Forum

Hi all,

I have a Symbol 4131 and a recent wpa_supplicant / Marvell 8385 client and we're seeing some MIC failures flagged by the AP. We've had this kind of problem with a different client on the same AP before and tracked it down to firmware problems in both the AP and client.

In the past I used modified versions of hostapd and wpa_supplicant to verify I can reliably create MIC failures and detect them, pinpointing a specific packet on the hostapd side but it was all very hackish and messy.

I'm wondering if there are better tools to find out what's going on. Is there a specific AP that does extensive logging or a sniffer tool that can run side-by-side and find out exactly why the failures are happening? (Of course we're not allowed to spend any money right now). The failures appear on the coverage fringe so I'm assuming it's due to lost packets or some kind of sequencing error in the calculation of key material. I'm certain it's not a malicious attack of any kind since this is entirely in our test area and the client that creates the failure works fine in normal coverage.


Thanks,
Andrew

Not really an answer to your question, and definitely not timely, but the Univ. of New Hampshire Interoperability Lab (UNH-IOL) has some specific tests they run on clients and AP's for WPA, 802.1X security, and interoperability.
The discussion of their tests may be of help to you.
They use an older custom/proprietary Atheros PCMCIA card to generate custom packets. Take a look at http://www.iol.unh.edu/services/testing/wireless/testsuites/
and some of the test details.

Cisco Phones and some Intel chips are known to GENERATE MIC errors, and I know that some companies intentionally build their equipment to ignore received packets with MIC errors.

Hope this helps.

Thanks for the reply - in the mean time I've tracked down the problem and the vendor fixed it, if I remember correctly it was a race condition that led to incorrectly encrypted packets.

We used the UNH-IOL in the past and they were great to work with so I would highly recommend them for cases like this. They have a good test suite and their techs were very willing to do difficult setups on our proto devices.