Re: [9fans] space in essid ....

[Axel Belinfante <Axel.Belinfante@cs.utwente.nl>]

[-- Attachment #1: Type: text/plain, Size: 487 bytes --]

> Another question: is there an 802.11 sniffer for Plan 9, i.e. something
> you could use to sniff for a wifi and then output a string to cat > ctl to
> get you on to a network.

(Think I did not see an answer to above question)

There is a thread (around 17 Jan 2003) with subject

	scanning for base stations/access points

that seems to give (part of?) what you are looking for.
I think the main thing you are looking for is in the message
quoted from presotto, below.


[-- Attachment #2: Type: message/rfc822, Size: 5158 bytes --]

From: "Woodruff, Richard" <r-woodruff2@ti.com>
To: "'9fans@cse.psu.edu'" <9fans@cse.psu.edu>
Subject: Re: [9fans] scanning for base stations/access points
Date: Sat, 18 Jan 2003 07:06:32 -0600
Message-ID: <FD2AC9A020DDD51194710008C7089B20053D48CE@dlee17.itg.ti.com>

I've got this kind of thing to work for other cards, though I haven't looked
at it specifically for the wavelan design.  I'd look first to what is going
out over the air using Airopeek or some other 802.11 sniffer.

Scanning usually is done actively with a probe request or passively by
listening for beacons (the firmware or driver software may combine them if
the ssid is hidden).  A scan command results in a card spending some amount
of time on each valid channel listening, or actively asking if someone is
there (you tell him who to ask for).  If your scan sample time is to short
you can miss beacons or responses, if your valid channel list is wrong you
might skip channels which ap's are on.  These parameters are embedded
somewhere, likely in a mib which the driver can access.

If your AP is configured to hide its ssid, it generally sends out the same
number of blanks as the name should be for the name field in the beacon.  To
know if this is your ap you must send out a probe with the proper name to
this station, he will respond directly to you if you got it right.  From
there the 802.11 auth and association steps can happen as you know the
proper mac address of the ap.  Its common for several AP's to be assigned
the same name, in this case you should really listen for the one with the
strongest signal strength as its likely the closest.

Sorry if this isn't useful, if nothing else it might make some of the magic
numbers which always seem to be about to have some more meaning.

Regards,

Richard W.


"David Presotto" <presotto@plan9.bell-labs.com> wrote in message
news:<0804bb7df734019ee83edc06179e4f32@plan9.bell-labs.com>...
> I've updated the kernel sources for:
>
> port/netif.h
> port/netif.c
> port/wavelan.h
> port/wavelan.c
>
> to try to get scanning for base stations/access points to work.  I
> ripped off what I could from Linux but seem to be faiing miserably.
> If I don't set the essid, the scanning seems to work but doesn't
> return the essid of the access points. It also doesn't get all the
> access points in range.  If I set the essid, it gets them all and
> returns the essid values.
>
> I'm clearly doing something wrong but don't see what.  If anyone can
> help, I'ld appreciate it.
>
> To get the scanning to work:
>
> 	% cd /net/ether0/0
> 	% cat data &
> 	% echo scanbs 5 > ctl
>
> The '5' is the seconds between scans (5 is the minimum).
>
> You might also want to turn stuff off to see if it changes
> things:
>
> 	% echo crypt off > ctl
> 	% echo essid default > ctl
>
> Thanks