iwn in monitor mode with fixed channel

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

iwn in monitor mode with fixed channel

Péter Bertalan Zoltán-2
I am sorry if the answer to this question is trivial, I am rather new to
OpenBSD and have a lot to learn.

I have an 'Intel Centrino Advanced-N 6205' network card that I am trying
to put into monitor mode on a fixed channel using ifconfig. However, I
am experiencing this peculiar behaviour (at least to me):

---snip---
# ifconfig iwn0
iwn0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr aa:bb:cc:dd:ee:ff
        index 2 priority 4 llprio 3
        groups: wlan egress
        media: IEEE802.11 autoselect (HT-MCS1 mode 11n)
        status: active
        ieee80211: nwid my-AP chan 11 bssid 11:22:33:44:55:66 -33dBm
                   wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp
                   wpagroupcipher ccmp
        inet 192.168.43.125 netmask 0xffffff00 broadcast 192.168.43.255
# ifconfig iwn0 -nwid -inet <-- As far as I understand, I can disconnect
                                like this? But sometimes it does
                                nothing.
# ifconfig iwn0
iwn0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr aa:bb:cc:dd:ee:ff
        index 2 priority 4 llprio 3
        groups: wlan egress
        media: IEEE802.11 autoselect (DS1)
        status: no network
        ieee80211: nwid ""
# ifconfig iwn0 mediaopt monitor chan 4
# ifconfig iwn0
iwn0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr aa:bb:cc:dd:ee:ff
        index 2 priority 4 llprio 3
        groups: wlan egress
        media: IEEE802.11 autoselect monitor
        status: active
        ieee80211: nwid my-AP chan 1 bssid 11:22:33:44:55:66
---snip---

What is going on? Why is my nwid set back again to my AP? Furthermore,
why am I on channel 1 when I selected channel 4? Now when I disable the
device:

---snip---
# ifconfig iwn0 down && ifconfig iwn0
iwn0: flags=8806<BROADCAST,DEBUG,SIMPLEX,MULTICAST> mtu 1500
        lladdr aa:bb:cc:dd:ee:ff
        index 2 priority 4 llprio 3
        groups: wlan egress
        media: IEEE802.11 autoselect monitor
        status: no network
        ieee80211: nwid "" chan 4
---snip---

So the channel is actually set to 4, but when I enable the interface
again, it resets to my AP and to channel 1. I am greatly confused as to
why I keep reconnecting to my AP... Neither `ifconfig iwn0 joinlist` nor
`/etc/hostname.iwn0` contains any line related to 'my-AP'.

Sometimes, when I don't set the channel, I get some high channel like
149 assigned. I am not sure what '(DS1)' means; I didn't find anything
in ifconfig(8), but it is not there after a fresh boot. Is it related?

I am sure I am doing something wrong. Thank you very much in advance for
shedding some light on what.

--
Bertalan Z. Péter <[hidden email]>
FB9B 34FE 3500 3977 92AE  4809 935C 3BEB 44C1 0F89

/"\
\ /    ASCII Ribbon Campaign
 X   against HTML email & proprietary attachments

Reply | Threaded
Open this post in threaded view
|

Re: iwn in monitor mode with fixed channel

Stefan Sperling-5
On Fri, Jul 26, 2019 at 12:01:32PM +0200, Péter Bertalan Zoltán wrote:

> I am sorry if the answer to this question is trivial, I am rather new to
> OpenBSD and have a lot to learn.
>
> I have an 'Intel Centrino Advanced-N 6205' network card that I am trying
> to put into monitor mode on a fixed channel using ifconfig. However, I
> am experiencing this peculiar behaviour (at least to me):
>
> ---snip---
> # ifconfig iwn0
> iwn0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr aa:bb:cc:dd:ee:ff
>        index 2 priority 4 llprio 3
>        groups: wlan egress
>        media: IEEE802.11 autoselect (HT-MCS1 mode 11n)
>        status: active
>        ieee80211: nwid my-AP chan 11 bssid 11:22:33:44:55:66 -33dBm
>           wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp
>   wpagroupcipher ccmp
>        inet 192.168.43.125 netmask 0xffffff00 broadcast 192.168.43.255
> # ifconfig iwn0 -nwid -inet <-- As far as I understand, I can disconnect
>                                like this? But sometimes it does
> nothing.
> # ifconfig iwn0
> iwn0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr aa:bb:cc:dd:ee:ff
>        index 2 priority 4 llprio 3
>        groups: wlan egress
>        media: IEEE802.11 autoselect (DS1)
>        status: no network
>        ieee80211: nwid ""
> # ifconfig iwn0 mediaopt monitor chan 4
> # ifconfig iwn0
> iwn0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr aa:bb:cc:dd:ee:ff
>        index 2 priority 4 llprio 3
>        groups: wlan egress
>        media: IEEE802.11 autoselect monitor
>        status: active
>        ieee80211: nwid my-AP chan 1 bssid 11:22:33:44:55:66
> ---snip---
>
> What is going on? Why is my nwid set back again to my AP? Furthermore,
> why am I on channel 1 when I selected channel 4? Now when I disable the
> device:
>
> ---snip---
> # ifconfig iwn0 down && ifconfig iwn0
> iwn0: flags=8806<BROADCAST,DEBUG,SIMPLEX,MULTICAST> mtu 1500
>        lladdr aa:bb:cc:dd:ee:ff
>        index 2 priority 4 llprio 3
>        groups: wlan egress
>        media: IEEE802.11 autoselect monitor
>        status: no network
>        ieee80211: nwid "" chan 4
> ---snip---
>
> So the channel is actually set to 4, but when I enable the interface
> again, it resets to my AP and to channel 1. I am greatly confused as to
> why I keep reconnecting to my AP... Neither `ifconfig iwn0 joinlist` nor
> `/etc/hostname.iwn0` contains any line related to 'my-AP'.
>
> Sometimes, when I don't set the channel, I get some high channel like
> 149 assigned. I am not sure what '(DS1)' means; I didn't find anything
> in ifconfig(8), but it is not there after a fresh boot. Is it related?
>
> I am sure I am doing something wrong. Thank you very much in advance for
> shedding some light on what.


This is a cosmetic issue.

Internally to net80211, there are two channels: The 'default' channel
(referred to as "ic_ibss_chan" in source code) and the 'desired'
channel (referred to as "ic_des_chan" in source code).

The default channel is initialized when the driver attaches (usually
to channel 1). Monitor mode uses this default channel, which you've
modified while the interface was in monitor mode.
ifconfig shows this channel while the interface is down.

Furthermore, the channel for each known AP is stored alongside other
data such as the AP's SSID. While the interface is up, ifconfig shows
the channel of the currently selected AP. This selection is ineffective
in monitor mode because no connection to any AP is initiated, but data
from the previous connection is still there and is being displayed.

I would be happy about patches which make monitor mode less confusing
to use but I won't fix trivial things like this myself because there
are more important things which need fixing in the wireless stack.

Reply | Threaded
Open this post in threaded view
|

Re: iwn in monitor mode with fixed channel

Péter Bertalan Zoltán-2
On 2019-07-26, Stefan Sperling wrote:

>Internally to net80211, there are two channels: The 'default' channel
>(referred to as "ic_ibss_chan" in source code) and the 'desired'
>channel (referred to as "ic_des_chan" in source code).
>
>The default channel is initialized when the driver attaches (usually
>to channel 1). Monitor mode uses this default channel, which you've
>modified while the interface was in monitor mode.
>ifconfig shows this channel while the interface is down.
>
>Furthermore, the channel for each known AP is stored alongside other
>data such as the AP's SSID. While the interface is up, ifconfig shows
>the channel of the currently selected AP. This selection is ineffective
>in monitor mode because no connection to any AP is initiated, but data
>from the previous connection is still there and is being displayed.

So as far as I understand, when I issued
    # ifconfig iwn0 mediaopt monitor chan 4
I have modified the *default channel*, which monitor mode uses? And in
monitor mode, what `ifconfig iwn0` shows as the AP (after 'ieee80211:')
can be disregarded, including the channel, because those settings are
ineffective in monitor mode?

But this would mean that the interface is indeed set to use channel 4,
as desired. However:

---snip---
# airodump-ng --channel 4 iwn0
 CH  4 ][ Elapsed: 1 min ][ 2019-07-26 13:48 ][ fixed channel iwn0: 12
 ...
---snip---

Is this an issue with aircrack-ng? Did I misunderstand you?

>I would be happy about patches which make monitor mode less confusing
>to use but I won't fix trivial things like this myself because there
>are more important things which need fixing in the wireless stack.

I am considering contributing to the project myself, but I am afraid my
knowledge is not quite there yet.

And thank you for your response!

--
Bertalan Z. Péter <[hidden email]>
FB9B 34FE 3500 3977 92AE  4809 935C 3BEB 44C1 0F89

/"\
\ /    ASCII Ribbon Campaign
 X   against HTML email & proprietary attachments
/ \    www.asciiribbon.org

Reply | Threaded
Open this post in threaded view
|

Re: iwn in monitor mode with fixed channel

Stefan Sperling-5
On Fri, Jul 26, 2019 at 01:53:04PM +0200, Péter Bertalan Zoltán wrote:

> On 2019-07-26, Stefan Sperling wrote:
> > Internally to net80211, there are two channels: The 'default' channel
> > (referred to as "ic_ibss_chan" in source code) and the 'desired'
> > channel (referred to as "ic_des_chan" in source code).
> >
> > The default channel is initialized when the driver attaches (usually
> > to channel 1). Monitor mode uses this default channel, which you've
> > modified while the interface was in monitor mode.
> > ifconfig shows this channel while the interface is down.
> >
> > Furthermore, the channel for each known AP is stored alongside other
> > data such as the AP's SSID. While the interface is up, ifconfig shows
> > the channel of the currently selected AP. This selection is ineffective
> > in monitor mode because no connection to any AP is initiated, but data
> > from the previous connection is still there and is being displayed.
>
> So as far as I understand, when I issued
>    # ifconfig iwn0 mediaopt monitor chan 4
> I have modified the *default channel*, which monitor mode uses? And in
> monitor mode, what `ifconfig iwn0` shows as the AP (after 'ieee80211:')
> can be disregarded, including the channel, because those settings are
> ineffective in monitor mode?

Yes. What ifconfig shows you here is bogus.

> But this would mean that the interface is indeed set to use channel 4,
> as desired. However:
>
> ---snip---
> # airodump-ng --channel 4 iwn0
> CH  4 ][ Elapsed: 1 min ][ 2019-07-26 13:48 ][ fixed channel iwn0: 12
> ...
> ---snip---
>
> Is this an issue with aircrack-ng? Did I misunderstand you?

I have no idea what aircrack-ng is doing.

You can verify the current channel with:
  tcpdump -i iwn0 -y IEEE802_11_RADIO

This shows the current channel number in radiotap headers, e.g.:
  ... <radiotap v0, chan 4, 11n, ...> ...

Reply | Threaded
Open this post in threaded view
|

Re: iwn in monitor mode with fixed channel

Rudy Baker
The moment I started reading this I thought "this dude is playing with
aircrack". Surely enough I was right.

On Fri, Jul 26, 2019, 10:14 AM Stefan Sperling, <[hidden email]> wrote:

> On Fri, Jul 26, 2019 at 01:53:04PM +0200, Péter Bertalan Zoltán wrote:
> > On 2019-07-26, Stefan Sperling wrote:
> > > Internally to net80211, there are two channels: The 'default' channel
> > > (referred to as "ic_ibss_chan" in source code) and the 'desired'
> > > channel (referred to as "ic_des_chan" in source code).
> > >
> > > The default channel is initialized when the driver attaches (usually
> > > to channel 1). Monitor mode uses this default channel, which you've
> > > modified while the interface was in monitor mode.
> > > ifconfig shows this channel while the interface is down.
> > >
> > > Furthermore, the channel for each known AP is stored alongside other
> > > data such as the AP's SSID. While the interface is up, ifconfig shows
> > > the channel of the currently selected AP. This selection is ineffective
> > > in monitor mode because no connection to any AP is initiated, but data
> > > from the previous connection is still there and is being displayed.
> >
> > So as far as I understand, when I issued
> >    # ifconfig iwn0 mediaopt monitor chan 4
> > I have modified the *default channel*, which monitor mode uses? And in
> > monitor mode, what `ifconfig iwn0` shows as the AP (after 'ieee80211:')
> > can be disregarded, including the channel, because those settings are
> > ineffective in monitor mode?
>
> Yes. What ifconfig shows you here is bogus.
>
> > But this would mean that the interface is indeed set to use channel 4,
> > as desired. However:
> >
> > ---snip---
> > # airodump-ng --channel 4 iwn0
> > CH  4 ][ Elapsed: 1 min ][ 2019-07-26 13:48 ][ fixed channel iwn0: 12
> > ...
> > ---snip---
> >
> > Is this an issue with aircrack-ng? Did I misunderstand you?
>
> I have no idea what aircrack-ng is doing.
>
> You can verify the current channel with:
>   tcpdump -i iwn0 -y IEEE802_11_RADIO
>
> This shows the current channel number in radiotap headers, e.g.:
>   ... <radiotap v0, chan 4, 11n, ...> ...
>
>
Reply | Threaded
Open this post in threaded view
|

Re: iwn in monitor mode with fixed channel

Péter Bertalan Zoltán-2
In reply to this post by Stefan Sperling-5
On 2019-07-26, Stefan Sperling wrote:
>I have no idea what aircrack-ng is doing.
>
>You can verify the current channel with:
>  tcpdump -i iwn0 -y IEEE802_11_RADIO
>
>This shows the current channel number in radiotap headers, e.g.:
>  ... <radiotap v0, chan 4, 11n, ...> ...

Indeed, according to this the channel is correctly set. This must have
to do with aircrack-ng then. Thank you.

--
Bertalan Z. Péter <[hidden email]>
FB9B 34FE 3500 3977 92AE  4809 935C 3BEB 44C1 0F89

/"\
\ /    ASCII Ribbon Campaign
 X   against HTML email & proprietary attachments
/ \    www.asciiribbon.org