Re: Question on IEEE802_11_RADIO

From: Richard Bejtlich (richard_bejtlich_at_yahoo.com)
Date: 02/28/04

  • Next message: Mike Wade: "Re: Persistant random receiving packet drops with wi(4) and IBSS" 
    Date: Sat, 28 Feb 2004 04:57:16 -0800 (PST)
To: Bruce M Simpson <bms@spc.org>

    --- Bruce M Simpson <bms@spc.org> wrote:
    > Don't use monitor mode; it's a misnomer. Try without
    > using monitor
    > mode and you should see radiotap headers.
    >
    > BMS

    Hi Bruce,

    Without monitor mode I get worse results for
    IEEE802_11, but IEEE802_11_RADIO gives the same
    results.

    <insert card>
    orr:/root# ifconfig wi0
    wi0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
            ether 00:04:e2:29:3b:ba
            media: IEEE 802.11 Wireless Ethernet
    autoselect (none)
            ssid ""
            stationname "FreeBSD WaveLAN/IEEE node"
            channel -1 authmode OPEN powersavemode OFF
    powersavesleep 100
            wepmode OFF weptxkey 1

    When I bring the card up it automatically associates
    with the nearest access point. (Is this correct? I
    don't have any scripts, etc. to set this up.)

    orr:/root# ifconfig wi0 up
    orr:/root# ifconfig wi0
    wi0:
    flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu
    1500
            inet6 fe80::204:e2ff:fe29:3bba%wi0 prefixlen
    64 scopeid 0x4
            ether 00:04:e2:29:3b:ba
            media: IEEE 802.11 Wireless Ethernet
    autoselect (DS/11Mbps)
            status: associated
            ssid shaolin 1:shaolin
            stationname "FreeBSD WaveLAN/IEEE node"
            channel 6 authmode OPEN powersavemode OFF
    powersavesleep 100
            wepmode OFF weptxkey 1

    This looks the same as before:

    orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y
    IEEE802_11_RADIO -vv
    tcpdump: data link type IEEE802_11_RADIO
    tcpdump: WARNING: wi0: no IPv4 address assigned
    tcpdump: listening on wi0, link-type IEEE802_11_RADIO
    (802.11 plus radio information header), capture size
    96 bytes
    07:47:26.227651 [|802.11]
    07:47:26.321380 [|802.11]
    07:47:26.325336 [|802.11]

    This doesn't look right -- the beacon packets don't
    seem to be interpreted correctly:

    orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y
    IEEE802_11 -vv
    tcpdump: data link type IEEE802_11
    tcpdump: WARNING: wi0: no IPv4 address assigned
    tcpdump: listening on wi0, link-type IEEE802_11
    (802.11), capture size 96 bytes
    07:47:44.691348 56185us BSSID:00:a0:c5:59:47:d4
    SA:00:06:25:45:74:be DA:00:a0:c5:59:47:d4 LLC, dsap
    0xb2, ssap 0x0f, cmd 0x00, sap 0e > sap b2 I
    (s=0,r=0,R) len=64
    07:47:44.791749 56185us BSSID:00:a0:c5:59:47:d4
    SA:00:06:25:45:74:be DA:00:a0:c5:59:47:d4 LLC, dsap
    0xb3, ssap 0x0f, cmd 0x00, sap 0e > sap b3 I
    (s=0,r=0,R) len=64

    Only by enabling monitor mode and specifying a channel
    do I see beacons as expected:

    orr:/root# ifconfig wi0 mediaopt monitor channel 6 up
    orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y
    IEEE802_11 -vv -c 2
    tcpdump: data link type IEEE802_11
    tcpdump: WARNING: wi0: no IPv4 address assigned
    tcpdump: listening on wi0, link-type IEEE802_11
    (802.11), capture size 96 bytes
    07:49:50.110446 0us BSSID:00:06:25:5b:21:ab
    DA:ff:ff:ff:ff:ff:ff SA:00:06:25:5b:21:ab Beacon
    (Alpha) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6
    07:49:50.112603 56185us BSSID:00:a0:c5:59:47:d4
    SA:00:06:25:45:74:be DA:00:a0:c5:59:47:d4 LLC, dsap
    0x53, ssap 0x10, cmd 0x00, sap 10 > sap 53 I
    (s=0,r=0,C) len=64

    Unfortunately I get the weird RADIO output:

    orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y
    IEEE802_11_RADIO -vv -c 2
    tcpdump: data link type IEEE802_11_RADIO
    tcpdump: WARNING: wi0: no IPv4 address assigned
    tcpdump: listening on wi0, link-type IEEE802_11_RADIO
    (802.11 plus radio information header), capture size
    96 bytes
    07:50:52.733414 [|802.11]
    07:50:52.751514 [|802.11]

    Here's what prism2ctl reports after all of this:

    orr:/root# prism2ctl wi0
    Sleep mode: [ Off ]
    Suppress post back-off delay: [ Off ]
    Suppress Tx Exception: [ Off ]
    Monitor mode: [ Off ]
    LED Test: [ ]
    Continuous Tx: [ ]
    Continuous Rx: [ Off ]
    Signal State: [ ]
    Automatic level control: [ Off ]

    orr:/root# prism2ctl wi0 -m
    orr:/root# prism2ctl wi0
    Sleep mode: [ Off ]
    Suppress post back-off delay: [ Off ]
    Suppress Tx Exception: [ Off ]
    Monitor mode: [ On ]
    LED Test: [ ]
    Continuous Tx: [ ]
    Continuous Rx: [ Off ]
    Signal State: [ ]
    Automatic level control: [ Off ]

    At this point I can use prism2dump, but Tcpdump
    doesn't see anything:

    orr:/root# prism2dump wi0
    prism2dump: listening on wi0
    - [ff:ff:ff:ff:ff:ff <- 0:c:41:f6:6c:24 <-
    0:c:41:f6:6c:24]
    - port: 7 ts: 300.510715 0:5 10:0
    - sn: 62848 (69:74:59:e7:ac:b0) len: 59
      - ** mgmt-beacon ** ts: 230891.417994 int: 100
    capinfo: ess
        + ssid: [linksys]
        + rates: 1.0 2.0 5.5 11.0 18.0 24.0 36.0 54.0
        + ds ch: 6
        + dtim c: 0 p: 1 bc: 0 pvb: bfbfea45

    Thanks for your help,

    Richard
    http://www.taosecurity.com

    __________________________________
    Do you Yahoo!?
    Get better spam protection with Yahoo! Mail.
    http://antispam.yahoo.com/tools
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Mike Wade: "Re: Persistant random receiving packet drops with wi(4) and IBSS"