WPA2-Passphrase - CCMP Mode

這裡記錄一下當使用者設定成WPA2-Passphrase - CCMP的時候，它的封包流程和內容長什麼樣子。

AP MAC Address: E8:C7:CF:AF:5C:C0
STA MAC Address: C4:04:15:22:64:9A

Security: WPA2 Personal
Cipher Suite: CCMP
Passphrase: 0987654321

#2946: The STA send Probe Request to AP.
(沒抓到): The AP feedback Probe Response to STA.
#2969: The STA send Authentication (request) to AP.
#2982: The AP feedback Authentication (response) to STA.
#2992: The STA send Association Request to AP.
#3004: The AP feedback Association Response to STA.
#3018, #3020, #3023, #3025: Unicast 4-Way handshaking.
#3028: Data packet; decrypted is a DHCP Request.

因為這一個案例是在Open Environment下抓的，並非在Sheilding Room / Box，所以有一些封包漏掉了，沒抓到！所以，我們就隨便找一個由AP所發出的Beacon封包：

#2941: The AP broadcast Beacon to ALL.

由上圖資訊可以得知：

• OUI: 00:0F:AC (IEEE 802.11 ；這是IEEE 802.11的OUI)
• RSN Version: 1
• Group Cipher Suite Type: AES (CCM) (4)
• Pairwise Cipher Suite Count: 1
• Pairwise Cipher Suite Type: AES (CCM) (4)
• Auth Key Management (AKM) Suite Count: 1
• Auth Key Management (AKM) Type: PSK (2)

這裡我們比對一下之前的WPA-PSK - TKIP Mode或是WPA-PSK - CCMP Mode，他是歸類在Tag: Vendor Specific: Microsoft Corp. : WPA Information Element (WPA Version: 1)；而在這裡的WPA2-Passphrase – CCMP Mode則是歸類在Tag: RSN Information (RSN Version: 1)。這是因為在IEEE 802.11i - 2004已經強制規範在WPA2 RSN (Roust Security Network，固安網路)為必要資訊，且強制使用CCMP的加密方式。

• RSN Capabilities:
• Management Frame Protection Required: False
• Management Frame Protection Capable: True

除此之外，IEEE 802.11i – 2004也規範MFP (Management Frame Protection，IEEE 802.11w)管理封包 (Management)的加密是有能力的 (Capable)。我們隨便選一個Data封包：

#3028: Data packet; decrypted is a DHCP Request.

這一個Data封包，一樣也有一個CCMP Parameters的欄位資訊，表示是由CCMP來加密。