atheros card and radiotap headers
Luca Micali
luca.micali at gmail.com
Mon May 16 02:58:48 PDT 2005
Hi all,
I have really big problems with radiotap-enabled captures, specially
with atheros card/driver.
Let's proceed. My test system is a fujitsu p7010, and FreeBSD 5.4-RELEASE
[root at dagger.sunspot.org] # uname -a
FreeBSD dagger.sunspot.org 5.4-RELEASE FreeBSD 5.4-RELEASE #1: Fri May
13 20:56:25 CEST 2005
root at dagger.sunspot.org:/usr/src/sys/i386/compile/DAGGER i386
and my test card is a NetGear WG511T, here follows a snippet from
dmesg and related sysctl variables:
[root at dagger.sunspot.org] # dmesg | grep ^ath0
ath0: <Atheros 5212> mem 0xd0210000-0xd021ffff irq 11 at device 0.0 on cardbus0
ath0: mac 5.6 phy 4.1 5ghz radio 4.6
ath0: Ethernet address: 00:09:5b:92:ec:80
ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps
24Mbps 36Mbps 48Mbps 54Mbps
[root at dagger.sunspot.org] # sysctl -a | grep -E '(^hw|^dev).ath'
hw.ath.hal.swba_backoff: 0
hw.ath.hal.sw_brt: 10
hw.ath.hal.dma_brt: 2
hw.ath.hal.version: 0.9.6.3
hw.ath.dump:
hw.ath.debug: 0
hw.ath.regdomain: 0
hw.ath.countrycode: 0
hw.ath.outdoor: 1
hw.ath.calibrate: 30
hw.ath.dwell: 200
dev.ath.0.%desc: Atheros 5212
dev.ath.0.%driver: ath
dev.ath.0.%location: slot=0 function=0
dev.ath.0.%pnpinfo: vendor=0x168c device=0x0013 subvendor=0x1385
subdevice=0x4b00 class=0x020000
dev.ath.0.%parent: cardbus0
The WG511T works good in BSS and IBSS modes with pretty decent FTP
peaks of 2.80 MB/s, but when it goes in monitor mode it receives a lot
of noise and pcap enabled applications show up a lot of "malformed
packets":
[root at dagger.sunspot.org] # tethereal -i ath0 -y IEEE802_11_RADIO
Warning: Couldn't obtain netmask info (ath0: no IPv4 address assigned).
Capturing on ath0
0.000000 -> IEEE 802.11 Unrecognized
(Reserved frame)
0.070546 XXX.XX.5.57 -> XXX.XX.255.255 BROWSER Host Announcement
XXXXXX280016, Workstation, Server, NT Workstation, Potential Browser
0.131467 XXX.XX.4.105 -> 255.255.255.255 UDP Source port: 2301
Destination port: 2301
0.141319 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame,
SSID: "............"[Malformed Packet]
0.192535 XXX.XX.1.55 -> XXX.XX.255.255 NBNS Name query NB PRINTERS<00>
0.221540 XXX.XX.1.30 -> Broadcast ARP Who has XXX.XX.7.55? Tell
XXX.XX.1.30
adns warning: sendto failed: Network is unreachable (NS=XXX.XXX.2.12)
0.237164 XXX.XX.1.30 -> Broadcast ARP Who has XXX.XX.4.234?
Tell XXX.XX.1.30
0.243721 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame,
SSID: "............"[Malformed Packet]
0.292573 XXX.XX.4.212 -> Broadcast ARP Who has XXX.XX.1.10? Tell
XXX.XX.4.212
adns warning: sendto failed: Network is unreachable (NS=XXX.XXX.2.12)
0.325725 XXX.XX.1.11 -> Broadcast ARP Who has XXX.XX.7.37? Tell
XXX.XX.1.11
adns warning: sendto failed: Network is unreachable (NS=XXX.XXX.2.12)
0.346129 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame,
SSID: "............"[Malformed Packet]
0.350925 HewlettP_7c:ab:31 -> HP LLC U P, func=TEST; SNAP,
OUI 0x00805F (Unknown), PID 0x0002
0.351848 XXX.XX.255.115 -> Broadcast ARP XXX.XX.255.115 is at
00:0b:46:01:34:80
adns warning: sendto failed: Network is unreachable (NS=XXX.XXX.2.12)
0.382862 00000002.0030c12f2eff -> 00000002.ffffffffffff IPX SAP
General Response
0.384205 00000002.0030c12f2eff -> 00000002.ffffffffffff IPX SAP
General Response
0.386566 XXX.XX.6.125 -> XXX.XX.255.255 BROWSER Host Announcement
XXXXXXFI008, Workstation, Server, SQL Server, NT Workstation,
Potential Browser
0.448530 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame,
SSID: "............"[Malformed Packet]
0.473888 XXX.XX.1.10 -> Broadcast ARP Who has XXX.XX.7.98? Tell
XXX.XX.1.10
adns warning: sendto failed: Network is unreachable (NS=XXX.XXX.2.12)
0.653333 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame,
SSID: "............"[Malformed Packet]
I see that here there is just one really noisy packet (the first one),
if they could be helpful I could capture a lot more of them this
evening.
There's another interesting thing is that launching kismet with
radiotab_fbsd_b and setting debug.ieee80211 to 1, machine says:
[...]
ieee80211_newstate: SCAN -> SCAN
ieee80211_newstate: SCAN -> INIT
ieee80211_newstate: INIT -> RUN
ieee80211_newstate: invalid transition
ieee80211_newstate: RUN -> INIT
ieee80211_newstate: INIT -> RUN
ieee80211_newstate: invalid transition
ieee80211_newstate: RUN -> INIT
ieee80211_newstate: INIT -> RUN
ieee80211_newstate: invalid transition
ieee80211_newstate: RUN -> INIT
ieee80211_newstate: INIT -> RUN
ieee80211_newstate: invalid transition
ieee80211_newstate: RUN -> INIT
ieee80211_newstate: INIT -> RUN
ieee80211_newstate: invalid transition
ieee80211_newstate: RUN -> INIT
ieee80211_newstate: INIT -> RUN
ieee80211_newstate: invalid transition
[...]
until i shutdown kismet, but maybe this is a kismet bug in channel hopping.
enabling hw.ath.debug it says:
ath_stop: invalid 0 if_flags 0x48842
ath_newstate: SCAN -> INIT
Is this a known bug? How can i fix this?
Thanks in advance and sorry for my poor english,
Luca Micali
####### KERNEL CONFIG, what you don't see here is loaded as kld
machine i386
cpu I686_CPU
ident DAGGER
options SCHED_4BSD
options INET
options INET6
options FFS
options SOFTUPDATES
options UFS_ACL
options UFS_DIRHASH
options NFSCLIENT
options NFSSERVER
options LIBICONV
options EICON_DIVA
options MSDOSFS
options MSDOSFS_LARGE
options MSDOSFS_ICONV
options NTFS
options NTFS_ICONV
options CD9660
options CD9660_ICONV
options UDF
options UDF_ICONV
options PROCFS
options PSEUDOFS
options COMPAT_43
options SYSVSHM
options SYSVMSG
options SYSVSEM
options _KPOSIX_PRIORITY_SCHEDULING
options KBD_INSTALL_CDEV
device apic
device isa
device eisa
device pci
device ata
device atadisk
device atapicam
options ATA_STATIC_ID
device uhci
device ehci
device usb
device scbus
device da
device cd
device pass
device atkbdc
device atkbd
device psm
device vga
device sc
device splash
options SC_PIXEL_MODE
device agp
device npx
device apm
device acpi
device pty
device loop
device mem
device io
device random
device ether
device ppp
device tun
device bpf
device md
More information about the freebsd-questions
mailing list