12-14-2019, 05:57 PM
I have following M1-4 EAPOL produced by aircrack, ordered by packet number according to wireshark (first column):
105686 22:43:29,145939 Key (Message 1 of 4) AP1->STA1
105692 22:43:29,145909 Key (Message 2 of 4) STA1->AP1
105694 22:43:29,145940 Key (Message 3 of 4) AP1->STA1
105696 22:43:29,145909 Key (Message 4 of 4) STA1->AP1
Timestamp is frame arrival value. Replay counter is 1/1/2/2, ANonces 1/3 are equal, no retransmission flags, no deauth, RX level is great.
Handshake looks legit to me and yet I feel like timestamp value is more relayable than packet number so it kinda bothers me. What am I missing? Please, advice.
105686 22:43:29,145939 Key (Message 1 of 4) AP1->STA1
105692 22:43:29,145909 Key (Message 2 of 4) STA1->AP1
105694 22:43:29,145940 Key (Message 3 of 4) AP1->STA1
105696 22:43:29,145909 Key (Message 4 of 4) STA1->AP1
Timestamp is frame arrival value. Replay counter is 1/1/2/2, ANonces 1/3 are equal, no retransmission flags, no deauth, RX level is great.
Handshake looks legit to me and yet I feel like timestamp value is more relayable than packet number so it kinda bothers me. What am I missing? Please, advice.