Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Layer 2 Wireless Protocol Analyzer For capturing 802.11s frames #59

Closed
sritam2 opened this issue Apr 30, 2017 · 7 comments
Closed

Layer 2 Wireless Protocol Analyzer For capturing 802.11s frames #59

sritam2 opened this issue Apr 30, 2017 · 7 comments

Comments

@sritam2
Copy link

sritam2 commented Apr 30, 2017

Dear All,

I am trying to set up a MESH network using open80211s implementation. First I will form the open MESH with no encryption and then later on with encryption and SAE authentication.

I want to use a L2 protocol analyser for capturing the 802.11s frames when the MESH Stations start communicating once the MBSS gets formed. In the Wiki pages Wireshark has been suggested as the tool to capture 802.11s frames.

But the procedure to configure Wireshark so as to capture 802.11s frames is not explained and I am not able to capture and analyse the 802.11s frames.

Please help me and refer me to a good L2 protocol analyser so that I will be able to capture and analyse the 802.11s frames when the MESH Stations communicate in the MBSS.

Thanks and Regards,
Sritam Paltasingh.
@bcopeland
Copy link
Contributor

bcopeland commented May 1, 2017 via email

@sritam2
Copy link
Author

sritam2 commented May 1, 2017

Hi Bob,

Thank you for your valuable advise.

Do I need to explicitly configure wireshark for capturing 802.11s management frames or does wireshark capture any kind of 802.11 (a/b/g/n/s) frames irrespective of its type, once the monitor interface has been created.

For adding a monitor interface on top of my wireless NIC phy0 I use the following iw command:
iw phy phy0 interface add monitor1 type monitor
Is the above command correct to create a monitor interface on top of the wireless NIC that I have.

Do, I need to tell Wireshark to use this created monitor interface through some configuration or will wireshark automatically detect it ??

I am downloading wireshark from the following URL suggested in the HOWTO section of Wiki page of open80211s: https://www.wireshark.org/develop.html. I built it from source code and install it.

Please provide your valuable comments.

Thanks and Regards,
Sritam Paltasingh.

@bcopeland
Copy link
Contributor

bcopeland commented May 1, 2017 via email

@sritam2
Copy link
Author

sritam2 commented May 1, 2017

Hi Bob,
Just completed my work now based on what you have suggested. I configured the wlan0 interface of my laptop in monitor mode. But using a tool named "airmon-ng" instead of iw to configure and enable my wireless NIC to monitor mode. It was sucessful. The monitor interface name was wlan0mon

Then from the laptop which I had configured as a MESH station using the guidelines given at the wiki/HOWTO page of open80211s, I joined the MESH station to the MBSS named "mymesh" and thus the station started to send beacons. I wanted to capture and see the beacons.

Thus, then i used the command "airodump-ng --band bg wlan0mon" to capture the beacons.
I was successful. I confirmed it by comparing the MAC address of the beacon frames with the MAC address of the wireless NIC in the MESH station. Even the set channel number (11) is same. Below is the snapshot of it.
airodump-ng_capture

But still the ESSID field is showing some random name. I had set the MESH_ID name as "mymesh". But ESSIID is set to some random value. I do not know the reason for it.
Please comment on why such a random name is coming for ESSID field.

All this was done as wireshark was unable to capture the beacons.
I opened the interface option of wireshark and pointed it to "wlan0mon" interface which is in monitor mode. Then I started to capture. But unfortunately I could not see the beacons sent by the MESH station.

Please help if I have done anything wrong.

Thanks and Regards,
Sritam Paltasingh.

@warlock20
Copy link

"All this was done as wireshark was unable to capture the beacons".... are you sure?

@sritam2
Copy link
Author

sritam2 commented May 2, 2017

Hi,

I will redo everything once again and recheck and come back.

@sritam2
Copy link
Author

sritam2 commented Jul 1, 2017

Hello Guys,

I did the experiments once again. Wireshark is working. But it worked only when I ran wireshark in Ubuntu 14.04 after downloading its source code from the link mentioned in the HOWTO section : https://github.com/o11s/open80211s/wiki/HOWTO.

So, conclusion is that Wireshark captures the 802.11s frames.

@sritam2 sritam2 closed this as completed Jul 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcopeland @warlock20 @sritam2