Date: Mon, 23 Sep 2013 14:14:05 +0200 From: Mark Moes <mark_moes@hotmail.com> To: hiren panchasara <hiren.panchasara@gmail.com> Cc: "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org> Subject: RE: ath0 "monitor mode" mystery Message-ID: <DUB119-W30E1C34EF8426D374112D9912D0@phx.gbl> In-Reply-To: <CALCpEUEti7WhS8rcvorrRUirEmDHEWL8fva6C=7_=zHXM_Vk2w@mail.gmail.com> References: <CALCpEUEti7WhS8rcvorrRUirEmDHEWL8fva6C=7_=zHXM_Vk2w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> 18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] That's what you're gonna see if it captures 802.11 frames=3B you already ha= d it working :) And a Probe Request is not a Beacon frame=2C it is sent by a device (laptop= /smartphone) when it actively scans for APs. See http://www.wi-fiplanet.com= /tutorials/print.php/1447501=20 Cheers=2C Mark > Date: Fri=2C 20 Sep 2013 15:29:34 -0700 > Subject: ath0 "monitor mode" mystery > From: hiren.panchasara@gmail.com > To: freebsd-wireless@freebsd.org >=20 > I am trying to enable (what I think is) monitor mode on PicoStation M2HP. >=20 > I am confused though. "man ifconfig" is also showing 2 different "monitor= " > things. I tried both below: >=20 > # ifconfig wlan0 create wlandev ath0 > wlan0: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan0 down > # ifconfig wlan0 monitor > # ifconfig wlan0 channel 4 > # ifconfig wlan0 up > # > # ifconfig wlan0 > wlan0: flags=3D48843<UP=2CBROADCAST=2CRUNNING=2CSIMPLEX=2CMULTICAST=2CMON= ITOR> metric 0 > mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) > status: no carrier > ssid "" channel 4 (2427 MHz 11g) > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 bmiss 7 scanvalid 60 protmode CTS wme burst bintval 0 > # >=20 > And now I get things via: > # tcpdump -ni wlan0 -y IEEE802_11_RADIO > wlan0: promiscuous mode enabled > wlan0: promiscuous mode disabled > wlan0: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan0: no IPv4 address assigned > tcpdump: verbose output suppressed=2C use -v or -vv for full protocol dec= ode > listening on wlan0=2C link-type IEEE802_11_RADIO (802.11 plus radiotap > header)=2C capture size 65535 bytes > 18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] > 18:56:23.994159 9838553735us tsft 1.0 Mb/s -75dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit] > 18:56:23.995089 9838554678us tsft 1.0 Mb/s -75dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request (Y!Office) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18= .0 > Mbit] > 18:56:23.995979 9838555575us tsft 1.0 Mb/s -75dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit] > 18:56:24.002484 9838562077us tsft 1.0 Mb/s -76dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit] > 18:56:24.016082 9838576006us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g ht/40+ Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 > Mbit] >=20 > But is this really a monitor mode? Not according to tcpdump. >=20 > What we are seeing above are beacons sent out by APs? How do we get probe > requests sent to APs by devices? >=20 > man tcpdump says: >=20 > -I Put the interface in "monitor mode"=3B this is supported only on > IEEE 802.11 Wi-Fi interfaces=2C and supported only on some > operat- > ing systems. >=20 > Note that in monitor mode the adapter might disassociate > from > the network with which it's associated=2C so that you will = not > be > able to use any wireless networks with that adapter. This > could > prevent accessing files on a network server=2C or resolvin= g > host > names or network addresses=2C if you are capturing in monit= or > mode > and are not connected to another network with another adapt= er. >=20 > This flag will affect the output of the -L flag. If -I > isn't > specified=2C only those link-layer types available when= not > in > monitor mode will be shown=3B if -I is specified=2C only th= ose > link- > layer types available when in monitor mode will be shown. >=20 > So I tried -I=2C >=20 > # tcpdump -Ii wlan0 -y IEEE802_11_RADIO > tcpdump: wlan0 is not a monitor mode VAP > To create a new monitor mode VAP use: > ifconfig wlan1 create wlandev ath0 wlanmode monitor > and use wlan1 as the tcpdump interface > # >=20 > Okay=2C lets create wlan1 as suggested: >=20 > # ifconfig wlan1 create wlandev ath0 wlanmode monitor > wlan1: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan1 > wlan1: flags=3D8802<BROADCAST=2CSIMPLEX=2CMULTICAST> metric 0 mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect <monitor> > (autoselect <monitor>) > status: no carrier > ssid "" channel 4 (2427 MHz 11g) > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 scanvalid 60 protmode CTS wme burst bintval 0 > # >=20 > See subtle difference between wlan0 and wlan1. >=20 > Still no success (but new error): > <code> > # tcpdump -Ii wlan1 -y IEEE802_11_RADIO > wlan1: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan1: no IPv4 address assigned > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > tcpdump: verbose output suppressed=2C use -v or -vv for full protocol dec= ode > listening on wlan1=2C link-type IEEE802_11_RADIO (802.11 plus radiotap > header)=2C capture size 65535 bytes > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ^C > 0 packets captured > 0 packets received by filter > 0 packets dropped by kernel > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > wlan1: promiscuous mode disabled > # >=20 > I also tried to do mixed version of both wlan0 and wlan1: >=20 > # ifconfig wlan0 destroy > # ifconfig wlan0 create wlandev ath0 wlanmode monitor > wlan0: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan0 monitor > # ifconfig wlan0 channel 4 > # ifconfig wlan0 up > ar5416PerCalibrationN: NF calibration didn't finish=3B delaying CCA > # > # ifconfig wlan0 > wlan0: flags=3D48843<UP=2CBROADCAST=2CRUNNING=2CSIMPLEX=2CMULTICAST=2CMON= ITOR> metric 0 > mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <monito= r> > status: running > ssid "" channel 4 (2427 MHz 11g ht/40+) bssid dc:9f:db:6a:3e:9e > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 scanvalid 60 protmode CTS ampdulimit 8k ampdudensity 8 > shortgi wme burst > # >=20 > But no success: >=20 > # tcpdump -Ii wlan0 -y IEEE802_11_RADIO > wlan0: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan0: no IPv4 address assigned > tcpdump: verbose output suppressed=2C use -v or -vv for full protocol dec= ode > listening on wlan0=2C link-type IEEE802_11_RADIO (802.11 plus radiotap > header)=2C capture size 65535 bytes > ^C > 0 packets capturwlan0: promiscuous mode disabled > ed > 0 packets received by filter > 0 packets dropped by kernel > # > _______________________________________________ > freebsd-wireless@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-wireless > To unsubscribe=2C send any mail to "freebsd-wireless-unsubscribe@freebsd.= org" =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB119-W30E1C34EF8426D374112D9912D0>