2
I would like to make a list of the simplest/fastest way to check if a WiFi network has WPS enabled. Until now, this is the compilation:
- Windows:
- GUI: [Don't know]
- Command line: [Don't know. There are commands for WiFi management in Windows Vista and above, but I think they don't deal with WPS]
- Linux:
- GUI: [Don't know]
- Command line:
- wash (included in Reaver WPS) --> not working OK with several NICs.
- EAPScan: "eapscan -i mon0 -b aa:bb:cc:dd:ee:ff -e MyWiFiAP --check-wps" (network by network, once each time :-( ).
- Android:
- GUI:
- Android Setup --> WiFi Networks --> Fantastic. Simple and working fine.
- InSSIDer (not free since v4) --> Very good, too.
- Command line:
- wpa_cli --> Try to connect using "wps_reg xx:xx:xx:xx:xx:xx 12345678". A stupid method.
- GUI:
I will edit this post to add the best/acceptable results (if we find them ;-) ).
· Edit: Added new method for Linux CLI: EAPScan from EAPeak Suite.
1
Andre Gasser's blog entry has a way to use wireshark to filter by WPS state: http://blog.andregasser.net/?p=243 Not sure if the approach would work under Windows, but might be another tool/way to do what you're looking to do.
– JSanchez – 2014-02-07T16:51:41.893Indeed, this wireshark filter reveals that WPS is enabled: "wps.wifi_protected_setup_state == 2". I am not very experienced at bash scripts: would it be possible to make a simple program/script that captures live WiFi network traffic and shows (only once per ESSID/BSSID) the network name (ESSID/BSSID) of the corresponding packet?I don't know if this is what Wash (Reaver for Linux) does, but as long as we don't have better solutions, we could use it as a generic method. It could even work on Windows or Android. – Sopalajo de Arrierez – 2014-02-08T00:31:34.280
It should work in Windows or whichever platform Wireshark supports, as long as there's a driver to put the NIC into "promiscuous" mode. Wish I could help you with the bash script, but it has been a while. But if you're OK with it, I could make the comment into an answer. :-) – JSanchez – 2014-02-08T00:41:05.417
No problem for me. Maybe then someone more expertised will help us with the script for a live identification of WPS capable networks. A possible way could be the request of some parsing of data from airodump-ng (live capture or file dump). Or asking about the possibility of using EAPScan, even when it seems to work in a different way. – Sopalajo de Arrierez – 2014-02-08T01:14:41.773