Using ath10k for WiFi capturing non-11ac traffic
Ben Greear
greearb at candelatech.com
Tue Apr 14 17:19:41 PDT 2015
Out of curiosity, have you been able to capture Action frames (specifically,
block-ack add/del frames) with ath10k? I just wasted a large amount of time wondering
why the frames are not seen...but ath9k monitor port sees them just fine.
Thanks,
Ben
On 04/14/2015 11:04 AM, Amato Carbonara wrote:
> Hello Michal,
> I was able to decrypt all traffic types (11a, 11n at 20MHz, 11n at
> 40MHz and 11ac at 80MHz) using the 10.1.467.2-1 firmware on the
> QCA9880 chipset. The problem was not with Wireshark. I had to
> install backports for the at10k drivers to make it work. Procedures
> are documented here:
> https://wireless.wiki.kernel.org/en/users/Drivers/ath10k/backports
>
> Thank you for your help,
> Amato
>
> On Tue, Apr 14, 2015 at 1:38 AM, Michal Kazior <michal.kazior at tieto.com> wrote:
>> On 6 April 2015 at 21:49, Amato Carbonara <acarbonara13 at gmail.com> wrote:
>>> Hello,
>>> I have installed a WiFi adapter with the Qualcomm-Atheros QCA-9880
>>> chipset using the at10k drivers. I am using this WiFi adapter to
>>> capture WLAN traffic. The recommended firmware for capturing WiFi
>>> traffic is 10.1.467.2-1 per the website. See following link:
>>> https://wireless.wiki.kernel.org/en/users/drivers/ath10k/monitor
>>
>> Generally the 10.x line is preferred for sniffing. You could also try 10.2.4.
>>
>>
>>> I have successfully installed the above firmware and have been using
>>> the adapter/driver to capture and decrypt all 802.11ac traffic.
>>> However, I have noticed some strange behavior when trying to decrypt
>>> other types of traffic such as:
>>> 1) 802.11a = not able to decrypt any traffic
>>> 2) 802.11n at 20MHz = able to decrypt only partial traffic
>>> 3) 802.11n at 40MHz = able to decrypt only partial traffic
>>>
>>> I have tried using the different "iw" and "iwconfig" commands to set
>>> the frequency and channel bandwidth (for example, iw dev wlan1 set
>>> freq 5180 HT20). Has anyone else seen this issue of not being able to
>>> decrypt all/some of the WiFi traffic?
>>
>> `iwconfig` is an old program. You shouldn't use it. Just stick with `iw`.
>>
>> To decrypt traffic you need to see keying handshake (both after
>> association and later for each rekeying). If sniffer misses that you
>> won't be able to decipher data either from the start or you'll stop
>> being able to decrypt multicast data after GTK rekeying.
>>
>> Another thing is I've had numerous random problems with wireshark
>> refusing to decrypt frames reliably. I recall some older version would
>> get stuck and need the key configuration (in preferences window) to be
>> re-applied or the decrypt checkbox to be re-checked. YMMV.
>>
>>
>> Michał
>
> _______________________________________________
> ath10k mailing list
> ath10k at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/ath10k
>
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the ath10k
mailing list