Date: Sat, 31 Mar 2001 11:04:24 +0100 (BST) From: Duncan Barclay <dmlb@dmlb.org> To: Jim Binkley <jrb@cs.pdx.edu> Cc: freebsd-mobile@freebsd.org Subject: RE: 802.11 interop testing Message-ID: <XFMail.010331110424.dmlb@computer.my.domain> In-Reply-To: <200103301906.LAA13593@sirius.cs.pdx.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi On 30-Mar-01 Jim Binkley wrote: > > I've been informally testing a few things with the following setup (mostly). > One goal is to learn if promiscuous mode works on the lucent boxes. > Another is to learn if 802.11 interop (especially in IBSS) mode exists. > > Cisco AIRONET access-point in infrastructure mode > >| | >| | >| | > FreeBSD 4.2 FreeBSD 3.2, but 4.2 wi driver equivalent... > Cisco aironet 350 Lucent older 802.11 card, firmware update made > aka cisco laptop/card aka lucent laptop/card > > 1. promiscuous mode test in infrastructure mode > > 1.1 lucent card does promiscuous mode (tcpdump) > Cisco laptop pings external IP host. > result: > Lucent laptop CANNOT read unicast packets. Can read broadcast/multicast > packets, and see ARP broadcast from Cisco. > > So basically promiscuous mode doesn't work, but you can still > steal other people's MAC addresses. Just wait for the arp broadcast. :- > > > > 1.2 cisco card does prom. mode > Lucent laptop pings external IP host. > Cisco laptop CAN read unicast lucent packets for 3rd party with tcpdump. > > consider: 2 end systems in infrastructure mode and in promiscous mode > could talk to each other directly sans AP ... if they are willing to pay the > price. > > 2. promiscuous mode test in "old" lucent ad hoc mode with same driver. NO. > > Different setup at layer 3, but roughly similar > > Mobile-IP agent (lucent card) using "old" ad hoc > > | <----- linux box with lucent card in promiscuous mode > > Mobile-IP mobile node (lucent card) > > The mobile node pings an external IP address (thus all packets are unicast). > The linux box with the lucent card (redhat 6.2 and a lucent driver of some > vintage > known to work with redhat 6.2) CANNOT see the promiscuous unicast packet s. > It can see broadcast. > > I think this is a firmware bug ... > > 3. can old lucent ad hoc talk to Cisco box in IBSS mode. NOPE. > > 4. can new lucent firmware update IBSS talk to Cisco laptop in IBSS. YES, > but > this can stand more testing. > > 5. can two laptops in infrastructure mode talk to each other sans AP. NOPE. This is because infrastructure mode assumes the use of an AP and packets from one station to another are routed via the AP. No peer to peer communication is defined in the standard. > 6. can two laptops in IBSS mode talk to each other sans AP. YES. In adhoc/IBSS mode there is no concept of an "AP". All traffic is peer to peer. > 7. Can cisco box in ad hoc mode (IBSS) talk to AP in infrastructure mode. > NO. > This was a sanity check on #8. This should be possible but will depend on the reading of the spec. by firmware developers. An AP is a still a station on the the 802.11 network, so it should be possible to get a station to send to it. However, some the MAC layer protocol changes between adhoc and infrastructure mode, and this behaviour is by luck not design. > 8. Can lucent box in IBSS/ad hoc (just to be clear) talk to AP in > infrastructure > mode. Needs more testing. I swear it happened. Possible, see above. > Things that go bump in the night: > > I could not get the lucent cards in any mode (didn't try IBSS though), (old > ad hoc, and infrastructure) to do promiscuous mode. Linux driver or freebsd > driver. Didn't matter. I can postulate a reason for this. There are four types of packet in 802.11, and maybe the Lucent cards only do promiscious mode on packets from a station to station (i.e. IBSS). Packets in an BSS network have a different header, in which the ethernet addresses change a bit. The Lucent cards may not deal with this. If you can somehow hack the mutlicast list and add the BSS address, you may be able to fake promiscuous mode. On the other hand it may simply not supported. > However in one case (infrastructure mode) the lucent cards were reading > unicast > 802.11 control packets of some sort that the Cisco end system was sending. > If > someone knows what these things MIGHT be, please let me know. Note the per > 10 > second granularity. A packet > trace follows: Can you get a dump of these packets? Look at if_ieee80211.h and if_ray.c for some decoding of the control messages. > 15:25:48.959186 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:25:59.952318 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:26:10.945185 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:26:21.938203 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:26:32.931882 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:26:43.924225 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:26:54.917238 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:27:05.910245 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:27:16.903271 [|ether] > 15:27:27.896274 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:27:38.889427 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > 15:27:49.882302 0:40:96:51:a1:93 0:40:96:40:65:97 0000 14: [|llc] > > MAC addresses are cisco aironet addresses (end node and AP). > > Jim Binkley > jrb@cs.pdx.edu Happy hunting, Duncan --- ________________________________________________________________________ Duncan Barclay | God smiles upon the little children, dmlb@dmlb.org | the alcoholics, and the permanently stoned. dmlb@freebsd.org| Steven King To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010331110424.dmlb>