Ethereal-users: Re: [Ethereal-users] WPA AES Malformed Group key EAPOL ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 25 Jan 2004 17:54:27 -0800
On Sun, Jan 25, 2004 at 05:43:52PM -0800, mmmgrrrl wrote:
>          However, I'm curious about why ethereal indicates that the group
>          key eapol sent from my AP to my pc is MALFORMED. 

It does so because it interprets a WPA key as 802.11 tagged parameters,
which means they have to be in the form

	1-byte tag number
	1-byte tag length
	N-byte tag value, where N is the tag length

and, with that interpretation of the data in the key, that's a tag
number of 0x89, which is 137, and a tag length of 0xD4, which is 212,
but there aren't 212 bytes of data in the packet.

Either

	1) that WPA key *shouldn't* be interpreted as 802.11 tagged
	   parameters;

	2) some tagged parameters don't start with a 1-byte tag number
	   and 1-byte tag length;

	3) that data isn't a WPA key (perhaps the offset in the packet
	   is wrong when it dissects the WPA key).