ath0 "monitor mode" mystery

Adrian Chadd adrian at freebsd.org
Sat Sep 21 12:59:39 UTC 2013 

Hi!

I don't know what the "monitor" flag is supposed to do, sorry. I think it's
supposed to do the same as having a monitor mode vap but I don't know if
the ath(4) driver knows about this. I honestly haven't used it. :-P

The monitor mode vap is so you can create a monitoring interface without
having to be an AP or a STA. Ie, in monitor mode the NIC doesn't respond to
frames, doesn't ACK things that are destined to it, etc. It also doesn't
allow you transmit on it from userspace.

The DMA errors there are likely just from channel changes. Normally I do:

ifconfig wlan0 create wlandev ath0 wlanmode monitor
ifconfig wlan0 channel X
ifconfig wlan0 up



-adrian



On 20 September 2013 15:29, hiren panchasara <hiren.panchasara at gmail.com>wrote:

> I am trying to enable (what I think is) monitor mode on PicoStation M2HP.
>
> I am confused though. "man ifconfig" is also showing 2 different "monitor"
> things. I tried both below:
>
> # ifconfig wlan0 create wlandev ath0
> wlan0: Ethernet address: dc:9f:db:6a:3e:9e
> # ifconfig wlan0 down
> # ifconfig wlan0 monitor
> # ifconfig wlan0 channel 4
> # ifconfig wlan0 up
> #
> # ifconfig wlan0
> wlan0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MONITOR> metric
> 0 mtu 1500
>         ether dc:9f:db:6a:3e:9e
>         media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
>         status: no carrier
>         ssid "" channel 4 (2427 MHz 11g)
>         regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF
>         txpower 30 bmiss 7 scanvalid 60 protmode CTS wme burst bintval 0
> #
>
> And now I get things via:
> # tcpdump -ni wlan0 -y IEEE802_11_RADIO
> wlan0: promiscuous mode enabled
> wlan0: promiscuous mode disabled
> wlan0: promiscuous mode enabled
> tcpdump: data link type IEEE802_11_RADIO
> tcpdump: WARNING: wlan0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap
> header), capture size 65535 bytes
> 18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427
> MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit]
> 18:56:23.994159 9838553735us tsft 1.0 Mb/s -75dB signal -96dB noise
> antenna 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0
> Mbit]
> 18:56:23.995089 9838554678us tsft 1.0 Mb/s -75dB signal -96dB noise
> antenna 1 2427 MHz 11g Probe Request (Y!Office) [1.0 2.0 5.5 11.0 6.0 9.0
> 12.0 18.0 Mbit]
> 18:56:23.995979 9838555575us tsft 1.0 Mb/s -75dB signal -96dB noise
> antenna 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0
> Mbit]
> 18:56:24.002484 9838562077us tsft 1.0 Mb/s -76dB signal -96dB noise
> antenna 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0
> Mbit]
> 18:56:24.016082 9838576006us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427
> MHz 11g ht/40+ Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0
> Mbit]
>
> But is this really a monitor mode? Not according to tcpdump.
>
> What we are seeing above are beacons sent out by APs? How do we get probe
> requests sent to APs by devices?
>
> man tcpdump says:
>
> -I     Put  the  interface in "monitor mode"; this is supported only on
>               IEEE 802.11 Wi-Fi interfaces, and supported only on some
> operat-
>               ing systems.
>
>               Note  that  in  monitor mode the adapter might disassociate
> from
>               the network with which it's associated, so that you will not
>  be
>               able to use any wireless networks with that adapter.  This
> could
>               prevent accessing files on a network server, or  resolving
>  host
>               names or network addresses, if you are capturing in monitor
> mode
>               and are not connected to another network with another
> adapter.
>
>               This flag will affect the output of the -L flag.   If  -I
>  isn't
>               specified,  only  those  link-layer  types available when
> not in
>               monitor mode will be shown; if -I is specified, only those
> link-
>               layer types available when in monitor mode will be shown.
>
> So I tried -I,
>
> # tcpdump -Ii wlan0 -y IEEE802_11_RADIO
> tcpdump: wlan0 is not a monitor mode VAP
> To create a new monitor mode VAP use:
>   ifconfig wlan1 create wlandev ath0 wlanmode monitor
> and use wlan1 as the tcpdump interface
> #
>
> Okay, lets create wlan1 as suggested:
>
> # ifconfig wlan1 create wlandev ath0 wlanmode monitor
> wlan1: Ethernet address: dc:9f:db:6a:3e:9e
> # ifconfig wlan1
> wlan1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
>         ether dc:9f:db:6a:3e:9e
>         media: IEEE 802.11 Wireless Ethernet autoselect <monitor>
> (autoselect <monitor>)
>         status: no carrier
>         ssid "" channel 4 (2427 MHz 11g)
>         regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF
>         txpower 30 scanvalid 60 protmode CTS wme burst bintval 0
> #
>
> See subtle difference between wlan0 and wlan1.
>
> Still no success (but new error):
> <code>
> # tcpdump -Ii wlan1 -y IEEE802_11_RADIO
> wlan1: promiscuous mode enabled
> tcpdump: data link type IEEE802_11_RADIO
> tcpdump: WARNING: wlan1: no IPv4 address assigned
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on wlan1, link-type IEEE802_11_RADIO (802.11 plus radiotap
> header), capture size 65535 bytes
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> ^C
> 0 packets captured
> 0 packets received by filter
> 0 packets dropped by kernel
> ar5416StopDmaReceive: dma failed to stop in 10ms
> AR_CR=0x00000024
> AR_DIAG_SW=0x42000020
> wlan1: promiscuous mode disabled
> #
>
> I also tried to do mixed version of both wlan0 and wlan1:
>
> # ifconfig wlan0 destroy
> # ifconfig wlan0 create wlandev ath0 wlanmode monitor
> wlan0: Ethernet address: dc:9f:db:6a:3e:9e
> # ifconfig wlan0 monitor
> #  ifconfig wlan0 channel 4
> # ifconfig wlan0 up
> ar5416PerCalibrationN: NF calibration didn't finish; delaying CCA
> #
> # ifconfig wlan0
> wlan0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MONITOR> metric
> 0 mtu 1500
>         ether dc:9f:db:6a:3e:9e
>         media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <monitor>
>         status: running
>         ssid "" channel 4 (2427 MHz 11g ht/40+) bssid dc:9f:db:6a:3e:9e
>         regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF
>         txpower 30 scanvalid 60 protmode CTS ampdulimit 8k ampdudensity 8
>         shortgi wme burst
> #
>
> But no success:
>
> # tcpdump -Ii wlan0 -y IEEE802_11_RADIO
> wlan0: promiscuous mode enabled
> tcpdump: data link type IEEE802_11_RADIO
> tcpdump: WARNING: wlan0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap
> header), capture size 65535 bytes
> ^C
> 0 packets capturwlan0: promiscuous mode disabled
> ed
> 0 packets received by filter
> 0 packets dropped by kernel
> #
>

More information about the freebsd-wireless mailing list