Linux Wireless - Linux Kernel Networking (4)
Contents
1. e You might find help on these topics in two Haifux lectures e Wireless management WiFi 802 11 in GNU Linux by Ohad Lutzky http www haifux org lectures 138 e Wireless securitv Firewall Piercing bv Alon Altman http www haifux org lectures 124 e Note We will not delve into hardware features General e Wireless networks market grows constantly e Two items from recent month newspaper ynet co il Over 12 000 wireless room hotels in Israel Over 50 000 wireless networks in Europe e In the late nineties there were discussions In IEEE committees regarding the 802 11 protocol e 1999 The first spec about 500 pages see no 1 in the list of links below e 2007 A second spec 1232 pages and there were some amendments since then SoftMAC and FulIMAC In 2000 2001 the market became abound with laptops with wireless nics It was important to produce wireless driver and wireless stack Linux solutions in time The goal was then as Jeff Garzik the previous wireless Maintainer put it They just want their hardware to work mac80211 new Linux softmac layer formerly called d80211 of Devicescape Current mac80211 maintainer Johannes Berg from sipsolutions Mac80211 merged into Kernel mainstream upstream starting 2 6 22 July 2007 Drivers were adjusted to use mac80211 afterwards Devicescape is a wireless networking company http devicescape com2. 1 1 0 1 0 1 DA SA BSSID n a DA BSSID SA n a BSSID SA DA n a RA TA DA SA AdHoc Infra From AP To AP Infra WDS Bridge My laptop as an access point My laptop as an access point There Is an Israeli Start Up company which develops free access point Windows sw which enables your laptop to be an access point http www bzeek com static index htmi Currently it is for Intel PRO Wireless 3945 In the future Intel PRO Wireless 4965 Power Save in Infrastructure Mode e Power Save it a hot subject e Intel linux Power Save site http www lesswatts org PowerTOP util e PowerTOP is a tool that helps you find which software is using the most power Power Save in Infrastructure Mode cont e Usual case Infrastructure BSS e Mobile devices are usually battery powered most of the time e A station may be in one of two different modes Awake fully powered Asleep also termed dozed in the specs e Access points never enters power save mode and does not transmit Null packets e In power save mode the station Is not able to transmit or recelve and consumes very low power e Until recently power management worked only with devices which handled power save In firmware e From time to time a station enters power save mode e This is done by firmware or by using mac80211 API e Dynamic power management patches that were recently sent by Kalle Valo Nok
3. which support Master Mode can be operated as Access Points by running the hostapd daemon e Hostapd implements part of the MLME AP code which is not in the kernel e and probably will not be in the near future e For example handling association requests which are received from wireless clients Hostapd cont e Hostapd uses the nl80211 API netlink socket based as opposed to ioctl based Hostapd cont e The hostapd starts the device in monitor mode drv gt monitor_ifidx nlg80211 create iface drv buf NL80211 IFTVPE MONITOR NULL The hostapd opens a raw socket with this device drv gt monitor_sock socket PF_PACKET SOCK_RAW htons ETH_P_ALL hostapd driver_nl80211 c The packets which arrive at this socket are handled by the AP e Receiving in monitor mode means that a special header RADIOTAP is added to the received packet e The hostapd changes management and control packets e The packet is sent by the sendmsg system call e sendmsg drv gt monitor_sock msg flags Hostapd cont e This means sending directly from the raw socket PF PACKET and putting on the transmit queue by dev_queue_xmit without going through the 80211 stack and without the driver e When the packet is transmitted an INJECTED flags is added This tells the other side which will receive the packet to remove the radiotap header IEEE80211 TX CTL INJECTED Hostapd cont e Hostapd manages e Association
4. www radiotap org Images e Beacon wireshark filter e wlan fc type subtype eq 8 shows only beacons Beacon filter sniff adHocHome eth Wireshark ae EA OG File Edit View Go Capture Analyze Statistics Help SA E AMA AAA a FS eaoeqQqFimzEmx sf ster jwlan fc tvpe subtvpe eq 8 e expression Clear 47 Apply No n Time Source gt Destination Protocol Info 35 2009 02 01 21 19 26 869991 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 34 FN 0 FI 36 2009 02 01 21 19 26 971987 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 35 FN 0 F 37 2009 02 01 21 19 27 075004 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 36 FN 0 F 38 2009 02 01 21 19 27 177043 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 37 FN 0 F 39 2009 02 01 21 19 27 280007 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 38 FN 0 F 40 2009 02 01 21 19 27 382008 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 39 FN 0 FI 41 2009 02 01 21 19 27 484010 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 40 FN 0 FI 42 2009 02 01 21 19 27 587003 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 41 FN 0 F 43 2009 02 01 21 19 27 689025 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 42 FN 0 F 2009 02 01 A 792008 E l E ba Broadcast IEEE Beacon E 5 2009 02 01 21 19 894004 00 21 80 JE Broadcast Beacon frame F 46 2009 02 01 21 19 27 996001 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon fra
5. Disassociation requests e Authentication deauthentication requests e The Hostapd keeps an array of stations When an association request of a new station arrives at the AP a new station is added to this array Hostapd cont e There are three types of IEEE80211 packets e The type and subtype of the packet are represented by the frame control field in the 802 11 header Management IEEE80211 FTYPE MGMT Each management frame contains information elements IES For example beacons has the ssid network name ESS IBSS bits 10 AP 01 IBSS and more WLAN_CAPABILITY_ESS WLAN_CAPABILITY_IBSS in ieee80211 h There are 47 types of information elements IEs in current implementation Allin include linux ieee20711 h Association and Authentication are management packets Beacons are also management frames IEEE80211 STVPE BEACON Hostapd cont Control IEEE80211 FTYPE_CTL For example PSPOLL IEEE80211 STYPE PSPOLL e Also ACK RTS CTS Data IEEE80211 FTVPE DATA e See include linux ieee80211 h The hostapd daemon sends special management packets called beacons Access Points send usuallv 10 beacons in a second this can be configured see the router manual page at the bottom e Thearea in Which these beacons appear define the basic service area From net mac80211 rx c with remarks IEEE 802 11 address fields ToDS FromDS Addri Addr2 Addr3 Addr4 0 0
6. Frames wlan fc tvpe subtype eq 13 Block Acknowledgement ACK Request wlan fc type_subtype eq 24 Block ACK wlan fc type_subtype eq 25 Power Save Poll wlan fc tvpe subtype eq 26 Request to Send wlan fc tvpe subtype eq 27 Sniffing a WLAN e You could sniff with wireshark e Sometime you can t put the wireless interface to promiscuous mode or it is not enough You should set the interface to work in monitor mode For example iwconfig wlan0 mode monitior e If you want to capture traffic on networks other than the one with which you re associated you will have to capture in monitor mode Sniffing a WLAN contd e See the following wireshark wiki page talking about various wireless cards and sniffing in Linux e WLAN IEEE 802 11 capture setup http wiki wireshark org CaptureSetup WLAN head e Using a filter from command line tshark R wlan i wlanO tethereal R wlan i wlan0 w wlan eth You will see this message in the kernel log e device wlanO entered promiscuous mode Sniffing a WLAN contd e Sometimes you will have to set a different channel than the default one in order to see beacon frames try channels 1 6 11 iwconfig wlan1 channel 11 Tip usefull wireshark display filter e For showing only beacons e wlan fc type_subtype eq 8 For tshark command line e tshark R wlan fc type_subtype eq 8 i wlanO e this will sniff for beacons Glossary AMPDU Applic
7. RF From time to time it turns the RF on but only for receiving beacons e When buffering in AP every packet unicast and multicast is saved in the corresponding key e The only exception is when strict ordering between unicast and multicast is enforced This is a service which MAC layer supply However it is rarely in use e From net mac80211 tx c ieee80211 tx h multicast ps buf no buffering for ordered frames if ieee80211 has_order hdr gt frame_control return TX_CONTINUE e The AP sends a TIM Traffic Indication Map with each beacon e Beacons are sent periodically from the AP e TIM i J 1 gt The AP has buffered traffic for a station with Association ID I In fact a partial virtual bitmap is sent which is a smaller data structure in most cases e The STA sends a PS POLL packet Power Saving Poll to tell the AP that it is awake e AP sends the buffered frame pspoll diagram Access Point Framel IEEE80211 FCTL MOREDATA Frame2 IEEEBOZ211 FCTL MOREDATA IBSS Mode e IBSS without an access point IBSS Independent BSS RI IBSS Mode contd e IBSS network is often formed without pre planning for only as long as the LAN is needed e This type of operation is often referred to as an Ad Hoc network Also sometimes called Peer To Peer network e Creating Ad Hoc network iwconfig wlanO mode ad hoc note if the nic is running you should
8. connect to external network like the Internet e Each station holds a routing table struct mesh table helps to decide which route to take e In the initial state when a packet is sent to another station there is first a lookup in the mesh table there is no hit soa PREQ Path Request is sent as a broadcast When the PREQ is received on all stations except the final destination it is forwarded When the PREQ is received on the final station a PREP is sent Path Reply lf there is some failure on the way a PERR is sent Path Error e Handled by mesh path error tx mesh hwmp c e The route take into consideration an airtime metric Calculated in airtime link metric get based on rate and other hw parameters e POWER SAVING in the MESH spec is optional Advantage Rapid deployment Minimal configuration inexpensive Easy to deploy in hard to wire environments Disadvantage Many broadcasts limit network performance You can set a wireless device to work in mesh mode only with the iw command You cannot perform this with the wireless tools Example setting a wireless nic to work in mesh mode Iw dev wlan1 interface add mesh type mp mesh_id 1 type mp gt Mesh Point 802 11 Physical Modes e 802 11 WIFI is a set of standards for wireless networking which were defined in 1997 but Started to become popular in the market around 2001 e 802 11a 1999 a
9. pub home do Location in the kernel tree net mac80211 A kernel module named mac80211 ko e Most wireless drivers were ported to use macs0211 There is a little number of exceptions though e Libertas Marvell does not work with macs0211 e libertas_ tf Marvell uses thin firmware so it does use mac80211 libertas tf supports Access Point and Mesh Point Both are in OLPC project e When starting development of a new driver most chances are that it will use mac80211 API Modes Infrastructure BSS Infrastructure BSS Classic ESS Extended Service Set ESS two or more BSSs Infrastructure BSS wired ess ee ee ee Access Point O Access Point eS No b gt BSS BSS e What is an Access Point e Edimax MIMO nMax BR 6504n Router e Linksys WRT54GL 54Mbps Route e NOTE Infrastructure BSS IBSS IBSS Independent BSS Ad Hoc mode e Access Point A wireless device acting in master mode with some hw enhancements and a management software like hostapd Awireless device in master mode cannot scan as opposed to other modes e Also a wireless device in monitor mode cannot scan e Master Mode is one of 7 modes in which a wireless card can be configured e All stations must authenticate and associate and with the Access Point prior to communicating e Stations sometimes perform scanning prior to authentication and association in order to get details about the Access Point l
10. run before this ifconfig wlanO down iwconfig wlanO essid myEssid The essid has to be distributed manually or otherwise to everyone who wishes to connect to the Ad Hoc network e The BSSID is a random MAC address in fact 46 bits of it are random e iwconfig wlanO essid myEssid triggers Ibss creation by calling ieee80211 sta create ibss net mac80211 mlme c e Joining an IBSS All members of the IBSS participate in beacon generation The members are synchronized TSF The beacon interval within an IBSS Is established by the STA that instantiates the IBSS leeeg80211 sta create ibss mime c The bssid of the ibss is a random address based on mixing get random bwvtes and MAC address Mesh Mode 80211s Full Mesh In the full mesh topology each node is connected directly to each of the others _ Mesh Mode 80211s Partial Mesh nodes are connected to only some not all 802 11s Mesh e 802 11s started as a Study Group of IEEE 802 11 in September 2003 and became a TG Task Group in 2004 name TGs e In 2006 two proposals out of 15 the SEE Mesh and Wi Mesh proposals were merged into one This is draft DO O1 e Wireless Mesh Networks are also called WMN e Wireless mesh networks forward data packets over multiple wireless hops Each mesh node acts as relay point router for other mesh nodes e In 2 6 26 the network stack added su
11. Firmware Most wireless drivers load firmware in the probe method by calling request_firmware Usually the firmware is not open source Open FirmWare for WiFi networks site http www ing unibs it openfwwit e Written in assembler B43 firmware will be replaced by open source firmware ath5k athk9k driver doesn t load firmware its fw is burnt into an onchip ROM Wireless Future trends WiMax e WiMax IEEE 802 16 e There are already laptops which are sold with e WiMax chips Toshiba Lenovo e WiMax and Linux e http linuxwimax org e Inaky Perez Gonzalez from Intel formeriv a kernel USB developer e Location in the kernel tree drivers net wimax Wireless Future trends WiMax contd e Two parts e Kernel module driver e User space management stack WIMAX Network Service e A request to merge linux wimax GIT tree with the netdev GIT tree was sent in 26 11 08 e http www spinics net lists netdev msg81902 html e There is also an initiative from Nokia for a WiMax stack for Linux Tips How can know if my wireless nic was configured to Support power management Look in iwconfig for Power Management entry How do know if my USB nic has support in Linux http www qbik ch usb devices How do know which Wireless Extensions does my kernel use Grep for define WIRELESS EXT In include linux wireless h in your kernel tree e How can I know the chan
12. Linux Wireless Linux Kernel Networking 4 advanced topics Rami Rosen ramirose gmail com Haifux March 2009 www haifux org Linux Kernel Networking 4 advanced topics e Note e This lecture is a sequel to the following 3 lectures gave 1 Linux Kernel Networking lecture http www haifux org lectures 1 72 slides http www haifux org lectures 172 netLec pdf 2 Advanced Linux Kernel Networking Neighboring Subsystem and IPSec lecture http www haifux org lectures 180 slides http www haifux org lectures 180 netLec2 pdf Linux Kernel Networking 4 advanced topics 3 Advanced Linux Kernel Networking IPv6 in the Linux Kernel lecture e http www halfux org lectures 18 7 Slides http www haifux org lectures 187 netLec3 pdf Contents e General IEEE80211 specs SoftMAC and FullMAC mac80211 e Modes 802 11 Topologies Infrastructure mode e Association e Scanning e Hostapd e Power save in Infrastructure mode IBSS Ad Hoc mode Mesh mode 80211s e 802 11 Physical Modes e Appendix mac80211 implementation details e Tips e Glossary e Links e Images e Beacon filter Wireshark sniff e edimax router user manual page BR 6504N e Note we will not deal with security encryption regulation fragmentation in the linux wireless stack and not deal with tools NetworkManager kwifimanager etc and not with billing Radius etc
13. a specific BSS Iwlist wlan1 scan essid homeNet Also in this case a broadcast is sent sometimes this will return homeNet1 also and homeNetz2 Example of scan results Iwlist wlan2 scan wlan2 Scan completed Cell 01 Address 00 16 E3 FO FB 39 ESSID SIEMENS FOFB39 Mode Master Channel 6 Frequency 2 437 GHz Channel 6 Quality 5 100 Signal level 25 100 Encryption key on IE Unknown 000E5349454D454E532D463046423339 IE Unknown 010882848B962430486C IE Unknown 030106 IE Unknown 2A0100 IE Unknown 32040C121860 IE Unknown DDO6001018020000 Bit Rates 1 Mb s 2 Mb s 5 5 Mb s 11 Mb s 18 Mb s 24 Mb s 36 Mb s 54 Mb s 6 Mb s 9 Mb s 12 Mb s 48 Mb s Extra tsf 00000063cbf32479 Extra Last beacon 470ms ago Cell 02 Address 00 13 46 73 D4 F1 ESSID D Link Mode Master Channel 6 Frequency 2 437 GHz Channel 6 Authentication e Open system authentication WLAN AUTH OPEN is the only mandatory authentication method required by 802 11 e The AP does not check the identity of the Station e Authentication Algorithm Identification 0 e Authentication frames are management frames Association e Ata given moment a station may be associated with no more than one AP e A Station STA can select a BSS and authenticate and associate to it e In Ad Hoc authentication is not defined Association contd e Trying this iwconfig wlan0 essid AP1 ap macAddress1 iwcon
14. ally up to date with wireless testing git tree e There is usually at least one pull request or more in a week to the netdev mailing list main Linux kernel networking mailing list e The Maintainer of the wireless 802 11 in the Linux kernel is John Linville RedHat starting from January 2006 e For helping in delving into the mac80211 code little help e Important data structures e struct ieee80211 hw represents hardware information and State include net mac80211 h Important member void priv pointer to private area Most drivers define a struct for this private area like Ibtf private Marvell or iwl priv iwlwifi of Intel or mac80211 hwsim data in mac80211 hwsim Every driver allocates it by leees0211_ alloc_hw Apointer to ieee80211 ops see later is passed as a parameter to ieee80211 alloc hw Every driver calls jeee80211 register hw to create wlanO and wmastero and for various initializations e You set the machine mode prior to calling ieee80211 register hw by assigning flags for the interface_modes flags of wiphy member wiphy itself is a member of ieee80211 hw structure For example hw gt wiphy gt interface_modes BIT NL80211 IFTYPE_STATION BIT NL80211 IFTVPE AP e This sets the machine to be in Access Point mode e struct ieee80211 if ap represents an access point see ieee80211 i h e Power saving members of ieee80211 if ap ps bc buf multi
15. ation Message Protocol Data Unit CRDA Central Regulatory Domain Agent CSMA CA Carrier Sense Multiple Access with Collision Avoidance CSMA CD Carrier Sense Multiple Access with Collision Detection DS Distribution System EAP The Extensible Authentication Protocol ERP extended rate PHY e HWMP Hybrid Wireless Mesh Protocol e MPDU MAC Protocol Data Unit e MIMO Multiple Input Multiple Output e PSAP Power Saving Access Points e PS Power Saving e RSSI Receive signal strength indicator e TIM Traffic Indication Map e WPA Wi Fi Protected Access e WME Wireless Multimedia Extensions Links e 1 IEEE 80211 specs http standards ieee org getieee802 802 11 html e 2 Linux wireless status June 2008 http www kernel org pub linux kernel people mcgro f presentations linux wireless status pdf e 3 official Linux Wireless wiki hosted by Johannes Berg http wireless kernel org or http linuxwireless org e 4 A book 802 11 Wireless Networks The Definitive Guide by Matthew Gast Publisher O Reilly e 5 Wireless Sniffing with Wireshark Chapter 6 of Syngress Wireshark and Ethereal Network Protocol Analyzer Toolkit e G http www lesswatts org Saving power with Linux an Intel site e 7 Abook Wireless Mesh Networking Architectures Protocols And Standards by Yan Zhang Jijun Luo Honglin Hu Hardcover 2006 Auerbach Publications 8 http
16. cast broadcast buffer num sta ps number of stations in PS mode e struct ieee80211 ops The drivers use its members include net mac80211 h e For example config to change a channel or config interface to change bssid e Some drivers upload firmware at the start method like Ibtf op start in libetras tf driver or zd_op_start which calls zd_op_start to upload firmware zd1211rw e All methods of this struct get a pointer to struct leee80211 hw as a first parameter There are 24 methods in this struct Seven of them are mandatory tx start stop add_interface remove_interface config and configure_filter If anvone of them is missina we end in BUG ON e Receiving a packet is done by calling leee80211_rx_irqsafe from the low level driver Eventually the packet is handled by jeee80211 rx e jeee8BO211 rx struct ieee80211 hw hw struct sk buff skb struct leee80211 rx status status e jeee80211 rx irqsafe can be called from interrupt context There is only one more mac80211 method which can be called from interrupt context leee80211 tx status irqsafe e Data frames Addr1 destination receiver MAC address Addr2 source transmitter MAC address Addr3 DS info Addr4 for WDS e Management frames Addri destination receiver MAC address Addr2 source transmitter MAC address Addr3 DS info Firmware e
17. fig wlanO essid AP2 ap macAddress2 e Will cause first associating to AP1 and then disassociating from AP1 and associating to AP2 e AP will not receive any data frames from a station before it it is associated with the AP Association contd e An Access Point which receive an association request will check whether the mobile station parameters match the Access point parameters These parameters are SSID Supported Rates and capabilitv information The Access Point also define a Listen Interval e When a station associates to an Access Point It gets an ASSOCIATION ID AID in the range l 2007 Association contd e Trying unsuccessfully to associate more than 3 times results with this message in the kernel log e apDeviceName association with AP apMacAddress timed out and ths state is changed to IEEE80211 STA MLME DISABLED e Also if does not match securly requirement will return IEEE80211 STA MLME DISABLED Hostapd hostapd Is a user space daemon implementing access point functionality and authentication servers It supports Linux and FreeBSD http hostap epitest fi hostapd Developed by Jouni Malinen hostapd conf is the configuration file e Example of a very simple hostapd conf file interface wlan0 driver nl80211 hw_mode g channel 1 ssid homeNet Hostapd cont e Launching hostapd hostapd hostapd conf add dd for getting more verbose debug messages e Certain devices
18. ia e How do we initiate power save e iwconfig wlanO power timeout 5 Sets the timeout to 5 seconds e Note this can be done only with the beta version of Wireless Tools version 30 pre7 beta e http www hpl hp com personal Jean Tourrilhes Linux Tools htmil e In case the firmware has support for power Save drivers can disable this feature by setting IEEE80211 HW NO STACK DYNAMIC PS flag in the driver configuration e The Access Point is notified about it by a null frame which is sent from the client which calls ieee80211 send nullfunc The PM bit is set in this packet Power Management e When STAZ Is in power saving mode e AP has two buffers a doubly linked list of sk buff structures sk buff head For unicast frames ps tx bufin sta one queue for each station For multicast broadcast frames ps bc buf one for AP p gt e Each AP has an array of its associated stations inside sta_info objects Each one has ps_tx_buf queue inside for unicasts and ps_bc_ buf for multicast broadcasts e The size of ps_tx_buf and of ps_bc_ buf is 128 packets define STA MAX TX BUFFER 128 in net mac80211 sta info h define AP MAX BC BUFFER 128 in net mac80211 ieee80211 i h Adding to the queue done by skb_queue_tail There is however a common counter total ps buffered which sums both buffered unicasts and multicasts e When a station enters PS mode it turns off its
19. ike mac address essid and more scanning e Scanning can be Active send broadcast Probe request scanning Passive Listening for beacons scanning Some drivers support passive scanning see the IEEE80211 CHAN PASSIVE SCAN flag Passive scanning is needed in some higher 802 11A frequency bands as you re not allowed to transmit anything at all until you ve heard an AP beacon e scanning with iwlist wlanO scan is in fact sending an IOCTL SIOCSIWSCAN Scanning contd e Itis handled by leee80211 iocti siwscan e This is part of the Wireless Extensions mechanism aka WE e Also other operations like setting the mode to Ad Hoc or Managed can be done via IOCTLsS e The Wireless Extensions module see net mac80211 wext c e Eventually the scanning starts by calling ieee80211 sta start scan method in net mac80211 mlme c e MLME MAC Layer Management Entity Scanning contd e Active Scanning is performed by sending Probe Requests on all the channels which are Supported by the station One station in each BSS will respond to a Probe Request That station is the one which transmitted the last beacon in that BSS e In infrastructure BSS this stations is the Access Point e Simply because there are no other stations in BSS which send beacons e In IBSS the station which sent the last beacon can change during time Scanning contd e Vou can also sometimes scan for
20. me SN 45 FN 0 F 47 2009 02 01 21 19 28 098987 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 46 FN 0 F 48 2009 02 01 21 19 28 200998 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 47 FN 0 F 49 2009 02 01 21 19 28 304004 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 48 FN 0 F 50 2009 02 01 21 19 28 406004 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 49 FN 0 F 51 2009 02 01 21 19 28 508992 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 50 FN 0 F 52 2009 02 01 21 19 28 611003 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 51 FN 0 F 53 2009 02 01 21 19 28 714004 00 21 91 80 ba 2d Broadcast IEEE 802 Beacon frame SN 52 FN 0 FT BA naqa Ar 61 31 10 9790 901760109 AN 21 01 09 b5 9a4 Deasdr gt ec Teel CAD Dan freama cAI_c gt CMA id E I I gt b Radiotap Header vO Length 24 w iEEEE 802 11 Beacon frame Llaga lt o sa sa so Tvpe Subtvpe Beacon frame 0x08 b Frame Control 0x0080 Normal Duration 0 Destination address Broadcast ff ff ff ff ff ff Source address 00 21 91 80 ba 2d 00 21 91 80 ba 2d BSS Id 22 3f b7 97 3e 45 22 3f b7 97 3e 45 Hp I ee ee te mimbi ea se A 0000 00 00 18 00 Oe 58 00 00 10 02 6c 09 aO OO OO 5b oes ell 0816 BO 06 6B BB 86 08 BO GO 8B BB 00 BB TF TT FR TF mma mm 0020 ff ff 00 21 91 80 ba 2d 22 3f b7 97 3e 45 cO 02 mass Aids Bi 0030 a6 a3 Of 00 00 00 00 OO 64 00 02 00 00 07 68 6f Alsrenszenz ho aor 9 Past
21. nel number from a sniff Look at the radiotap header in the sniffer output channel frequency translates to a channel number 1 to 1 See also Table 15 7 DSSS PHY frequency channel plan in the 2007 80211 Often the channel number appears in square brackets Like channel frequency 2437 BG 6 BG stands for 802 11B 802 11G respectively e Channel 14 for example would show as B because you re not allowed to transmit 802 11G on it e Israel regdomain http wireless kernel org en developers Regulatory Database alpha2 IL IL is in the range 1 13 With US configuration only channel 1 to 11 are selectable Not 12 13 Many Aps ares shipped on a US configuration e What Is the MAC address of my nic cat sys class ieee80211 phy macaddress Common Filters for wireshark sniffer Management Frames wlan fc type eq O Control Frames wlan fc type eq 1 Data Frames wlan fc type eq 2 Association Request wlan fc type_subtype eq O Association response wlan fc type_subtype eq 1 Reassociation Request wlan fc type_subtype eq 2 Reassociation Response wlan fc type_subtype eq 3 Probe Request wlan fc tvpe subtvpe eq 4 Probe Response wlan fc tvpe subtype eq 5 Beacon wlan fc type_subtype eq 8 Announcement Traffic Indication Map ATIM wlan fc type_subtype eq 9 Disassociate wlan fc tvpe subtype eq 10 Authentication wlan fc type subtype eq 11 Deauthentication wlan fc type_subtype eq 12 Action
22. or e er a es e File adHocHome eth 6994 Bytes 00 01 27 Packets 68 Displayed 34 Marked O Beacon interval and DTIM period in edimax router BR 6504N From the manual gt AS 88 f e Setup 9 4 neral Setup Status Info System Tools Advance Settings EDIMAX NETWORKING PEOPLE TOGETHER These settings are only for more technically advanced users who have a sufficient knowledge about a System wireless LAN These settings should not be changed unless you know what effect the changes will have on your Broadband router WAN LAN X Wireles b Basic Setti Fragment Threshold 2346 256 2346 RTS Threshold 2347 0 2347 Beacon Interval 100 20 1024 ms DTIM Period 3 1 10 NAT Data Rate Auto Firewall N Data Rate Auto Channel With Auto 20 40 MHZ 20 MHZ Preamble Type Short Preamble Long Preamble Broadcast Essid Enable Disable CTS Protect O Auto O Always None Tx Power 100 vw Turbo Mode 6 Enable Disable MM O Enable Disable Thank You
23. pport for the draft of wireless mesh networking 802 11s thanks to the open80211s project http www open80211s org There is still no final spec There are currently five drivers in linux with support to mesh networking ath5k b43 libertas tf p54 Zd1211rw and one is under development rt2x00 e Opens0211 s e Goal To create the first open implementation of 802 11s Sponsors e OLPC project e Cozybit http www cozybit com the company that developed the mesh software on the OLPC Laptop Luis Carlos Cobo and Javier Cardona both from Cozybit developed the Linux mac80211 mesh code e Nortel e 80211 s defines a default routing protocol called HWMP Hybrid Wireless Mesh Protocol e Based on Ad Hoc Demand Distance Vector AODV routing C Perkins rfc3561 e The HWMP protocol works with layer 2 Mac addresses e The 80211 header was extended Attl field was added to avoid loops e The current implementation uses on demand path selection e The draft also talks about proactive path selection This is not implemented yet in the Linux Kernel Uses Root Announcement RANN messages and Mesh Portal as a root e As with IPV4 static routes you can force a specific next hop for a mesh station MESH_PATH_FIXED flag mesh_path_fix_nexthop in mesh_pathtbl c e Every station is called an MP Mesh Point e MPP is a Mesh Portal For example when an MP is used to
24. re mode with an AccessPoint AP The access point hold a list of associated stations also called managed IBSS Independent BSS Ad Hoc mode When using ad hoc an access point is not needed Monitor mode WDS Wireless Distribution System Modes of operation contd Wireless Distribution System WDS allows access points to talk to other access points e Mesh see include linux nl80211 h enum nl8g0211 iftype NL80211 IFTYPE_UNSPECIFIED NL80211 IFTYPE_ADHOC NL80211 IFTVPE STATION NL80211 IFTVPE AP NL80211 IFTVPE AP VLAN NL80211 IFTVPE WDS NL80211 IFTVPE MONITOR NL80211 IFTVPE MESH POINT cfg80211 and nl80211 e Wireless Extensions has a new replacement e It is cfg80211 and nl80211 message based mechanism using netlink interface e iw uses the nl80211 interface You can compare it the the old ioctl based net tools versus the new rtnetlink IPROUTEZ set of tools You cannot set master mode with Iw You cannot change the channel with iw Wireless git trees Wireless testing Was started on February 14 2008 by John Linville primary development target the bleeding edge Linux wireless developments wireless next 2 6 Wireless 2 6 Daily compat wireless tar ball in http www orbit lab org kernel compat wireless 2 6 The compat wireless tar ball includes only part of the kernel Essentially it includes wireless drivers and wireless stack e Fedora kernels are usu
25. t 5 GHz 54MBit maximum speed range about 30m e 802 11b 1999 at 2 4GHz 11Mbit maximum speed range about 30m e 802 11g 2003 at 2 4GHz 54Mbit maximum speed range about 30m e 802 11n 2008 at 2 4GHz 5GHz 200 Mbit typical range about 50m e is planned to support up to about 540Mbit 600 Mbit e Improves the previous 802 11 standards by adding multiple input multiple output MIMO multiple antennas High Throughput HT Use packet aggregation e The ability to send several packets together at one time e Still is considered a proposal Expected to be approved only in December 2009 or later e iwlagn and ath9k are the only drivers that support 80211 n in the Linux kernel at the moment e Tip how can know whether my wireless nic supports 80211 n7 Run iwconfig You should see IEEE 802 11abgn or somesuch Appendix mac80211 implementation details e BSSID Basic Service Set Identification e Each BSS has an BSSID e BSSID is an 48 bit number like MAC address This avoids getting broadcasts from other networks which may be physically overlapping In infrastructure BSS the BSSID is the MAC address of the Access Point which created the BSS In IBSS the BSSID is generated from calling a random function generating 46 random bits the other 2 are fixed Modes of operation A wireless interface always operates in one of the following modes Infrastructu
Download Pdf Manuals
Related Search