Thanks! If the sequence is the following: 1. Prepare and execute NL80211_CMD_TRIGGER_SCAN 2. Prepare and execute NL80211_CMD_GET_SCAN Together with NL80211_CMD_GET_SCAN a callback is registered. In the callback the raw data are parsed as BSS. The IE's are parsed to. When do I have to fetch the beacon to get the right beacon but without lost of the scan result? After I fetched all scan results or immediately after the receive of every scan result? Regards, Thomas > Am 05.04.2017 um 19:24 schrieb Dan Williams <dcbw@xxxxxxxxxx>: > > On Wed, 2017-04-05 at 09:27 +0200, Thomas Thielemann wrote: >> Hello! >> >> I need a solution to determine whether a WiFi is using WEP. I know >> there is a protection flag within MAC frame but do not know how to >> access. >> >> To detect whether a WiFi i protected by WPA2 I found the following >> solution: >> >> Scan with >> >> nl_sock* socket = nl_socket_alloc(); >> genl_connect(socket); >> struct nl_msg* msg = nlmsg_alloc(); >> int driverId = genl_ctrl_resolve(socket, "nl80211"); >> genlmsg_put(msg, 0, 0, driverId, 0, 0, NL80211_CMD_TRIGGER_SCAN, 0); >> >> and fetch with >> >> genlmsg_put(msg, 0, 0, driverId, 0, NLM_F_DUMP, NL80211_CMD_GET_SCAN, >> 0); >> >> Read the received structure using nl80211_bss:: >> NL80211_BSS_INFORMATION_ELEMENTS from nl80211.h and >> >> examine the field RSN(id=48) (see IEEE802.11-2012.pdf, chapter 8.4.2 >> Information elements) >> >> Which netlink command gives me the related data? Is it >> NL80211_CMD_GET_BEACON? > > You want both the beacon (for the Privacy bit) and the information > elements. > > If the privacy bit is set in beacon and there are no WPA/WPA2/RSN- > related information elements, then the AP is using WEP. Unfortunately > you don't know whether it's WEP-40 or WEP-104, but that's another > topic. > > If the privacy bit is set, and there are WPA/WPA2/RSN information > elements, then the AP *might* be using WEP in compatibility mode. This > isn't very common though, so you can probably just ignore this case. > > Dan >
