WARP Project Forums - Wireless Open-Access Research Platform

You are not logged in.

#1 2017-Apr-04 07:20:06

wckim
Member
Registered: 2017-Apr-04
Posts: 17

Sniffing project

Hello

I started a 802.11 packet sniffing project few days ago.
I want to carry out a sniffing project using 'warp v3' and '802.11 reference design'

As a first goal, I need to sniff the first SYN packet in 3-way handshaking of TCP session.
If you know it well, could you tell me some libraries or open source regarding to sniffing for reference?

Thank you.

Offline

 

#2 2017-Apr-04 11:37:37

chunter
Administrator
From: Mango Communications
Registered: 2006-Aug-24
Posts: 1212

Re: Sniffing project

By default, the low-level MAC will pass any reception up to the high-level MAC even if the packet isn't addressed to the node. So, "packet sniffing" is enabled by default. From there, you just need to inspect the contents of every reception. A good place to do this is the mpdu_rx_process() function in either the AP or STA project. The "mac_payload" variable that gets calculated near the top of that function points to the first byte of the entire 802.11 reception. From there, you can search through it and identify SYN packets. Those packets will look similar to how they look over Ethernet, but you'll need to account for the fact that they will have been encapsulated by 802.11. I'd recommend on paper taking an example TCP SYN frame and running it through the encapsulation process to see what the series of bytes should look like as an 802.11 reception.

Note: Keep in mind this will only work if the packets you are trying to sniff are unencrypted (e.g. packets on a BSS with no security enabled).

Offline

 

#3 2017-Apr-25 10:30:54

wckim
Member
Registered: 2017-Apr-04
Posts: 17

Re: Sniffing project

Hi all, thanks for your kind help.

There are two things I am still not sure.

First, in case there are AP(WARP-v3) and 'STA-1' that already were associated, can another WARP station('STA-2' - sniffer) send some packets to 'STA-1' without association? Is it possible?

Second, when AP receive packet from STA, AP will implement the method of source that '802.11 acknowledgement packet' is sent to STA. Where I can find that part of source(class or method)?

Thanks a lot for any help or answer.

Offline

 

#4 2017-Apr-26 20:50:45

murphpo
Administrator
From: Mango Communications
Registered: 2006-Jul-03
Posts: 5159

Re: Sniffing project

irst, in case there are AP(WARP-v3) and 'STA-1' that already were associated, can another WARP station('STA-2' - sniffer) send some packets to 'STA-1' without association? Is it possible?

It depends on what you mean by "send". An 802.11 device will send an ACK packet after receiving whose receiver-address matches the node's MAC address. In this sense any node can send a packet to any other node, independent of association state. However when a STA receives a packet from any node other than its associated AP, it discards the packet (after sending an ACK). The only way for two STA nodes in a BSS to communicate is via the AP.

Second, when AP receive packet from STA, AP will implement the method of source that '802.11 acknowledgement packet' is sent to STA. Where I can find that part of source(class or method)?

Yes - every node sends an ACK after receiving a unicast packet addressed to its own MAC address. The creation and transmission of ACK packets is implemented in the DCF code in CPU Low.

Offline

 

#5 2017-May-01 11:57:04

wckim
Member
Registered: 2017-Apr-04
Posts: 17

Re: Sniffing project

From your answers, I got many things.
Thank you so much. ^_^

I checked DCF code, but there is a thing I am not sure.
When AP receive packet from STA, AP will send ACK packet to STA.
In this situation, what STA needs to check in ACK packet to be sure it is ACK packet from AP.(like destination MAC address...)

Thank you.

Offline

 

#6 2017-May-01 12:49:02

murphpo
Administrator
From: Mango Communications
Registered: 2006-Jul-03
Posts: 5159

Re: Sniffing project

When AP receive packet from STA, AP will send ACK packet to STA.
In this situation, what STA needs to check in ACK packet to be sure it is ACK packet from AP.(like destination MAC address...)

An ACK frame only contains the MAC address of the intended receiver. The ACK does not contain the transmitter address. This scheme works because an ACK packet will only be transmitted T_SIFS after the end of the DATA packet. The node which transmits the DATA packet waits for an ACK whose receiver address matches its own address. If it receives this ACK it infers the DATA transmission was successful.

Offline

 

Board footer