iwconfig & iwpriv & WEP & WPA1/WPA2
2010-07-07 11:38
543 查看
##### Example wpa_supplicant configuration file ###############################
# # # Original Version # ---------------- # wpa_supplicant-0.2.3/wpa_supplicant.conf # # # To Reload Changees # ------------------ # killall -HUP wpa_supplicant # # To Generate the WPA network keys # -------------------------------- # wpa_passphrase "essid-of-the-ap" "the secret passphrase" # # To Install the wpa daemon # ------------------------- # wpa_supplicant -Bw [ -dd ] -c/etc/wpa_supplicant.conf -iath0 # # Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' # Reading configuration file '/etc/wpa_supplicant.conf' # ctrl_interface='/var/run/wpa_supplicant' # eapol_version=1 # Daemonize.. # # Trying to associate with <MAC-Address-of-AccessPoint> / # (SSID='Testing-ESSID' freq=2437 MHz) # WPA key negotiation completed with <MAC-Address-of-AccessPoint> # # # 21-Jun-04 amo Copied from wpa_supplicant-0.2.3/wpa_supplicant.conf # == # == comment out the example network blocks == # == # # Empty lines and lines starting with # are ignored # # NOTE! This file may contain password information and should probably be made # readable only by root user on multiuser systems. # global configuration (shared by all network blocks) # # Interface for separate control program. If this is specified, wpa_supplicant # will create a UNIX domain socket for listening to requests from external # programs (CLI/GUI, etc.) for status information and configuration. Access # control for this control interface can be configured by creating the socket # in a directory that is readable only for desired users. ctrl_interface=/var/run/wpa_supplicant # IEEE 802.1X/EAPOL version # wpa_supplicant was implemented based on IEEE 802-1X-REV-d8 which defines # EAPOL version 2. However, there are many APs that do not handle the new # version number correctly (they seem to drop the frames completely). In order # to make wpa_supplicant interoperate with these APs, the version number is set # to 1 by default. This configuration value can be used to set it to the new # version (2). eapol_version=1 # network block # # Each network (usually AP's sharing the same SSID) is configured as a separate # block in this configuration file. The network blocks are in preference order # (the first match is used). # # network block fields: # # ssid: SSID (mandatory); either as an ASCII string with double quotation or # as hex string; network name # # scan_ssid: # 0 = do not scan this SSID with specific Probe Request frames (default) # 1 = scan with SSID-specific Probe Request frames (this can be used to # find APs that do not accept broadcast SSID or use multiple SSIDs; # this will add latency to scanning, so enable this only when needed) # # bssid: BSSID (optional); if set, this network block is used only when # associating with the AP using the configured BSSID # # proto: list of accepted protocols # WPA = WPA/IEEE 802.11i/D3.0 # RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) # If not set, this defaults to: WPA RSN # # key_mgmt: list of accepted authenticated key management protocols # WPA-PSK = WPA pre-shared key (this requires 'psk' field) # WPA-EAP = WPA using EAP authentication (this can use an external # program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically # generated WEP keys # NONE = WPA is not used; plaintext or static WEP could be used # If not set, this defaults to: WPA-PSK WPA-EAP # # pairwise: list of accepted pairwise (unicast) ciphers for WPA # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] # NONE = Use only Group Keys (deprecated, should not be included if APs support # pairwise keys) # If not set, this defaults to: CCMP TKIP # # group: list of accepted group (broadcast/multicast) ciphers for WPA # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] # WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key # WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11] # If not set, this defaults to: CCMP TKIP WEP104 WEP40 # # psk: WPA preshared key; 256-bit pre-shared key # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be # generated using the passphrase and SSID). ASCII passphrase must be between # 8 and 63 characters (inclusive). # This field is not needed, if WPA-EAP is used. # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant # startup and reconfiguration time can be optimized by generating the PSK only # only when the passphrase or SSID has actually changed. # # eapol_flags: IEEE 802.1X/EAPOL options (bit field) # Dynamic WEP key require for non-WPA mode # bit0 (1): require dynamically generated unicast WEP key # bit1 (2): require dynamically generated broadcast WEP key # (3 = require both keys; default) # # Following fields are only used with internal EAP implementation. # eap: space-separated list of accepted EAP methods # MD5 = EAP-MD5 (unsecure and does not generate keying material -> # cannot be used with WPA) # MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used # as a Phase 2 method with EAP-PEAP) # TLS = EAP-TLS (client and server certificate) # PEAP = EAP-PEAP (with tunnelled MSCHAPV2) # TTLS = EAP-TTLS (with tunnelled EAP-MD5-Challenge) # If not set, all compiled in methods are allowed. # # identity: Identity string for EAP # anonymous_identity: Anonymous identity string for EAP (to be used as the # unencrypted identity with EAP types that support different tunnelled # identity, e.g., EAP-TTLS) # password: Password string for EAP # ca_cert: File path to CA certificate file. This file can have one or more # trusted CA certificates. If ca_cert is not included, server certificate # will not be verified. This is insecure and the CA file should always be # configured. # client_cert: File path to client certificate file # private_key: File path to client private key file # private_key_passwd: Password for private key file # phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters # (string with field-value pairs, e.g., "peapver=0") # phase2: Phase2 (inner authentication with TLS tunnel) parameters # (string with field-value pairs, e.g., "auth=MSCHAPV2") # Following certificate/private key fields are used in inner Phase2 # authentication when using EAP-TTLS or EAP-PEAP. # ca_cert2: File path to CA certificate file. This file can have one or more # trusted CA certificates. If ca_cert2 is not included, server # certificate will not be verified. This is insecure and the CA file # should always be configured. # client_cert2: File path to client certificate file # private_key2: File path to client private key file # private_key2_passwd: Password for private key file # # # 21-Jun-04 amo Define the WPA network # # Get the psk from the following: # wpa_passphrase "essid-of-the-ap" "the secret passphrase" # # # # Only WPA-PSK is used. Any valid cipher combination is accepted. # network={ ssid="Testing-ESSID" # # if proto is not defined, defaults to: WPA RSN proto=WPA # # if key_mgmt is not defined, defaults to: WPA-PSK WPA-EAP key_mgmt=WPA-PSK # # if pairwise is not defined, defaults to: CCMP TKIP pairwise=CCMP TKIP # # if group is not defined, defaults to: CCMP TKIP WEP104 WEP40 group=CCMP TKIP WEP104 WEP40 # # if eap is not defined, defaults to: MD5 MSCHAPV2 TLS PEAP TTLS # # psk: WPA preshared key - not needed if wpa-eap is used #psk="my secret pass phrase" psk=03101c71c6abf8827293f44d7c13883ec83214fab8ab4069eec737508a7c220a } #xx #xx # Example blocks: #xx #xx # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers #xx network={ #xx ssid="simple" #xx psk="very secret passphrase" #xx } #xx #xx # Same as previous, but request SSID-specific scanning (for APs that reject broadcast SSID) #xx network={ #xx ssid="second ssid" #xx scan_ssid=1 #xx psk="very secret passphrase" #xx } #xx #xx # Only WPA-PSK is used. Any valid cipher combination is accepted. #xx network={ #xx ssid="example" #xx proto=WPA #xx key_mgmt=WPA-PSK #xx pairwise=CCMP TKIP #xx group=CCMP TKIP WEP104 WEP40 #xx psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb #xx } #xx #xx # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 #xx # or WEP40 as the group cipher will not be accepted. #xx network={ #xx ssid="example" #xx proto=RSN #xx key_mgmt=WPA-EAP #xx pairwise=CCMP TKIP #xx group=CCMP TKIP #xx eap=TLS #xx identity="user@example.com" #xx password="foobar" #xx ca_cert="/etc/cert/ca.pem" #xx client_cert="/etc/cert/user.pem" #xx private_key="/etc/cert/user.prv" #xx private_key_passwd="password" #xx } #xx #xx # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the #xx # unencrypted use. Real identity is sent only within an encrypted TLS tunnel. #xx network={ #xx ssid="example" #xx key_mgmt=WPA-EAP #xx eap=TTLS #xx identity="user@example.com" #xx anonymous_identity="anonymous@example.com" #xx password="foobar" #xx ca_cert="/etc/cert/ca.pem" #xx } #xx #xx # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted #xx # use. Real identity is sent only within an encrypted TLS tunnel. #xx network={ #xx ssid="example" #xx key_mgmt=WPA-EAP #xx eap=TTLS #xx identity="user@example.com" #xx anonymous_identity="anonymous@example.com" #xx password="foobar" #xx ca_cert="/etc/cert/ca.pem" #xx phase2="auth=MSCHAPV2" #xx } #xx #xx # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner #xx # authentication. #xx network={ #xx ssid="example" #xx key_mgmt=WPA-EAP #xx eap=TTLS #xx # Phase1 / outer authentication #xx anonymous_identity="anonymous@example.com" #xx ca_cert="/etc/cert/ca.pem" #xx # Phase 2 / inner authentication #xx phase2="autheap2=TLS" #xx ca_cert2="/etc/cert/ca2.pem" #xx client_cert2="/etc/cer/user.pem" #xx private_key2="/etc/cer/user.prv" #xx private_key2_passwd="password" #xx } #xx #xx # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and #xx # group cipher. #xx network={ #xx ssid="example" #xx bssid=00:11:22:33:44:55 #xx proto=WPA RSN #xx key_mgmt=WPA-PSK WPA-EAP #xx pairwise=CCMP #xx group=CCMP #xx psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb #xx } #xx #xx # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP #xx # and all valid ciphers. #xx network={ #xx ssid=00010203 #xx psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f #xx } #xx #xx #xx # EAP-SIM with a GSM SIM or USIM #xx network={ #xx ssid="eap-sim-test" #xx key_mgmt=WPA-EAP #xx eap=SIM #xx pin="1234" #xx pcsc="" #xx } #xx #xx #xx # IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using #xx # EAP-TLS for authentication and key generation; require both unicast and #xx # broadcast WEP keys. #xx network={ #xx ssid="1x-test" #xx key_mgmt=IEEE8021X #xx eap=TLS #xx identity="user@example.com" #xx ca_cert="/etc/cert/ca.pem" #xx client_cert="/etc/cert/user.pem" #xx private_key="/etc/cert/user.prv" #xx private_key_passwd="password" #xx eapol_flags=3 #xx } #xx #xx #xx # Plaintext connection (no WPA, no IEEE 802.1X) #xx network={ #xx ssid="plaintext-test" #xx key_mgmt=NONE #xx } #xx #xx #xx # Shared WEP key connection (no WPA, no IEEE 802.1X) #xx network={ #xx ssid="static-wep-test" #xx key_mgmt=NONE #xx wep_key0="abcde" #xx wep_key1=0102030405 #xx wep_key2="1234567890123" #xx wep_tx_keyidx=0 #xx } # # End of file
相关文章推荐
- 无线网络安全讨论-wep&wpa&wpa2
- WEP WPA/WPA2 WPA-PSK/WPA2-PSK的相互关系
- Cracking WEP and WPA Wireless Networks(破解WEP&WPA)
- WEP、WPA和WPA2的区别
- wpa_supplicant对wep,wpa,wpa2的psk和隐藏ap的scan_ssid扫描配置
- wpa_supplicant对wep,wpa,wpa2的psk和隐藏ap的scan_ssid扫描配置
- WEP,WPA-PSK,WPA2-PSK握手深入分析1
- hostapd & wpa_supplicant & iwconfig & iw
- wpa_supplicant对wep,wpa,wpa2的psk和隐藏ap的scan_ssid扫描配置
- WEP&WPA Cracking on BT5/MAC [转]
- WEP、WPA和WPA2的区别
- WEP,WPA-PSK,WPA2-PSK握手深入分析3--wpa_supplicant代码分析-扫描
- 无线路由器加密三种安全类型:WPA-PSK/WPA2-PSK、WPA/WPA2 以及WEP
- WEP、WPA和WPA2的区别
- 无线网卡加密方式wep wpa/wpa2 介绍
- WEP,WPA-PSK,WPA2-PSK握手深入分析2--TKIP加密和解密
- WEP,WPA-PSK,WPA2-PSK握手深入分析2--CCMP(AES)加密和解密
- WEP&WPA Cracking on BT5/MAC
- WEP&WPA Cracking on BT5/MAC [转]
- wpa_supplicant对wep,wpa,wpa2的psk和隐藏ap的scan_ssid扫描配置