N66U and Spanning Tree...

Discussion in 'ASUS N Routers & Adapters' started by sfx2000, Dec 26, 2012.

  1. sfx2000

    sfx2000 Very Senior Member

    Joined:
    Aug 11, 2011
    Messages:
    1,589
    Location:
    San Diego, CA
    Interesting observation on Wireshark...

    Have a neighbour with a new N66U AP - nice unit :)

    The box is configured with WPA2-PSK - but in a wireshark capture, something I noticed is that the box is sending out STP frames, and more importantly, sending them out TKIP, not AES.

    So a couple of questions:

    1) Why is the N66U sending out STP frames? Useful perhaps in Mesh WiFi networks, but useless in a home environment
    2) Why is a TKIP vector present in the STP frame?

    packet dump link (some vals changed to protect the innocent):

    https://dl.dropbox.com/u/2181814/N66u_STP_TKIP.txt

    Bug? Feature?
     
    Last edited: Dec 26, 2012
  2. Log in / Register to remove this ad

  3. housej55

    housej55 Occasional Visitor

    Joined:
    Dec 7, 2012
    Messages:
    14
    This is a good find sfx, was this unit running the stock Asus firmware?
     
  4. jsmiddleton4

    jsmiddleton4 Senior Member

    Joined:
    Dec 3, 2012
    Messages:
    238
    I turned STP off because my understanding of it is that when I just have one router it isn't needed. When I had a WDS system with 3 routers I did enable it.

    Now I guess doing so may not be a bad idea for other reasons.
     
  5. sfx2000

    sfx2000 Very Senior Member

    Joined:
    Aug 11, 2011
    Messages:
    1,589
    Location:
    San Diego, CA
    AFAIK - Yes...

    Makes is unique to fingerprint :)
     
    Last edited: Dec 26, 2012
  6. sfx2000

    sfx2000 Very Senior Member

    Joined:
    Aug 11, 2011
    Messages:
    1,589
    Location:
    San Diego, CA
    Don't need STP frames for WDS - different layer... STP is layer 3, WDS is layer 2...
     
  7. sfx2000

    sfx2000 Very Senior Member

    Joined:
    Aug 11, 2011
    Messages:
    1,589
    Location:
    San Diego, CA
    Bumping the thread - this is likely a security issue - if the primary is WPA2-AES, the STP frames being sent out TKIP is not very smart.

    IEEE 802.11 Data, Flags: .p....F.
    Type/Subtype: Data (0x20)
    Frame Control: 0x4208 (Normal)
    Version: 0
    Type: Data frame (2)
    Subtype: 0
    Flags: 0x42
    .... ..10 = DS status: Frame from DS to a STA via AP(To DS: 0 From DS: 1) (0x02)
    .... .0.. = More Fragments: This is the last fragment
    .... 0... = Retry: Frame is not being retransmitted
    ...0 .... = PWR MGT: STA will stay up
    ..0. .... = More Data: No data buffered
    .1.. .... = Protected flag: Data is protected
    0... .... = Order flag: Not strictly ordered
    Duration: 0
    Destination address: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00)
    BSS Id: 30:85:a9:xx:yy:zz (30:85:a9:xx:yy:zz)
    Source address: 30:85:a9:xx:yy:zz (30:85:a9:xx:yy:zz)
    Fragment number: 0
    Sequence number: 292
    TKIP parameters
    TKIP Ext. Initialization Vector: 0x00000007F200
    Key Index: 2
    Data (46 bytes)

    0000 fa 08 9d 79 79 c9 ac 3f 21 2d 47 7d bc 46 50 97 ...yy..?!-G}.FP.
    0010 25 02 e4 4d f1 d0 7a c8 34 07 86 34 f7 ad 5e eb %..M..z.4..4..^.
    0020 84 2d 30 c7 a2 a8 38 33 5e 96 24 46 c5 8f .-0...83^.$F..
    Data: fa089d7979c9ac3f212d477dbc4650972502e44df1d07ac8...
    [Length: 46]
     

Share This Page