On Wed, 2017-04-05 at 09:27 +0200, Thomas Thielemann wrote: > Hello! > > I need a solution to determine whether a WiFi is using WEP. I know > there is a protection flag within MAC frame but do not know how to > access. > > To detect whether a WiFi i protected by WPA2 I found the following > solution: > > Scan with > > nl_sock* socket = nl_socket_alloc(); > genl_connect(socket); > struct nl_msg* msg = nlmsg_alloc(); > int driverId = genl_ctrl_resolve(socket, "nl80211"); > genlmsg_put(msg, 0, 0, driverId, 0, 0, NL80211_CMD_TRIGGER_SCAN, 0); > > and fetch with > > genlmsg_put(msg, 0, 0, driverId, 0, NLM_F_DUMP, NL80211_CMD_GET_SCAN, > 0); > > Read the received structure using nl80211_bss:: > NL80211_BSS_INFORMATION_ELEMENTS from nl80211.h and > > examine the field RSN(id=48) (see IEEE802.11-2012.pdf, chapter 8.4.2 > Information elements) > > Which netlink command gives me the related data? Is it > NL80211_CMD_GET_BEACON? You want both the beacon (for the Privacy bit) and the information elements. If the privacy bit is set in beacon and there are no WPA/WPA2/RSN- related information elements, then the AP is using WEP. Unfortunately you don't know whether it's WEP-40 or WEP-104, but that's another topic. If the privacy bit is set, and there are WPA/WPA2/RSN information elements, then the AP *might* be using WEP in compatibility mode. This isn't very common though, so you can probably just ignore this case. Dan
