Ran into an interesting situation with Kismet and Airmon-ng while observing a client wireless network.
Basically, I'm observing the network using airmon-ng, and I have my BSSID and frequency set to the specific network I'm looking at. When I view the airmon output (the .csv file with several columns like BSSID, first time seen, channel, speed, etc) it has "WPA WEP OPN" in the 'Privacy' column, and "WEP" in the 'cipher' column. Even more curious, the 'Authentication' column had nothing in it. I've never seen this before, and was wondering if the InfoSec crowd had seen it.
Looks like this:
|Last time seen |channel |Speed |Privacy |Cipher |Authentication
|<Date and Time> |6 |54 |WPA WEP OPN |WEP |<blank>
A bit of background:
- The network itself is an ad-hoc network, which is being used to support a mesh network.
- The vendor encryption is poorly documented, but is said to use '256 bit AES'. Doesn't mention if it's WEP or WPA, which is why I'm concerned.
- Before pulling it up in airmon-ng, I used a Windows computer to just view it.. Shows up as 'WEP' in inSSIDer, no mention of WPA.
If anyone has seen this before, I'd appreciate the help. Thanks!
Mike