Posted by: | dragorn |
---|---|
Subject: | identification of WPA etc |
Date: | 16:51:01 15/11/2006 |
>
> I was just wondering if I need to capture a large section of packets to hone the identification of the encryption type, or is this as accurate as it gets?
>
> I look forwards to your responses.
Encryption methods are pulled out of the WPA fields in the beacon frame. What you see is what it advertises.
If there is no WPA capabilities field in the beacon and the privacy bit is set then it's assumed to be legacy WEP. There is no method to derive the key length of a wep frame if the wep length isn't advertised in the WPA cipher.
-m