I am trying to analyze probe response .pcap files of a network to deduce the security protocol (as in wpa, wpa2, wep, open network).
I realized that in some beacon .pcaps, there is a tag with the wpa information and in the following image for example, it says that the WPA version is 1, meaning the security protocol is WPA. But in other beacon .pcaps that tag doesn't appear and I'm guessing it is not always there because that tag is vendor specific.
Either way, I couldn't find this tag in any probe response .pcaps and couldn't figure out the security protocol from the RSN Information tag. For example I tried checking if AES is in the Pairwise Cipher Suite List (since it isn't used in WPA, but is used in WPA2), but it appears in both WPA and WPA2 networks. Is there a reliable way to do this with any captured probe response packet?
