WPA-PSK - TKIP Mode

這裡記錄一下當使用者設定成WPA-PSK - TKIP的時候，它的封包流程和內容長什麼樣子。

AP MAC Address: 00:12:0E:C1:D7:08
STA MAC Address: C0:FF:D4:D4:E9:BA

Security: WPA1 Personal
Cipher Suite: TKIP
Pre-Shared Key: 0987654321

#292: The STA send Probe Request to AP.
#300: The AP feedback Probe Response to STA.
#294: The STA send Authentication (request) to AP.
#302: The AP feedback Authentication (response) to STA.
#304: The STA send Association Request to AP.
#306: The AP feedback Association Response to STA.
#332, #334, #336, #338: Unicast 4-Way handsharking.
#340, #342: Multicast / Broadcast 2-Way hsndsharking.

#294: The STA send Authentication (request) to AP.

#302: The AP feedback Authentication (response) to STA.

由Authentication SEQ分別為0x0001和0x0002可以得知AP和STA之間認證成功；但是會帶RSN-IE的４種封包當中，與AP有關的是Beacon和Probe Response。所以，我們回過頭來檢查一下Probe Response：

#300: The AP feedback Probe Response to STA.

由上圖資訊可以得知：

• OUI: 00:50:F2 (Microsoft Corp. ；這是微軟的OUI)
• WPA Version: 1
• Multicast Cipher Suite Type: TKIP (2)
• Unicast Cipher Suite: TKIP (2)
• Authentication Key Management Type: PSK (2)

而IEEE 802.11是如何規範Unicast / Multicast Cipher Suite Type 的？

Authentication Key Management Type的部份：

我們隨便檢查一個Data封包：

會發現多了一個TKIP Parameters欄位，代表這一個封包的Cipher Suite是用TKIP；因為TKIP有向下相容於WEP，所以依樣會有Initialization Vector (初始化向量)和Key Index (金鑰索引)的欄位資訊。因為這個封包已經經過WireShark來解密，所以可以得知這是一個DHCP Ack封包。

Refer: CWSP – TKIP Encryption Method