OpenWrt Forum Archive

Topic: WRT54GSv2 WLAN monitoring

The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi,

seems like I am missing some specific part when setting up my WLAN for kind of airodump.

Here I get stuck:

root@OpenWrt:~# airodump-ng prism0
Error setting monitor mode on prism0

And this is how I get there:
  - installed brcm-2.4 stock binary of Kamikaze 7.09
  - setup lan iface
  - setup wifi in non-bridged mode
  - setup ipkg
  - install both aircrack-{ng|ptw}
  - reboot to make sure everything is config'ed correct
  - issue "wlc monitor 1"

ifconfig ~>
root@OpenWrt:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0F:66:C7:78:35
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:311 errors:0 dropped:0 overruns:0 frame:0
          TX packets:529 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:28991 (28.3 KiB)  TX bytes:123227 (120.3 KiB)
          Interrupt:5

eth0.0    Link encap:Ethernet  HWaddr 00:0F:66:C7:78:35
          inet addr:192.168.3.199  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:312 errors:0 dropped:0 overruns:0 frame:0
          TX packets:257 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:23485 (22.9 KiB)  TX bytes:33195 (32.4 KiB)

eth0.1    Link encap:Ethernet  HWaddr 00:0F:66:C7:78:35
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:273 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:88179 (86.1 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

prism0    Link encap:UNSPEC  HWaddr 00-0F-66-C7-78-37-00-00-00-00-00-00-00-00-00
-00
          UP BROADCAST  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl0       Link encap:Ethernet  HWaddr 00:0F:66:C7:78:37
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:23231
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:4 Base address:0x1000

root@OpenWrt:~#

looks good

iwconfig ~>
root@OpenWrt:~# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

eth0.0    no wireless extensions.

eth0.1    no wireless extensions.

wl0       IEEE 802.11-DS  ESSID:""
          Mode:Repeater  Frequency:2.432 GHz  Tx-Power:19 dBm
          RTS thr:2347 B   Fragment thr:2346 B
          Encryption key:off

prism0    no wireless extensions.

root@OpenWrt:~#

looks good - prism0 is present, but still:
root@OpenWrt:~# airodump-ng prism0
Error setting monitor mode on prism0
root@OpenWrt:~#

Can you give me a hint please! What am I missing?

Many thanks!
harry




--- additional -------------------------------------------
root@OpenWrt:~# airodump-ng prism0
Error setting monitor mode on prism0
root@OpenWrt:~# cat /etc/config/network
#### VLAN configuration
config switch eth0
        option vlan0    "1 2 3 4 5*"
        option vlan1    "0 5"


#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0


#### LAN configuration
config interface lan
        #option type    bridge
        option ifname   "eth0.0"
        option proto    static
        option ipaddr   192.168.3.199
        option netmask  255.255.255.0
        option dns      192.168.3.1

#### WiFi interface
config interface wifi
        option ifname   "wl0"
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0

#### WAN configuration
config interface        wan
        option ifname   "eth0.1"
        option proto    dhcp
root@OpenWrt:~#
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device  wl0
        option type     broadcom
        option channel  5

        # REMOVE THIS LINE TO ENABLE WIFI:
        option disabled 0

config wifi-iface
        option device   wl0
        option network  wifi
        option mode     sta
        option ssid     bogus
        option encryption none
root@OpenWrt:~#

hmmm no replies. no "search the forum" flames.
does that mean i found a bug?

/harry

Here's what I get....

  bootup-

no prism0 from "iwconfig"
no prism0 from "ifconfig"

        Source 0 (wireless): Opening wrt54g source interface prism0...
        FATAL: ioctl: No such device
        from
       "kismet_drone -f /etc/kismet/kismet_drone.conf"

still no prism0 with "ifconfig wl0 up"

     ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211
or ARPHRD_IEEE80211_PRISM instead.  Make sure RFMON is enabled:
run 'ifconfig wl0 up; iwconfig wl0 mode Monitor channel <#>'   
            from
           "airodump-ng wl0" 

  "iwconfig" now has prism0  no wireless extensions after "airodump-ng wl0" ran once and failed. 

Now "airodump-ng prism0" works. 

The best part is :     
      "kismet_drone -f /etc/kismet/kismet_drone.conf"

kismet drone finally works for me with Kamikaze 7.09!!!

So I don't have a prism0 until "airodump-ng wl0" tries running once and fails. Then the prism0 is up. I didn't "ifconfig wl0 up" after "airodump-ng wl0" ran the first time but a prism0 appeared after. No prism0 before running "airodump-ng wl0". Now "airodump-ng prism0" works after failing once with "airodump-ng wl0" It seems running "airodump-ng wl0" also switched wl0 into Monitor mode. How nice of aircrack-ng to help me get a kismet drone working!  Kismet drone seems to scan better than airodump-ng. Maybe it's just me. I don't know if any of that helps you but I'm doing this on a WRT54GS v2.1.    Good Luck

(Last edited by knowname on 11 Jan 2008, 08:54)

Indeed, the whole monitoring issue on WRT54G (mine is v4) is a bit strange. Here is a sequence of commands one can run with "kamikaze 7.09 & 2.4 kernel" to get monitoring to work:

###
wl monitor 1
ifconfig wl0 up
iwconfig wl0 txpower 5mW
airodump-ng wl0
airodump-ng prism0
###

I reduce the power for monitoring since it should not emit anything anyway ...

Note that without running "airodump-ng wl0" (which fails), "prism0" does not work.

(Last edited by airsurfer on 3 May 2008, 19:20)

Thanks for the info on this thread - I've managed to get airodump-ng working and capturing packets to a remotely mounted filesystem.

However I'm having issues with airodump-ng wrongly identifying the type of encryption - it initially shows as "WEP" but changes to "WPA2" after a while even though I know the network is WEP.

I've found something here that mentions a similar problem: -

Airodump-ng keeps switching between WEP and WPA

This is happening because your driver doesn't discard corrupted packets (that have an invalid CRC). If it's a ipw2100 (Centrino b), it just can't be helped; go buy a better card. If it's a Prism2, try upgrading the firmware.

Has anybody else had similar problems or maybe a solution?

(I am using Kamikaze on a WRT54GL)

Thanks.

(Last edited by anfin on 12 Jul 2008, 13:47)

The discussion might have continued from here.