Dear all,
I have setup a RADIUS server (freeradius of course) with an
authenticator (hostapd 0.4.7) and a supplicant (wpa_supplicant 0.4.7).
Both the last two use hostap-driver 0.4.7.
I am using EAP-TLS (client and server certificates generated by the
CA.all script included in freeradius) with RSN (CCMP). I am not sure if
something is wrong in the authentication process. The problem is that it
is taking too little time for the authentication process to complete. In
the attached file you can see one authentication process captured using
kismet and then parsed with Ethereal. As you cane see the time from
Assoc. resp to the first encrypted data packet is only 222 msec. About a
year ago it was of the order of one second (and all the literature says
so). Has WPA2 improved the authentication time so much? Am I doing
something wrong in setting up EAP-TLS?
Your help is very much appreciated.
Thank you,
Andrea
No. Time Source Destination Protocol Info
3037 10.711982 LinksysG_18:f4:9d LinksysG_15:ab:62 IEEE 802.11
Probe Response, SSID: "test"
Frame 3037 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3060 10.774339 LinksysG_18:f4:9d LinksysG_15:ab:62 IEEE 802.11
Probe Response, SSID: "test"
Frame 3060 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3061 10.777773 LinksysG_18:f4:9d LinksysG_15:ab:62 IEEE 802.11
Probe Response, SSID: "test"
Frame 3061 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3062 10.782807 LinksysG_18:f4:9d LinksysG_15:ab:62 IEEE 802.11
Probe Response, SSID: "test"
Frame 3062 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3091 10.927769 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11
Authentication
Frame 3091 (30 bytes on wire, 30 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3093 10.929806 LinksysG_18:f4:9d LinksysG_15:ab:62 IEEE 802.11
Authentication
Frame 3093 (30 bytes on wire, 30 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3095 10.930709 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11
Association Request, SSID: "test"
Frame 3095 (62 bytes on wire, 62 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3098 10.932869 LinksysG_18:f4:9d LinksysG_15:ab:62 IEEE 802.11
Association Response
Frame 3098 (36 bytes on wire, 36 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame
No. Time Source Destination Protocol Info
3107 10.970317 LinksysG_18:f4:9d LinksysG_15:ab:62 EAP
Request, Identity [RFC3748]
Frame 3107 (46 bytes on wire, 46 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3111 10.983395 LinksysG_18:f4:9d LinksysG_15:ab:62 EAP
Request, EAP-TLS [RFC2716] [Aboba]
Frame 3111 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3118 11.017082 LinksysG_15:ab:62 LinksysG_18:f4:9d TLS Client
Hello
Frame 3118 (142 bytes on wire, 142 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3122 11.027284 LinksysG_18:f4:9d LinksysG_15:ab:62 TLS Server
Hello, Certificate, Certificate Request, Server Hello Done
Frame 3122 (1070 bytes on wire, 1070 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3124 11.032757 LinksysG_15:ab:62 LinksysG_18:f4:9d EAP
Response, EAP-TLS [RFC2716] [Aboba]
Frame 3124 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3127 11.038553 LinksysG_18:f4:9d LinksysG_15:ab:62 TLS Server
Hello, Certificate, Certificate Request, Server Hello Done
Frame 3127 (483 bytes on wire, 483 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3131 11.059361 LinksysG_15:ab:62 LinksysG_18:f4:9d TLS
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec,
Encrypted Handshake Message
Frame 3131 (1444 bytes on wire, 1444 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3138 11.081295 LinksysG_18:f4:9d LinksysG_15:ab:62 EAP
Request, EAP-TLS [RFC2716] [Aboba]
Frame 3138 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3140 11.083268 LinksysG_15:ab:62 LinksysG_18:f4:9d TLS
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec,
Encrypted Handshake Message
Frame 3140 (308 bytes on wire, 308 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3149 11.094655 LinksysG_18:f4:9d LinksysG_15:ab:62 TLS Change
Cipher Spec, Encrypted Handshake Message
Frame 3149 (105 bytes on wire, 105 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3151 11.103162 LinksysG_15:ab:62 LinksysG_18:f4:9d EAP
Response, EAP-TLS [RFC2716] [Aboba]
Frame 3151 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3154 11.106911 LinksysG_18:f4:9d LinksysG_15:ab:62 EAP Success
Frame 3154 (40 bytes on wire, 40 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3156 11.107979 LinksysG_18:f4:9d LinksysG_15:ab:62 EAPOL Key
Frame 3156 (131 bytes on wire, 131 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3160 11.116155 LinksysG_15:ab:62 LinksysG_18:f4:9d EAPOL Key
Frame 3160 (153 bytes on wire, 153 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3162 11.123636 LinksysG_18:f4:9d LinksysG_15:ab:62 EAPOL Key
Frame 3162 (187 bytes on wire, 187 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication
No. Time Source Destination Protocol Info
3195 11.154024 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11 Data
Frame 3195 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)
0000 ac 81 63 5f 1f 6b 2b ca c9 f2 db 37 5d 74 fc 18 ..c_.k+....7]t..
0010 94 44 ac 48 4a f5 1b 57 97 63 4c ef 07 57 22 02 .D.HJ..W.cL..W".
0020 7c 65 5a cd 66 6b ca 5c c3 83 da c5 9d 40 ca |[EMAIL PROTECTED]
No. Time Source Destination Protocol Info
3196 11.154749 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11 Data
Frame 3196 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)
0000 ac 81 63 5f 1f 6b 2b ca c9 f2 db 37 5d 74 fc 18 ..c_.k+....7]t..
0010 94 44 ac 48 4a f5 1b 57 97 63 4c ef 07 57 22 02 .D.HJ..W.cL..W".
0020 7c 65 5a cd 66 6b ca 5c c3 83 da c5 9d 40 ca |[EMAIL PROTECTED]
No. Time Source Destination Protocol Info
3197 11.157232 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11 Data
Frame 3197 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)
0000 ac 81 63 5f 1f 6b 2b ca c9 f2 db 37 5d 74 fc 18 ..c_.k+....7]t..
0010 94 44 ac 48 4a f5 1b 57 97 63 4c ef 07 57 22 02 .D.HJ..W.cL..W".
0020 7c 65 5a cd 66 6b ca 5c c3 83 da c5 9d 40 ca |[EMAIL PROTECTED]
No. Time Source Destination Protocol Info
3198 11.172835 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11 Data
Frame 3198 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)
0000 1d 51 9a 06 06 80 33 80 dc d1 aa 9b 3b c7 c5 b6 .Q....3.....;...
0010 3c c8 5b ec 78 af a8 0d f1 ba 0f f8 a5 a7 b2 50 <.[.x..........P
0020 03 e6 1f e8 0f e5 66 f5 5b 9d 11 de 99 b8 b3 ......f.[......
No. Time Source Destination Protocol Info
3212 11.192806 LinksysG_15:ab:62 LinksysG_18:f4:9d IEEE 802.11 Data
Frame 3212 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)
0000 b3 bb a4 d0 7a eb 53 51 55 39 93 18 fa 83 2d 21 ....z.SQU9....-!
0010 85 9d 55 a3 eb 9f 93 7d b7 9e 72 04 ee 49 ef 0b ..U....}..r..I..
0020 8d 62 f9 54 d0 b9 85 02 87 f2 e8 36 6e 76 ee .b.T.......6nv.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html