WPA vs. WEP when sniffing with a known key

[Irongeek]

I just wanted to make sure I’ve got this straight. I’ve been doing some tests and I’m not sure everything is set right so tell me if my results are wrong.

No WPE or WPA all clients can sniff each other on the WAP.

With WEP only others that are using the WEP key can sniff each other.

With WPA no one sniffs can sniff each other, even if they are connecting to the same WAP and use the same PSK.

[thehorse13]

Correct, because of the dynamic key exchange. I take it you have TKIP set on your WPA clients?

[Irongeek]

As I understand it, yes.

[thehorse13]

Good. This is what powers the key exchange. I'm not sure of the default but its something insane like once every 15 seconds new keys are negotiated.

[Irongeek]

Now if only I could get my old hermes card to work with WPA.

[dmorgan]

I believe that TKIP generates a new key for every packet. I have been reading up on this lately. Althought that does seem a little insane... Also, I believe that each packet is given a 48-bit 'serial number' (for lack of a better work) each 'serial number' is part of both the IV and key.
Each time a new client connects, a new base key (Pairwise Transient Key or PTK) is generated, and the 'serial number' generation is different(this also depends on the client's MAC address). Wouldn't this essentially be a 48-bit one time pad for each packet ? (please correct me if I do not understand this all the way)

this is how I understand it, anyways, so no. WPA cannot sniff each other due to the 'serial number' and the base key that is generated for each new client.

[ammo]

Humm, interesting;
On my linksys wrt55g, I have the option with WPA of either TKIP or AES.
Now does the inability to cross-sniff only come from TKIP and the per association keying or does it also prevent it with AES?


Ammo

[d0ppy]

Having never really played with WPA, I am still a bit fuzzy on it's specifics. Obviously, it prevents a single machine from just going promiscuous... The network is still vulnerable to a more active sniffing attack, such as ARP poisoning, correct?

[dmorgan]

First off, let me correct some of myself. Any Wi-Fi card in promiscous mode can sniff radio waves (as long as said card supports the protocol). It is just a matter of decrypting the packets. As with TKIP, the MIC (message integrity check) is encrypted within the packet as opposed to appended to (as with WEP's Integrity Check value, or ICV). This, in combination with TKIP using a new key every packet, means that essentially, no. ARP poisoning is much, much harder to do. The only things that aren't encrypted are source IP and Destination IP (for most packets) including ARP replies. TKIP has protection against replay attacks, meaning each packet has a new key, so you can't use the key that the packet 1 second ago used (even if you could decrypt it in time)
The only things that aren't encrypted are source IP and Destination IP (for most packets).

AES has group key changing policy. Meaning that the key changes every so often for ( not sure if it's everyone in the group or a 1 by 1 basis. I'm assuming it is a 1 by 1 basis, need to read more RFCs on EAP and RADIUS and what not )

Still reading on it though... interesting stuff.

[Irongeek]

I pretty sure promiscous mode does not look at the radio waves, you need RFMon for that. With promiscous you only get what's goin to anf from your WAP, with RFMon (Monitor mode) you see all the traffic to all the WAPs in the area. Correct me it I'm wrong.