I'm currently reading and practising with this WiFu book from Offensive Security
But i want to see what encryption type my network uses.. It may be because I'm blind but any other than that.. It should be anywhere in the IEEE 802.11 Headers or Frame Control fields but still can't find it -_- someone knows out of his head where it's located? Doesn't matter what Management Frame it is, from beacons to association responses i just want to know.. Any help?
On
Old thread, but to complete @Acienty's answer, I believe the tag in question is the RSN Information tag which I don't see present for WEP. Furthermore, in the Auth Key management (AKM) type: XXX You can see if it is WPA or WPA2 (PSK).
In other words:
-WPE ONLY : wlan.fc.type_subtype == 0x0008 && wlan.fixed.capabilities.privacy == 1 && !wlan.tag.number == 48 && !wlan.wfa.ie.type == 0x01
wlan.fc.type_subtype == 0x0008 : Looks only for beacons packetswlan.fixed.capabilities.privacy == 1 : Looks for encrypted connections (WEP or WPA but no open wifis)!wlan.tag.number == 48 : Removes packets with RSN information tags (I believe that those with WEP never have this tag - might be wrong)!wlan.wfa.ie.type == 0x01 : Removes packets Vendor specific WAP (I don't know if this is universal, but again, those with WEP don't have this)-WPA ONLY : wlan.fc.type_subtype == 0x0008 && wlan.fixed.capabilities.privacy == 1 && ((wlan.tag.number == 48 ) || (wlan.wfa.ie.type == 0x01))
-OPEN WIFI : wlan.fc.type_subtype == 0x0008 && wlan.fixed.capabilities.privacy == 0
I believe this is exhaustive, but I might be overlooking specific cases. I'll come back to this post if I have any updates for more precise filter expressions.
Nvm.. if the privacy bit is set to 1 in the capabilities field then it means it uses WEP but! The privacy bit can also be set to 1 while having encryption type WPA you can see whether WPA is used at the bottom of tagged parameters. If that parameter isn’t there it means you have WEP or either no encryption at all