Kiran Divekar

kirandivekar@gmail.com

Wireless: Basics to Internals

About...

15 years of IT industry experience

Worked in multinationals like PMC Sierra, Persistent, Nevis Networks, Marvell Semiconductors, Ericsson.

Vice-president of GeeP

One of major contributors of Marvell wifi driver in Linux Kernel tree. (mwifiex)

WiFi Devices

Wireless Sniffer

UUT

Cisco AP (bg)

Marvell AP (bgn)

STA for Adhoc

Wireless Network Connection

Wireless Network Connection

Wireless Network Connection

Linux Kernel : CONFIG_NET_RADIO, CONFIG_CFG80211

Wireless Access Point : Device for network connection

Supplicant : Program to connect to AP

GUI : Network Manager

Wireless Networks

Infrastructure :

A − − − | − Access Point − − Access Point − | − − − DB − − − | BSS1 BSS2 | − − − E

Ad-hoc :

A − − − − − C \ / | \ / | \ / | / \ | / \ B − − − − − D

Infrastructure vs. Adhoc Networksinfrastructure network

ad-hoc network

APAP

AP

wired network

AP: Access Point

Source: Schiller

Wireless Terms (802.11)

Access Point : A wireless access point (WAP) is a device that

acts as the central hub of all wireless data communications.

Service Set ID : SSID is used to identify a network in wireless

domain.Basic Service Set ID : MAC address of the WAP used to identify part of

network in a SSID.

Mode : Infrastructure (Managed) or Ad-hoc mode. Channel : One of Predefined channels from 1 to 16 in terms

frequency range of 2.4 GHz to 2.5 GHz.

Wireless Terms (802.11)

Encryption : Method of encoding or scrambling data so that

only people with the secret key to unlock the code can view the original data.

WEP: Wired Equivalent Privacy

WPA: WiFi Protected Access.

RSN(WPA2) : Robust Security Network.

WPSK : Pre-Shared Key.

EAP : Extended Authentication Protocol

Network configuration

# Intel Corporation PRO/Wireless 3945ABG Network Connection

DEVICE=wlan0 (check udev)

ONBOOT=yesBOOTPROTO=staticHWADDR=00:19:d2:59:15:d2NETMASK=255.255.255.0IPADDR=192.168.1.100DOMAIN=TYPE=WirelessESSID=linksysCHANNEL=6MODE=ManagedRATE=

Wireless (GUI)

Connecting to Network

Scan available networks iwlist wlan0 scan OR iw dev wlan0 scanwlan0 Scan completed : Cell 01 - Address: 00:18:39:2F:AD:86 ESSID:"linksys" Mode:Master Channel:6 Frequency:2.437 GHz (Channel 6) Encryption key:on IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s 48 Mb/s; 54 Mb/s

Connecting to Network Associate a particular network (SSID)

iwconfig wlan0 essid “linksys” OR

iw dev wlan0 connect “linksys”

iwconfig wlan0wlan0 IEEE 802.11g ESSID:"linksys" Mode:Managed Frequency:2.437 GHz Access Point:

00:18:39:2F:AD:86 Bit Rate=54 Mb/s Tx-Power=27 dBm Retry min limit:7 RTS thr:off Fragment thr=2346 B Encryption key:C589-F156-8324-1564-021A-4EF6-5D52-6818 [2] Link Quality=83/100 Signal level=-51 dBm Noise level=-55 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Wireless (GUI)

Connecting to Network

iwlist wlan0 scan iwconfig wlan0 essid “linksys”

Authenticate to one of APs (BSSID) in that network.

4 –way handshake for PSK WEP key exchange Dot1x handshake for EAP

Check network connectivity ping <Ip address of AP>

Wireless Applications

NetworkManager : Dan Williamswww.gnome.org/projects/networkmanager/

Wpa_supplicant : Jouni Malinenhttp://hostap.epitest.fi/wpa_supplicant/

Hostapdhttp://hostap.epitest.fi/

KwifiManagerhttp://kwifimanager.sf.net

Intel cards [ iwl3945, iwlwifi]http://www.intellinuxwireless.org

Common Pitfalls

Wifi device Where is my wifi device?

I can't do anything without that :-)=>lspci or lsusb or similar.

ifconfig : see all network interfaces including wireless.

Driver for wifi devicePart of Linux Kernel TreeVendor Supplied Custom Driver.

Re-compilation needed?=> Get kernel source=> Recompile driver. (make ?)=> Load driver (insmod)

Wifi device

rfkill

Used to enable / disable wireless, BT devices

=> Hard Blocked.... check hardware switch

=> Soft Blocked....

rfkill unblock wifi

ifconfig Check ifconfig wlan0wlan0 Link encap:Ethernet HWaddr e0:06:e6:d8:5e:9d inet6 addr: fe80::e206:e6ff:fed8:5e9d/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:609842 TX packets:83 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:14499 (14.4 KB) Interrupt:19

If not up, => ifconfig wlan0 up

Network Manager Conflicts:-=> service network-manager stop

Wifi HotSpot Requires AP-STA wifi device capability

=> What is AP-STA???

Check Your Android Phones.

=> Android AP.

Wifi Direct:-=> PlayStations, TVs, Printers

Features:-=> simultanous operations on same channel.

WiFi Hotspot (GUI)

Wireless Debugging

Sniffer: www.wireshark.org

Wireless Internals

Iw dev wlan0 connect “linksys”

MAGIC ?

Wireless Tools

The Wireless Tools (WT) is a set of tools allowing to manipulate the Wireless Extensions. They use a textual interface and are rather crude, but aim to support the full Wireless Extension. There are many other tools you can use with Wireless Extensions, however Wireless Tools is the reference implementation.

iwconfig manipulate the basic wireless parameters iwlist allow to initiate scanning and list

frequencies, bit-rates, encryption keys... iwspy allow to get per node link quality Iwevent to read the wireless events iwpriv allow to manipulate the Wireless

Extensions specific to a driver (private)

System call trace

Driver Firmware interface

What is a firmware ?

• Firmware is wireless networking software that runs on the wireless chipset.

• The wireless device driver downloads the firmware to the wireless chipset, upon initialization.

• All low level wireless operations (Tx, Rx) are performed by the firmware software.

• It works in two modes Synchronous Request, response protocol Asynchronous Events from FW.

• The firmware resides in /lib/firmware/e.g. /lib/firmware/iwl-3945.ucode

User space Control

=> Basic tools like iw, iwconfig, iwlist

=> wpa_supplicant or NetworkManager

=> ConnManager

mac80211

=> Mac80211 is Linux kernel subsytem

=> Implements shared code for soft MAC, half MAC devices

=> Contains MLME

• Beacon• Probe Request, Response • Associate• Autenticate• De-associate• De-authenticate

cfg80211

=> Linux kernel layer between user space and mac80211

=> Sanity checking, protocol translations

=> Much thicker than WEXT.

=> CRDA. (Regulatory Domain)

Kernel configuration

Architecture

More

=> Internals of cfg80211, mac80211

=> CRDA : US, EU, JP

=> Configuration, data transmission, reception

=> http://wireless.linux.org

=> linux-wireless@vger.kernel.org

Wireless Basics & Internals

Thank You