Hi, I've the trouble related with the ETH type 0x888E. I cannot insert single MAC address because I'll move from several cisco and Netgear AP, but I've found this trouble seems related much more to Netgear than Cisco ( Cisco use WPA-TKIP while Netgear use WPA-PSK ). I tryed to use the RAW rule to permit all 0x888E packets ( see image ), but it's not matched: i match all time the last one deny rule. Any help ? I tryed to change ( from the rule I imported from forum ) the INBOUND and OUTBOUND field in the OFFSET to 6. This besause i supposed that using 2 byte in FIELD SIZE, also that field are related to 2 byte steps; source MAC + dest MAC = 12 bytes = 6 words made from 2 bytes. I would like to know more in deep the RAW rule edit ( not how to create the plugin ) Thanks in advance LUIGI PS: this software is just incredible, very very professional and useful
What is the problem with LnS and your WLAN? I assume you can not connect to the access point?? And you see a block of ETH packets in the logs?? I do not know, if this helps but I have seen ETH blocks also in my WLAN-PSK traffic. However, in my case this was not the cause of the connection problem! It was rather a problem of the shared key encryption/decryption. After solving this by a software update of my WLAN-client I could simply ignore the still appearing ETH packets in my logs, because the WLAN connection was OK anyhow.... And in my case these ETH packets disappeared after while... Thomas
Hi, my problem "seems" related with key re-negotiation. The connection work for some time ( several minutes ); after that I see a lot of packets ( filtered by last rule ) Type ethernet: 888E and the connection goes down. I tryed to allow all that type ( using the rule posted in the forum ) , but the rule is not matched. Thanks a lot Luigi
Yes, Yes this sounds familiar!! I could not create a rule to permit this type of packets in LnS. However, it had to do with my WLAN client software (D-Link) and maybe also with the prehistorical Win98SE... A driver update of my WLAN-client software helped. Do you also get the blocks, when data encryption is completely turned off at your WLAN-router ?? Maybe you can temporary turn off all encryption and see if your connection is stable. After maybe 30 minutes go back to WPA-PSK mode and see, if the problem comes back.... Thomas
Hi, In the field offset area of the plugin, inbound and outbound are offsets in "number of bytes" (not 32 bits words). So, a value of 12 shall be fine for the Ethernet Type. Could you may be provide a screen shot of a blocked packet (double clic on a log line to get it) ? In your raw rule, did you only edit the field 0 or also other fields ? Regards, JF
Hi, now all seems solved: I upgraded the firmware of the router and now i see these packets but they are corrctly logged thanks and regards Luigi