Where are my packets?

Bill bthiede at cybernet.com
Tue Jun 29 15:30:18 EDT 2004


So I'm trying to see packets going between 2 Cisco bridges.  WEP is off as
well as 802.1x etc. When I do a traffic dump on Windows using WildPackets
AiroPeek I see data packets going between the two.  They have their FromDS
and
ToDS bits set accordingly and everything seems peachy.

Now on the Linux side I'm trying to do the same and having a rough time.  I
set up my card using the following firmware versions:

NICID: id=0x800c v1.0.0 (PRISM II (2.5) PCMCIA (SST parallel flash))
PRIID: id=0x0015 v1.1.4
STAID: id=0x001f v1.7.4 (station firmware)

I'm using hostap-driver-0.2.3 and Linux 2.4.24 on x86.

Now I setup the card to be in Monitor mode and give it an IP. I put a call to
hostap_dump_rx_header() right befor the skb_queue_tail() call in prism2_rx()
[in hostap_hw.c:2093] and I still can't see any of the packets I'm looking
for.  I get a bunch of these:

wifi0: RX status=0x0000 (port=0, type=0, fcserr=0) silence=0 signal=40
rate=10 rxflow=0; jiffies=32378664
    FC=0x0080 (type=0:8) dur=0x0000 seq=0x1f50 data_len=36
    A1=ff:ff:ff:ff:ff:ff A2=00:0d:ed:b8:7f:59 A3=00:0d:ed:b8:7f:59
A4=4f:5d:30:c2:91:e5
    dst=c1:74:35:81:72:28 src=1b:73:ae:ee:18:7b len=36

Which are normal, I get these when the card is in Master or Monitor mode.
Also I get a bunch of these only in Monitor mode:

wifi0: RX status=0x0701 (port=7, type=0, fcserr=1) silence=0 signal=40
rate=110 rxflow=0; jiffies=32427806
    FC=0x3bca (type=2:12) dur=0xfdf2 seq=0x313a data_len=92 [ToDS] [FromDS]
    A1=f1:d8:e5:b8:99:f9 A2=3e:dc:25:85:42:9b A3=81:f5:dd:b4:13:86
A4=5e:74:2a:3b:45:ba
    dst=6f:0c:12:6b:37:c5 src=b7:f8:3b:e3:9d:8f len=92


wifi0: RX status=0x0701 (port=7, type=0, fcserr=1) silence=0 signal=41
rate=110 rxflow=0; jiffies=32428086
    FC=0x8da9 (type=2:10) dur=0x3145 seq=0x9e26 data_len=38 [ToDS]
    A1=e8:ad:90:ee:a6:56 A2=ca:66:13:bf:11:9c A3=65:c4:ad:b8:c3:d8
A4=9c:5d:50:a0:49:a4
    dst=05:01:00:c8:04:00 src=10:48:80:20:40:40 len=38


wifi0: RX status=0x0701 (port=7, type=0, fcserr=1) silence=0 signal=40
rate=110 rxflow=0; jiffies=32429306
    FC=0x0af6 (type=1:15) dur=0xb572 seq=0x75fd data_len=98 [FromDS]
    A1=63:1b:5c:7d:aa:34 A2=a4:5b:dd:d2:61:9a A3=37:6d:13:58:f9:b7
A4=d2:90:87:b3:1e:cf
    dst=67:aa:1d:95:95:63 src=0a:eb:80:70:e3:12 len=98


I'm assuming that when fcserr=1 the rest is junk.  Is that true?  Or am I
just
seeing cards that are far away and that's why the seemingly random MAC addrs
are present?

Is there somewhere more low level than:

hostap_hw.c:2070
memcpy(skb_put(skb, hdr_len), &rxdesc, hdr_len);

to get header data and look for my missing Cisco packets?

Thanks for any help in advance,

        Bill




More information about the HostAP mailing list