it then "View" then "Expand All". This shows all the sections and fields expanded. You will need to scroll through the fields for each packet to locate the ones mentioned. See this [[faq#can_i_use_wireshark_ethereal_to_capture_802.11_packets|FAQ entry]] to learn how to use Wireshark. |
| |
The captures were done using an Ralink RT73 chipset and airodump-ng as the capture program. | The captures were done using an Ralink RT73 chipset and airodump-ng as the capture program. |
Up to this point, you will notice that the packets are identical between a successful and failed connection. | Up to this point, you will notice that the packets are identical between a successful and failed connection. |
| |
These are the first two of four "handshake" WPA packets. The AP sends out a packet with information that it expects the wireless client to send back properly encrypted with passphrase. Since the wireless client is using is using the wrong passphrase, it is incorrect. | These are the first two of four "handshake" WPA packets. The AP sends out a packet with information that it expects the wireless client to send back properly encrypted with passphrase. Since the wireless client is using the wrong passphrase, it is incorrect. |
| |
Notice that the AP initiates the four-way handshake by sending the first packet. | Notice that the AP initiates the four-way handshake by sending the first packet. |