On Wed, 2019-08-21 at 22:04 +0200, Josef Miegl wrote: > > The vendor elements are added at the very end of the frame. In fact I > tried moving the RSN IE to the end of the frame so that the frame is > similar to the one ubnt airos produces. No luck either. One thing I've > learned is that ubnt airos assoc req frames have the WMM/WME IE placed > before HT Capabilities. But I'm not sure how to move it and also not > sure if it would actually work. > > I am getting 4WAY_HANDSHAKE_TIMEOUT. From capturing I can see the > station sends Key (msg 2 of 4) and a bunch of acknowledgements, but it > never sends Key (msg 4 of 4) afterwards. > > I feel like I'm stuck.. What could be the reason for this behaviour? What AP are you trying to connect to? Have you tried adding some other random vendor IE, with an OUI that the AP is almost certain to not know? Maybe it's actually interpreting this somehow? Would you be willing to show sniffer captures so we could take a look? johannes
