LnS with wireless WPA

Discussion in 'LnS English Forum' started by Jacky69, Apr 29, 2005.

Thread Status:
Not open for further replies.
  1. Jacky69

    Jacky69 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    5
    Hi,
    I've the trouble related with the ETH type 0x888E.
    I cannot insert single MAC address because I'll move from several cisco and Netgear AP, but I've found this trouble seems related much more to Netgear than Cisco ( Cisco use WPA-TKIP while Netgear use WPA-PSK ).

    I tryed to use the RAW rule to permit all 0x888E packets ( see image ), but it's not matched: i match all time the last one deny rule. Any help ?

    I tryed to change ( from the rule I imported from forum ) the INBOUND and OUTBOUND field in the OFFSET to 6. This besause i supposed that using 2 byte in FIELD SIZE, also that field are related to 2 byte steps; source MAC + dest MAC = 12 bytes = 6 words made from 2 bytes.

    I would like to know more in deep the RAW rule edit ( not how to create the plugin )

    Thanks in advance

    LUIGI

    PS: this software is just incredible, very very professional and useful
     

    Attached Files:

  2. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    What is the problem with LnS and your WLAN? I assume you can not connect to the access point?? And you see a block of ETH packets in the logs??

    I do not know, if this helps but I have seen ETH blocks also in my WLAN-PSK traffic. However, in my case this was not the cause of the connection problem! It was rather a problem of the shared key encryption/decryption. After solving this by a software update of my WLAN-client I could simply ignore the still appearing ETH packets in my logs, because the WLAN connection was OK anyhow....

    And in my case these ETH packets disappeared after while...

    Thomas :)
     
  3. Jacky69

    Jacky69 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    5
    Hi,
    my problem "seems" related with key re-negotiation.
    The connection work for some time ( several minutes ); after that I see a lot of packets ( filtered by last rule ) Type ethernet: 888E and the connection goes down.

    I tryed to allow all that type ( using the rule posted in the forum ) , but the rule is not matched.

    Thanks a lot

    Luigi
     
  4. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Yes, Yes this sounds familiar!!
    I could not create a rule to permit this type of packets in LnS. However, it had to do with my WLAN client software (D-Link) and maybe also with the prehistorical Win98SE... A driver update of my WLAN-client software helped.

    Do you also get the blocks, when data encryption is completely turned off at your WLAN-router ?? Maybe you can temporary turn off all encryption and see if your connection is stable. After maybe 30 minutes go back to WPA-PSK mode and see, if the problem comes back....

    Thomas :)
     
  5. JF

    JF LnS Support

    Joined:
    Jan 12, 2003
    Posts:
    294
    Hi,

    In the field offset area of the plugin, inbound and outbound are offsets in "number of bytes" (not 32 bits words).
    So, a value of 12 shall be fine for the Ethernet Type.

    Could you may be provide a screen shot of a blocked packet (double clic on a log line to get it) ?

    In your raw rule, did you only edit the field 0 or also other fields ?

    Regards,
    JF
     
  6. Jacky69

    Jacky69 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    5
    Hi,
    now all seems solved: I upgraded the firmware of the router and now i see these packets but they are corrctly logged

    thanks and regards

    Luigi
     
Thread Status:
Not open for further replies.