From owner-freebsd-wireless@FreeBSD.ORG Mon Sep 23 12:14:08 2013 Return-Path: Delivered-To: freebsd-wireless@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 317E693B for ; Mon, 23 Sep 2013 12:14:08 +0000 (UTC) (envelope-from mark_moes@hotmail.com) Received: from dub0-omc3-s14.dub0.hotmail.com (dub0-omc3-s14.dub0.hotmail.com [157.55.2.23]) by mx1.freebsd.org (Postfix) with ESMTP id AF65827C1 for ; Mon, 23 Sep 2013 12:14:07 +0000 (UTC) Received: from DUB119-W30 ([157.55.2.7]) by dub0-omc3-s14.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 23 Sep 2013 05:14:05 -0700 X-TMN: [e9UHqFtFF9gIb9AjDlLfweWQD783E7J1] X-Originating-Email: [mark_moes@hotmail.com] Message-ID: From: Mark Moes To: hiren panchasara Subject: RE: ath0 "monitor mode" mystery Date: Mon, 23 Sep 2013 14:14:05 +0200 Importance: Normal In-Reply-To: References: MIME-Version: 1.0 X-OriginalArrivalTime: 23 Sep 2013 12:14:05.0817 (UTC) FILETIME=[65FE0E90:01CEB856] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-wireless@freebsd.org" X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Sep 2013 12:14:08 -0000 > 18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] That's what you're gonna see if it captures 802.11 frames=3B you already ha= d it working :) And a Probe Request is not a Beacon frame=2C it is sent by a device (laptop= /smartphone) when it actively scans for APs. See http://www.wi-fiplanet.com= /tutorials/print.php/1447501=20 Cheers=2C Mark > Date: Fri=2C 20 Sep 2013 15:29:34 -0700 > Subject: ath0 "monitor mode" mystery > From: hiren.panchasara@gmail.com > To: freebsd-wireless@freebsd.org >=20 > I am trying to enable (what I think is) monitor mode on PicoStation M2HP. >=20 > I am confused though. "man ifconfig" is also showing 2 different "monitor= " > things. I tried both below: >=20 > # ifconfig wlan0 create wlandev ath0 > wlan0: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan0 down > # ifconfig wlan0 monitor > # ifconfig wlan0 channel 4 > # ifconfig wlan0 up > # > # ifconfig wlan0 > wlan0: flags=3D48843 metric 0 > mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) > status: no carrier > ssid "" channel 4 (2427 MHz 11g) > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 bmiss 7 scanvalid 60 protmode CTS wme burst bintval 0 > # >=20 > And now I get things via: > # tcpdump -ni wlan0 -y IEEE802_11_RADIO > wlan0: promiscuous mode enabled > wlan0: promiscuous mode disabled > wlan0: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan0: no IPv4 address assigned > tcpdump: verbose output suppressed=2C use -v or -vv for full protocol dec= ode > listening on wlan0=2C link-type IEEE802_11_RADIO (802.11 plus radiotap > header)=2C capture size 65535 bytes > 18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] > 18:56:23.994159 9838553735us tsft 1.0 Mb/s -75dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit] > 18:56:23.995089 9838554678us tsft 1.0 Mb/s -75dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request (Y!Office) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18= .0 > Mbit] > 18:56:23.995979 9838555575us tsft 1.0 Mb/s -75dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit] > 18:56:24.002484 9838562077us tsft 1.0 Mb/s -76dB signal -96dB noise anten= na > 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit] > 18:56:24.016082 9838576006us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g ht/40+ Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 > Mbit] >=20 > But is this really a monitor mode? Not according to tcpdump. >=20 > What we are seeing above are beacons sent out by APs? How do we get probe > requests sent to APs by devices? >=20 > man tcpdump says: >=20 > -I Put the interface in "monitor mode"=3B this is supported only on > IEEE 802.11 Wi-Fi interfaces=2C and supported only on some > operat- > ing systems. >=20 > Note that in monitor mode the adapter might disassociate > from > the network with which it's associated=2C so that you will = not > be > able to use any wireless networks with that adapter. This > could > prevent accessing files on a network server=2C or resolvin= g > host > names or network addresses=2C if you are capturing in monit= or > mode > and are not connected to another network with another adapt= er. >=20 > This flag will affect the output of the -L flag. If -I > isn't > specified=2C only those link-layer types available when= not > in > monitor mode will be shown=3B if -I is specified=2C only th= ose > link- > layer types available when in monitor mode will be shown. >=20 > So I tried -I=2C >=20 > # tcpdump -Ii wlan0 -y IEEE802_11_RADIO > tcpdump: wlan0 is not a monitor mode VAP > To create a new monitor mode VAP use: > ifconfig wlan1 create wlandev ath0 wlanmode monitor > and use wlan1 as the tcpdump interface > # >=20 > Okay=2C lets create wlan1 as suggested: >=20 > # ifconfig wlan1 create wlandev ath0 wlanmode monitor > wlan1: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan1 > wlan1: flags=3D8802 metric 0 mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect > (autoselect ) > status: no carrier > ssid "" channel 4 (2427 MHz 11g) > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 scanvalid 60 protmode CTS wme burst bintval 0 > # >=20 > See subtle difference between wlan0 and wlan1. >=20 > Still no success (but new error): > > # tcpdump -Ii wlan1 -y IEEE802_11_RADIO > wlan1: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan1: no IPv4 address assigned > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > tcpdump: verbose output suppressed=2C use -v or -vv for full protocol dec= ode > listening on wlan1=2C link-type IEEE802_11_RADIO (802.11 plus radiotap > header)=2C capture size 65535 bytes > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > ^C > 0 packets captured > 0 packets received by filter > 0 packets dropped by kernel > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=3D0x00000024 > AR_DIAG_SW=3D0x42000020 > wlan1: promiscuous mode disabled > # >=20 > I also tried to do mixed version of both wlan0 and wlan1: >=20 > # ifconfig wlan0 destroy > # ifconfig wlan0 create wlandev ath0 wlanmode monitor > wlan0: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan0 monitor > # ifconfig wlan0 channel 4 > # ifconfig wlan0 up > ar5416PerCalibrationN: NF calibration didn't finish=3B delaying CCA > # > # ifconfig wlan0 > wlan0: flags=3D48843 metric 0 > mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng > status: running > ssid "" channel 4 (2427 MHz 11g ht/40+) bssid dc:9f:db:6a:3e:9e > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 scanvalid 60 protmode CTS ampdulimit 8k ampdudensity 8 > shortgi wme burst > # >=20 > But no success: >=20 > # tcpdump -Ii wlan0 -y IEEE802_11_RADIO > wlan0: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan0: no IPv4 address assigned > tcpdump: verbose output suppressed=2C use -v or -vv for full protocol dec= ode > listening on wlan0=2C link-type IEEE802_11_RADIO (802.11 plus radiotap > header)=2C capture size 65535 bytes > ^C > 0 packets capturwlan0: promiscuous mode disabled > ed > 0 packets received by filter > 0 packets dropped by kernel > # > _______________________________________________ > freebsd-wireless@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-wireless > To unsubscribe=2C send any mail to "freebsd-wireless-unsubscribe@freebsd.= org" =