rt2x00-cvs: No beacon frame received, WPA etc. working

Live forum: http://rt2x00.serialmonkey.com/viewtopic.php?t=4515

Kopfgeldjaeger6000

24-12-2007 21:54:54

Hello.

I just compiled kernel 2.6.24 (latest rc) and the current rt2x00 cvs snapshot. I can establish a connection with my network with WICD (WEP, WPA2, everything working). The connection is stable, unlike with just kernel 2.6.24 - connection gets lost after some time. Nice work by the way.

But I do not receive Beacon frames (FakeAuth with aireplay-ng).
Here's what I did

[code1u03lsr3]root@nicolai-encrypted:~# ifconfig wlan0 down; iwconfig wlan0 mode monitor; iwconfig wlan0 channel 6; ifconfig wlan0 up
root@nicolai-encrypted:~# iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

wmaster0 no wireless extensions.

wlan0 IEEE 802.11g Mode:Monitor Frequency:2.437 GHz Tx-Power=27 dBm
Retry min limit:7 RTS thr:off Fragment thr=2346 B
Encryption key:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

root@nicolai-encrypted:~# airmon-ng


Interface Chipset Driver

wlan0 Unknown Unknown (MONITOR MODE NOT SUPPORTED)

root@nicolai-encrypted:~# aireplay-ng -1 6000 -o 1 -q 10 -e $ESSID -a $RMAC -h $MYMAC wlan0
22:49:15 Waiting for beacon frame (BSSID: 00:12:BF:89:AF:70)

root@nicolai-encrypted:~# CTRL+C after some time
root@nicolai-encrypted:~# aireplay-ng -1 0 -e $ESSID -a $RMAC -h $MYMAC wlan0
22:50:29 Waiting for beacon frame (BSSID: 00:12:BF:89:AF:70)

root@nicolai-encrypted:~# killed...[/code1u03lsr3]

tcpdump/Wireshark doesn't show anything when capturing.

relevant part of dmesg

[code1u03lsr3][11043.438934] phy1 -> rt73usb_init_bbp: Debug - Start initialization from EEPROM...
[11043.438940] phy1 -> rt73usb_init_bbp: Debug - ...End initialization from EEPROM.
[11043.441399] ADDRCONF(NETDEV_UP): wlan0: link is not ready
[11070.366928] phy1 -> rt73usb_init_bbp: Debug - Start initialization from EEPROM...
[11070.366935] phy1 -> rt73usb_init_bbp: Debug - ...End initialization from EEPROM.
[11070.369415] ADDRCONF(NETDEV_UP): wlan0: link is not ready
[11139.377361] phy1 -> rt73usb_init_bbp: Debug - Start initialization from EEPROM...
[11139.377368] phy1 -> rt73usb_init_bbp: Debug - ...End initialization from EEPROM.
[11139.380527] ADDRCONF(NETDEV_UP): wlan0: link is not ready
[11151.962651] device wlan0 entered promiscuous mode
[11151.962661] audit(1198532955.438:86): dev=wlan0 prom=256 old_prom=0 auid=4294967295
[11171.940523] device wlan0 left promiscuous mode
[11171.940532] audit(1198532999.467:87): dev=wlan0 prom=0 old_prom=256 auid=4294967295
[11185.377076] device wlan0 entered promiscuous mode
[11185.377086] audit(1198533029.078:88): dev=wlan0 prom=256 old_prom=0 auid=4294967295
[11195.354125] device wlan0 left promiscuous mode
[11195.354134] audit(1198533051.067:89): dev=wlan0 prom=0 old_prom=256 auid=4294967295[/code1u03lsr3]

Please just tell me if you need further debug information...

cheers and happy christmas

Spy84464

27-12-2007 15:44:29

Hello,
As far as I know, injection is not currently supported by mac80211, the stack used by rt2x00. So that's why attacks are failing.

Regards,
Romain