52
edits
WiFi module: Difference between revisions
Add information for handshake analysis
m (Add Wifi BSS package column description) |
(Add information for handshake analysis) |
||
| Line 66: | Line 66: | ||
The overview tab shows all information from the BSS table and also all MAC addresses of other BSS that are handled by the same physical device. | The overview tab shows all information from the BSS table and also all MAC addresses of other BSS that are handled by the same physical device. | ||
==== BSS-Client details ==== | |||
In the BSS subscribers list on the BSS details page, information for each subscriber in the BSS is shown. A subscriber is any MAC that has sent a unicast frame to the BSS. This table contains a "Handshakes seen" column which displays the number of handshake a client has attempted with the BSS. Clicking on the "Details" link leads to a new details page for the BSS/Client pair. | |||
This page displays information about the client profile and the most recent handshake. The client profile contains the decoded data transmitted by the client in a (re)association request frame. It contains information about the capabilities of the client (this includes supported operating frequencies, power saving mechanisms, cryptographic ciphers, beamforming information, ...). Each category is collapsible by clicking on the title text, and some of the categories are collapsed by default. | |||
The "Handshake" tab displays the most recently seen handshake (successful or not) as a flowchart diagram. The page consists of the diagram on the left side, and a details panel on the right side. Clicking on an element in the flowchart will populate the details panel with additional information about the frame (if available). To the left of the flowchart there are timestamps (in absolute and relative format) showing when a frame was sent. | |||
The handshake analysis also evaluates the correctness of the handshake. If a frame does not adhere to the IEEE802.11 specification (for example the client sends an association request before authenticating with the BSS) or a frame contains invalid information these frames will be marked as invalid. Frames that are technically allowed but unexpected at the current stage of the handshake (for example spurious probe requests after association) are marked as dubious. Dubious frames are unproblematic under normal circumstances. An invalid frame might be an indicator of a misconfigured wifi device or poor signal quality at the Allegro Multimeter's location. Incident rules can be created to trigger when invalid handshake frames are seen, or when a handshake fails (for whatever reason). | |||
The following details are displayed in the details panel: | |||
{| class="wikitable mw-collapsible mw-collapsed" | |||
|+Authentication | |||
|Authentication algorithm | |||
|The algorithm used for authentication with the BSS. Usually "Open Systen" indicates WPA2, and "SAE" indicates WPA3 | |||
|- | |||
|Sequence number | |||
|The current step in the authentication process | |||
|- | |||
|Status | |||
|The status code of the authentication | |||
|} | |||
{| class="wikitable mw-collapsible mw-collapsed" | |||
|+(Re)association response | |||
|Capabilities | |||
|A list of capabilities the responder has. This is an overview of the client profile of the responder | |||
|- | |||
|Status | |||
|The status code of the association | |||
|- | |||
|Association ID | |||
|An ID given to the client by the BSS, used in future reassociations. | |||
|} | |||
{| class="wikitable mw-collapsible mw-collapsed" | |||
|+Deauthentication / Disassociation | |||
|Reason | |||
|A code describing the reason why the client (was) deauthenticated/disassociated | |||
|} | |||
{| class="wikitable mw-collapsible mw-collapsed" | |||
|+EAPOL-Key | |||
|Descriptor version | |||
|Describes the cryptographic authentication and key management mechanism used in the handshake | |||
|- | |||
|Key type | |||
|Whether this frame is part of the 4-way handshake | |||
|- | |||
|Install | |||
|Whether the client shall install the key derived from this frame | |||
|- | |||
|Key Ack | |||
|Whether the client needs to respond to this frame | |||
|- | |||
|Key MIC | |||
|Whether or not this frame contains a MIC | |||
|- | |||
|Secure | |||
|Set to "true" once initial key exchange is complete (EAPOL-Key 3 and onwards) | |||
|- | |||
|Error | |||
|Whether an error occured during the handshake | |||
|- | |||
|Request | |||
|Set to "true" by the client when they request the initiation of a handshake | |||
|- | |||
|Encrypted Key Data | |||
|Whether the key data in this frame is encrypted | |||
|- | |||
|Key length | |||
|Length of the temporal key | |||
|- | |||
|Key replay counter | |||
|Number of exchanges carried out during this handshake | |||
|- | |||
|Key nonce, IV, RSC, MIC | |||
|Cryptographic values used in the key derivation | |||
|- | |||
|Key data length | |||
|Length of the key data (0 means no key data is present) | |||
|- | |||
|Key Data | |||
|Key Data | |||
|} | |||
=== Traffic processing === | === Traffic processing === | ||