Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Sep 2013 15:29:34 -0700
From:      hiren panchasara <hiren.panchasara@gmail.com>
To:        "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org>
Subject:   ath0 "monitor mode" mystery
Message-ID:  <CALCpEUEti7WhS8rcvorrRUirEmDHEWL8fva6C=7_=zHXM_Vk2w@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
I am trying to enable (what I think is) monitor mode on PicoStation M2HP.

I am confused though. "man ifconfig" is also showing 2 different "monitor"
things. I tried both below:

# ifconfig wlan0 create wlandev ath0
wlan0: Ethernet address: dc:9f:db:6a:3e:9e
# ifconfig wlan0 down
# ifconfig wlan0 monitor
# ifconfig wlan0 channel 4
# ifconfig wlan0 up
#
# ifconfig wlan0
wlan0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MONITOR> metric 0
mtu 1500
        ether dc:9f:db:6a:3e:9e
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        ssid "" channel 4 (2427 MHz 11g)
        regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF
        txpower 30 bmiss 7 scanvalid 60 protmode CTS wme burst bintval 0
#

And now I get things via:
# tcpdump -ni wlan0 -y IEEE802_11_RADIO
wlan0: promiscuous mode enabled
wlan0: promiscuous mode disabled
wlan0: promiscuous mode enabled
tcpdump: data link type IEEE802_11_RADIO
tcpdump: WARNING: wlan0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap
header), capture size 65535 bytes
18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427
MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit]
18:56:23.994159 9838553735us tsft 1.0 Mb/s -75dB signal -96dB noise antenna
1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
18:56:23.995089 9838554678us tsft 1.0 Mb/s -75dB signal -96dB noise antenna
1 2427 MHz 11g Probe Request (Y!Office) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0
Mbit]
18:56:23.995979 9838555575us tsft 1.0 Mb/s -75dB signal -96dB noise antenna
1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
18:56:24.002484 9838562077us tsft 1.0 Mb/s -76dB signal -96dB noise antenna
1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
18:56:24.016082 9838576006us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427
MHz 11g ht/40+ Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0
Mbit]

But is this really a monitor mode? Not according to tcpdump.

What we are seeing above are beacons sent out by APs? How do we get probe
requests sent to APs by devices?

man tcpdump says:

-I     Put  the  interface in "monitor mode"; this is supported only on
              IEEE 802.11 Wi-Fi interfaces, and supported only on some
operat-
              ing systems.

              Note  that  in  monitor mode the adapter might disassociate
from
              the network with which it's associated, so that you will not
 be
              able to use any wireless networks with that adapter.  This
could
              prevent accessing files on a network server, or  resolving
 host
              names or network addresses, if you are capturing in monitor
mode
              and are not connected to another network with another adapter.

              This flag will affect the output of the -L flag.   If  -I
 isn't
              specified,  only  those  link-layer  types available when not
in
              monitor mode will be shown; if -I is specified, only those
link-
              layer types available when in monitor mode will be shown.

So I tried -I,

# tcpdump -Ii wlan0 -y IEEE802_11_RADIO
tcpdump: wlan0 is not a monitor mode VAP
To create a new monitor mode VAP use:
  ifconfig wlan1 create wlandev ath0 wlanmode monitor
and use wlan1 as the tcpdump interface
#

Okay, lets create wlan1 as suggested:

# ifconfig wlan1 create wlandev ath0 wlanmode monitor
wlan1: Ethernet address: dc:9f:db:6a:3e:9e
# ifconfig wlan1
wlan1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether dc:9f:db:6a:3e:9e
        media: IEEE 802.11 Wireless Ethernet autoselect <monitor>
(autoselect <monitor>)
        status: no carrier
        ssid "" channel 4 (2427 MHz 11g)
        regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF
        txpower 30 scanvalid 60 protmode CTS wme burst bintval 0
#

See subtle difference between wlan0 and wlan1.

Still no success (but new error):
<code>
# tcpdump -Ii wlan1 -y IEEE802_11_RADIO
wlan1: promiscuous mode enabled
tcpdump: data link type IEEE802_11_RADIO
tcpdump: WARNING: wlan1: no IPv4 address assigned
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan1, link-type IEEE802_11_RADIO (802.11 plus radiotap
header), capture size 65535 bytes
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
ar5416StopDmaReceive: dma failed to stop in 10ms
AR_CR=0x00000024
AR_DIAG_SW=0x42000020
wlan1: promiscuous mode disabled
#

I also tried to do mixed version of both wlan0 and wlan1:

# ifconfig wlan0 destroy
# ifconfig wlan0 create wlandev ath0 wlanmode monitor
wlan0: Ethernet address: dc:9f:db:6a:3e:9e
# ifconfig wlan0 monitor
#  ifconfig wlan0 channel 4
# ifconfig wlan0 up
ar5416PerCalibrationN: NF calibration didn't finish; delaying CCA
#
# ifconfig wlan0
wlan0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MONITOR> metric 0
mtu 1500
        ether dc:9f:db:6a:3e:9e
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <monitor>
        status: running
        ssid "" channel 4 (2427 MHz 11g ht/40+) bssid dc:9f:db:6a:3e:9e
        regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF
        txpower 30 scanvalid 60 protmode CTS ampdulimit 8k ampdudensity 8
        shortgi wme burst
#

But no success:

# tcpdump -Ii wlan0 -y IEEE802_11_RADIO
wlan0: promiscuous mode enabled
tcpdump: data link type IEEE802_11_RADIO
tcpdump: WARNING: wlan0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap
header), capture size 65535 bytes
^C
0 packets capturwlan0: promiscuous mode disabled
ed
0 packets received by filter
0 packets dropped by kernel
#



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALCpEUEti7WhS8rcvorrRUirEmDHEWL8fva6C=7_=zHXM_Vk2w>