From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: "Woodruff, Richard" To: "'9fans@cse.psu.edu'" <9fans@cse.psu.edu> Subject: Re: [9fans] scanning for base stations/access points MIME-Version: 1.0 Content-Type: text/plain Date: Sat, 18 Jan 2003 07:06:32 -0600 Topicbox-Message-UUID: 430fc12c-eacb-11e9-9e20-41e7f4b1d025 I've got this kind of thing to work for other cards, though I haven't looked at it specifically for the wavelan design. I'd look first to what is going out over the air using Airopeek or some other 802.11 sniffer. Scanning usually is done actively with a probe request or passively by listening for beacons (the firmware or driver software may combine them if the ssid is hidden). A scan command results in a card spending some amount of time on each valid channel listening, or actively asking if someone is there (you tell him who to ask for). If your scan sample time is to short you can miss beacons or responses, if your valid channel list is wrong you might skip channels which ap's are on. These parameters are embedded somewhere, likely in a mib which the driver can access. If your AP is configured to hide its ssid, it generally sends out the same number of blanks as the name should be for the name field in the beacon. To know if this is your ap you must send out a probe with the proper name to this station, he will respond directly to you if you got it right. From there the 802.11 auth and association steps can happen as you know the proper mac address of the ap. Its common for several AP's to be assigned the same name, in this case you should really listen for the one with the strongest signal strength as its likely the closest. Sorry if this isn't useful, if nothing else it might make some of the magic numbers which always seem to be about to have some more meaning. Regards, Richard W. "David Presotto" wrote in message news:<0804bb7df734019ee83edc06179e4f32@plan9.bell-labs.com>... > I've updated the kernel sources for: > > port/netif.h > port/netif.c > port/wavelan.h > port/wavelan.c > > to try to get scanning for base stations/access points to work. I > ripped off what I could from Linux but seem to be faiing miserably. > If I don't set the essid, the scanning seems to work but doesn't > return the essid of the access points. It also doesn't get all the > access points in range. If I set the essid, it gets them all and > returns the essid values. > > I'm clearly doing something wrong but don't see what. If anyone can > help, I'ld appreciate it. > > To get the scanning to work: > > % cd /net/ether0/0 > % cat data & > % echo scanbs 5 > ctl > > The '5' is the seconds between scans (5 is the minimum). > > You might also want to turn stuff off to see if it changes > things: > > % echo crypt off > ctl > % echo essid default > ctl > > Thanks