LnS with wireless WPA

Discussion in 'LnS English Forum' started by Jacky69, Apr 29, 2005.

Thread Status:
Not open for further replies.
  1. Jacky69

    Jacky69 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    5
    Hi,
    I've the trouble related with the ETH type 0x888E.
    I cannot insert single MAC address because I'll move from several cisco and Netgear AP, but I've found this trouble seems related much more to Netgear than Cisco ( Cisco use WPA-TKIP while Netgear use WPA-PSK ).

    I tryed to use the RAW rule to permit all 0x888E packets ( see image ), but it's not matched: i match all time the last one deny rule. Any help ?

    I tryed to change ( from the rule I imported from forum ) the INBOUND and OUTBOUND field in the OFFSET to 6. This besause i supposed that using 2 byte in FIELD SIZE, also that field are related to 2 byte steps; source MAC + dest MAC = 12 bytes = 6 words made from 2 bytes.

    I would like to know more in deep the RAW rule edit ( not how to create the plugin )

    Thanks in advance

    LUIGI

    PS: this software is just incredible, very very professional and useful
     

    Attached Files:

  2. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    What is the problem with LnS and your WLAN? I assume you can not connect to the access point?? And you see a block of ETH packets in the logs??

    I do not know, if this helps but I have seen ETH blocks also in my WLAN-PSK traffic. However, in my case this was not the cause of the connection problem! It was rather a problem of the shared key encryption/decryption. After solving this by a software update of my WLAN-client I could simply ignore the still appearing ETH packets in my logs, because the WLAN connection was OK anyhow....

    And in my case these ETH packets disappeared after while...

    Thomas :)
     
  3. Jacky69

    Jacky69 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    5
    Hi,
    my problem "seems" related with key re-negotiation.
    The connection work for some time ( several minutes ); after that I see a lot of packets ( filtered by last rule ) Type ethernet: 888E and the connection goes down.

    I tryed to allow all that type ( using the rule posted in the forum ) , but the rule is not matched.

    Thanks a lot

    Luigi
     
  4. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Yes, Yes this sounds familiar!!
    I could not create a rule to permit this type of packets in LnS. However, it had to do with my WLAN client software (D-Link) and maybe also with the prehistorical Win98SE... A driver update of my WLAN-client software helped.

    Do you also get the blocks, when data encryption is completely turned off at your WLAN-router ?? Maybe you can temporary turn off all encryption and see if your connection is stable. After maybe 30 minutes go back to WPA-PSK mode and see, if the problem comes back....

    Thomas :)
     
  5. JF

    JF LnS Support

    Joined:
    Jan 12, 2003
    Posts:
    294
    Hi,

    In the field offset area of the plugin, inbound and outbound are offsets in "number of bytes" (not 32 bits words).
    So, a value of 12 shall be fine for the Ethernet Type.

    Could you may be provide a screen shot of a blocked packet (double clic on a log line to get it) ?

    In your raw rule, did you only edit the field 0 or also other fields ?

    Regards,
    JF
     
  6. Jacky69

    Jacky69 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    5
    Hi,
    now all seems solved: I upgraded the firmware of the router and now i see these packets but they are corrctly logged

    thanks and regards

    Luigi
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.