• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Rowell Dionicio

Get Techie With It

  • Home
  • About
  • Resources
    • Archives
    • Book List
    • YouTube
  • Learn
    • DevNet Associate
    • PCNSA Certified
  • Blog
  • Contact
  • Show Search
Hide Search

Identifying OWE Transition Mode with Wireshark

August 8, 2019 By Rowell 2 Comments

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on facebook
Share on FB
Share on email
Email

Opportunistic Wireless Encryption (OWE) will hopefully start entering the market to help secure open wireless networks. We’re getting a glimpse of it through Aruba Networks and Cisco.

With the C9800-CL and C9115 AP, I was able to get basic configuration done to enable OWE Transition Mode.

OWE Transition Mode is meant to provide a sort of backwards compatibility. A transition to OWE networks.

The way OWE Transition Mode works is by utilizing two SSIDs. One is an open SSID. No security parameters at all. The second SSID is hidden, has Protected Management Frames (PMF) required and has OWE enabled under WPA parameters.

Why do you need two SSIDs for OWE Transition Mode? Because there will be devices that do not support OWE yet. In this case, the non-OWE compatible device associates with the open SSID. If an OWE-compatible device associates to the open SSID, it will be told to associate to the OWE hidden SSID.

How do we spot this within the frames?

With a frame capture, we’re looking for Beacon frames to indicate if the WLAN supports OWE.

You can use a filter to find all Beacon frames:

wlan.fc.type_subtype == 8

A WLAN support OWE Transition Mode will simply be an open SSID containing no RSN Information Element. What you should be able to find is a Wi-Fi Alliance: OWE Transition Mode Information Element.

There are a few details to go over here. For one, you see that it is a vendor specific tag that says OWE Transition Mode.

More importantly, there is a BSSID and SSID listed. If you look near the top of the image above, we’re looking at a Beacon frame for SSID McFurly-OWETM.

Within the OWE Transition Mode information element, the actual OWE SSID is identified. In this case it is McFurly-OWE. That is the hidden ssid. That piece is how we transition an OWE-compatible device to the OWE only SSID.

The Beacon of OWE

Next, we look within the Beacon frame of the hidden SSID. To secure this open SSID it will be configured with WPA parameters using AES and Opportunistic Wireless Encryption (OWE). It will also contain the OWE information element as well.

The image above is the Beacon of the hidden SSID supporting OWE. Notice the SSID parameter is.. hidden. We’ll get into how we know this is the Beacon frame we’re looking for. 

We see there is an RSN information element with an AES cipher and an AKM of Opportunistic Wireless Encryption (OWE). Well, there you go. That’s clearly the SSID we’re looking for.

Looking further below, there is an OWE Transition Mode information element. The difference with this entry is the BSSID and SSID. It is referencing the open SSID. 

And again, an OWE compatible device will be told to associate to this hidden SSID, named McFurly-OWE. A non-OWE compatible device will simply associate to the open SSID, McFurly-OWETM.

YOUR TURN
What do you think about using Opportunistic Wireless Encryption to protect open SSIDs?

Share this:

  • Facebook
  • LinkedIn
  • Twitter

Related

Filed Under: Wireless Tagged With: owe, wireshark

About Rowell

Wi-Fi expert. Coffee addict ☕️. Tech nerd. Business owner.

Reader Interactions

Comments

  1. Kenvish says

    November 6, 2019 at 8:42 pm

    Great Explanation Rowell. What are the configurations that we need to do in hostapd.conf to enable transition mode OWE

    Reply
  2. Gjermund says

    June 15, 2021 at 7:11 am

    When I configure OWE it demands a SSID-name for the OWE wlan. Which mean I have both SSIDs (owe and open) visible on the client.
    Both types of clients can select both SSIDs. But the not-capable client fails if it select the OWE wlan

    How do you configure to let the OWE wlan be a hidden SSID on 9800?

    Reply

Leave a Reply Cancel reply

Primary Sidebar

Recent Posts

  • Passed Palo Alto Networks Certified Security Administrator (PCNSA)
  • 5 Years Running
  • Q4 2021 and Yearly Income Report
  • I PASSED JNCIA-MistAI
  • Admins and Role-Based Access Control – PCNSA

Categories

  • bschool
  • Certifications
  • Coding
  • DevNet Associate
  • Events
  • Lab
  • Networking
  • Personal
  • Podcasting
  • Professional
  • Reviews
  • Security
  • Short Stories
  • Uncategorized
  • Wireless

Archives

  • May 2022
  • January 2022
  • December 2021
  • November 2021
  • August 2021
  • July 2021
  • April 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • November 2018
  • September 2018
  • August 2018

Copyright © 2022 · Written by Rowell Dionicio · You're awesome.