Loading ...
Sorry, an error occurred while loading the content.

For The Love Of Wireless - Part Three

Expand Messages
  • Clayton
    For The Love Of Wireless - Part Three Ok great, you ve gone and purchased supported hardware! Hardware like most Intel based cards found in portable systems
    Message 1 of 1 , May 31, 2008
    • 0 Attachment
      For The Love Of Wireless - Part Three

      Ok great, you've gone and purchased supported hardware! Hardware like
      most Intel based cards found in portable systems today. Or like me you
      did your homework and sourced a cheap US$15 atheros chipset based
      card. Its a DWL-G630 revision C2. Yes it matters. Different revisions
      of wireless series cards come with different chipsets. For example I
      think the revisions A & B for the DWL-G630 have ACX111 chipsets. Still
      supported but not as good as atheros.

      Lets see what we've got. Remember this command?

      '/sbin/lspci | grep -i ether'
      02:08.0 Ethernet controller: Intel Corporation 82801DB PRO/100 VE
      (MOB) Ethernet Controller (rev 81)
      07:00.0 Ethernet controller: Atheros Communications Inc. AR2413
      802.11bg NIC (rev 01)

      Huh? My integrated wireless didn't show! The answer is simple.
      Depending on the modular support, a wireless device may created as a
      wired nick. so lets find it by modifying our search parameters:

      '/sbin/lspci | grep -i net'
      02:02.0 Network controller: Intel Corporation PRO/Wireless 2915ABG
      Network Connection (rev 05)
      02:08.0 Ethernet controller: Intel Corporation 82801DB PRO/100 VE
      (MOB) Ethernet Controller (rev 81)
      07:00.0 Ethernet controller: Atheros Communications Inc. AR2413
      802.11bg NIC (rev 01)

      There we go; the Intel 2915ABG card shows up.
      Because of the maturity and popularity of this class of intel wireless
      cards, newer kernels now provide modular support directly in the
      kernel base.
      Lets see what modules are being used for IEEE802.11 stack.
      '/sbin/lsmod | grep -i 80211'
      ieee80211_crypt_wep 8192 1
      ieee80211 33992 1 ipw2200
      ieee80211_crypt 8576 2 ieee80211_crypt_wep,ieee80211

      Seems that the same driver is used for the Intel2200 & Intel2915 cards.
      Very odd. I suspect its not setup right, but heck, it works.


      With native driver support you typically get:

      Card works like an access point so you don't have to buy one :]

      Setup to work with an access point

      Setup to work peer-to-peer without an ap. Note that your bandwidth
      decreases (decreases f(X) = X-squared, on the -y axis) depending on
      the number of associated peers you have on the same channel.

      Passively reads all transmissions on the specified channel/frequency
      i.e. it doesn't respond to broadcasts/ping/arp etc

      Fowards packets between nodes

      Backup master/repeater to boost signal

      Of course the most interesting is monitoring mode. Here you can dump
      data in conjuction with airodump-ng for inspection with wireshark, use
      kismet etc.

      airodump-ng is part of the aircrack-ng suite (an application for
      802.11 auditing). It can test your network security by decrypting
      WEP/WPA/WPA2 keys.
      But to properly use aircrack-ng and such utilities, your drivers must
      be patched to support packet injection while in monitor mode.
      Well you can patch your kernel and recompile it. This option scares
      most people here on the forum. Compile who?
      Ok no problem we can blacklist the built in kernel drivers, download
      the drivers seperate (preferably from subverison), patch that and install.
      Either way I'm lazy. Or practical. I'm doing nothing of the sort with
      the integrated card. The DLink card on the other hand will be.


      I've chosen an atheros chipset card because of its support base
      Option #1 - madwifi-old
      Option #2 - madwifi-ng
      Option #3 - ath5k

      The old driver for madwifi works in the first 4 modes mentioned above.

      The current madwifi-ng uses proprietry HAL (Hardware Abstract Layer)
      from atheros. It works in a virtual interface mode. Which means you
      can create multiple interfaces (ath0,ath1,ath2) in different modes to
      do different things.

      ath5k is a combination of madwifi & OpenHAL. ath5k was derived from
      ar5k, an OpenBSD driver, developed by Reyk Floeter. His work was the
      complete reverse engineered driver, which talks directly to the
      hardware on the chip. ath5k is fully free software. ath5k is bleeding
      edge technology.

      So whats the big deal? Well the answer is how they interface with the
      The first two use 'legacy' ieee80211 or net80211 kernel stacks. The
      last option uses mac80211 stacks which talks to hardware directly. One
      of the popular benefits of using this newer kernel stack is the packet
      inject capabilities without patching.
      If you want details check out

      For my purposes, due to the partial functionaltily of ath5k (mac80211)
      in conjuction with aircrack-ng, I've opted to use the proprietary HAL
      while bugs are being squashed with OpenHAL.


      My last aircrack-ng svn snapshot had madwifi-ng-r3386v3.patch. This is
      where subversion is particularly usefull. Plus I'm going to make a
      Slackware .tgz package for easy removal.

      Lets take tested snapshot known to work with the patch. Navigate to
      /tmp and run
      svn -r 3480 checkout http://svn.madwifi.org/madwifi/trunk/ madwifi-ng

      Navigate to /tmp/madwifi-ng and patch your sources assuming your patch
      is in /tmp
      patch -Np1 -i /tmp/madwifi-ng-r3386v3.patch

      Compile our sources and build our package!
      mkdir -p /tmp/madwifi-ng-patched
      make install PREFIX=/usr DESTDIR=/tmp/madwifi-ng-patched
      cd /tmp/madwifi-ng-patched
      mkdir install
      cat << EOF > install/slack-desc
      madwifi-ng: Patched revision 3480 madwifi-ng drivers
      madwifi-ng: Hopefully this build will work!
      makepkg -c n -l y /tmp/madwifi-ng-patched-i486.tgz

      Now we'll install our package
      /sbin/installpkg /tmp/madwifi-ng-patched-i486.tgz

      Update system libs
      depmod -a

      Now load the wireless module
      /sbin/modprobe ath_pci

      Just checking modules (this is not required is probably not useful
      info for most)
      /bin/lsmod | grep -i ath
      ath_rate_sample 17792 1
      ath_pci 185772 0
      wlan 235376 3 ath_rate_sample,ath_pci
      ath_hal 234592 3 ath_rate_sample,ath_pci

      By default, 'modprobe ath_pci' creates a Virtual device in
      station/managed mode. Now you can join whoever with iwconfig.

      Without getting into details, if you wanted to change your cards
      operation from station to an access point just type
      wlanconfig ath0 destroy
      wlanconfig ath0 create wlandev wifi0 wlanmode ap

      Since the device was already created as an 'access point' you cannot
      change its mode of operation to e.g. ad-hoc with iwconfig. You should
      then proceed to set you channel, essid, encryption key etc. You can
      even run services such as dhcp on this interface
      /sbin/dhcpd ath0

      For added security and wpa support, consider compiling wpa_supplicant.
      Did you know this wrapper is cross-platform? And yes for the GUI
      dependant it has a qt frontend.

      I haven't compiled it on this system because (1) I don't join any wpa
      networks yet (2) I'm pretty sure as I'm living somewhat in d bush,
      noone is going to try anything in a hurry (for a while I was using
      unsecured wireless but I just got adsl so...)

      For the final part of this article, I'll give a brief overview of
      wlanconfig,kismet,airodump-ng etc.
    Your message has been successfully submitted and would be delivered to recipients shortly.