2b67e21a9e
correct mode via ancontrol, you can use bpf to sniff raw 802.11 frames. Who want's to port AirSnort. ;-) Submitted by: Doug Ambrisko <ambrisko@ambrisko.com> (author) David Wolfskill <david@catwhisker.org> (port to current)
475 lines
14 KiB
Groff
475 lines
14 KiB
Groff
.\" Copyright (c) 1997, 1998, 1999
|
|
.\" Bill Paul <wpaul@ee.columbia.edu> All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Bill Paul.
|
|
.\" 4. Neither the name of the author nor the names of any co-contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
|
.\" THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd September 10, 1999
|
|
.Dt ANCONTROL 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm ancontrol
|
|
.Nd configure Aironet 4500/4800 devices
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Fl i Ar iface Fl A
|
|
.Nm
|
|
.Fl i Ar iface Fl N
|
|
.Nm
|
|
.Fl i Ar iface Fl S
|
|
.Nm
|
|
.Fl i Ar iface Fl I
|
|
.Nm
|
|
.Fl i Ar iface Fl T
|
|
.Nm
|
|
.Fl i Ar iface Fl C
|
|
.Nm
|
|
.Fl i Ar iface Fl t Ar 0|1|2|3|4
|
|
.Nm
|
|
.Fl i Ar iface Fl s Ar 0|1|2|3
|
|
.Nm
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 1|2|3|4
|
|
.Fl a Ar AP
|
|
.Nm
|
|
.Fl i Ar iface Fl b Ar beacon period
|
|
.Nm
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 0|1
|
|
.Fl d Ar 0|1|2|3
|
|
.Nm
|
|
.Fl i Ar iface Fl e Ar 0|1|2|4
|
|
.Nm
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 0|1|2|3|4|5|6|7
|
|
.Fl k Ar key
|
|
.Nm
|
|
.Fl i Ar iface
|
|
.Fl K Ar mode
|
|
.Nm
|
|
.Fl i Ar iface
|
|
.Fl W Ar mode
|
|
.Nm
|
|
.Fl i Ar iface Fl j Ar netjoin timeout
|
|
.Nm
|
|
.Fl i Ar iface Fl l Ar station name
|
|
.Nm
|
|
.Fl i Ar iface Fl m Ar mac address
|
|
.Nm
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 1|2|3
|
|
.Fl n Ar SSID
|
|
.Nm
|
|
.Fl i Ar iface Fl o Ar 0|1
|
|
.Nm
|
|
.Fl i Ar iface Fl p Ar tx power
|
|
.Nm
|
|
.Fl i Ar iface Fl c Ar channel number
|
|
.Nm
|
|
.Fl i Ar iface Fl f Ar fragmentation threshold
|
|
.Nm
|
|
.Fl i Ar iface Fl r Ar RTS threshold
|
|
.Nm
|
|
.Fl i Ar iface Fl M Ar 0-15 (set monitor mode)
|
|
.Nm
|
|
.Fl h
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
command controls the operation of Aironet wireless networking
|
|
devices via the
|
|
.Xr an 4
|
|
driver.
|
|
Most of the parameters that can be changed relate to the
|
|
IEEE 802.11 protocol which the Aironet cards implement.
|
|
This includes such things as
|
|
the station name, whether the station is operating in ad-hoc (point
|
|
to point) or infrastructure mode, and the network name of a service
|
|
set to join.
|
|
The
|
|
.Nm
|
|
command can also be used to view the current NIC status, configuration
|
|
and to dump out the values of the card's statistics counters.
|
|
.Pp
|
|
The
|
|
.Ar iface
|
|
argument given to
|
|
.Nm
|
|
should be the logical interface name associated with the Aironet
|
|
device (an0, an1, etc...).
|
|
If one isn't specified the device an0 will be assumed.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
command is not designed to support the combination of arguments from different
|
|
.Sx SYNOPSIS
|
|
lines in a single
|
|
.Nm
|
|
invocation, and such combinations are not recommended.
|
|
.Sh OPTIONS
|
|
The options are as follows:
|
|
.Bl -tag -width Fl
|
|
.It Fl i Ar iface Fl A
|
|
Display the preferred access point list.
|
|
The AP list can be used by
|
|
stations to specify the MAC address of access points with which it
|
|
wishes to associate.
|
|
If no AP list is specified (the default) then
|
|
the station will associate with the first access point that it finds
|
|
which serves the SSID(s) specified in the SSID list.
|
|
The AP list can
|
|
be modified with the
|
|
.Fl a
|
|
option.
|
|
.It Fl i Ar iface Fl N
|
|
Display the SSID list.
|
|
This is a list of service set IDs (i.e. network names)
|
|
with which the station wishes to associate.
|
|
There may be up to three SSIDs
|
|
in the list: the station will go through the list in ascending order and
|
|
associate with the first matching SSID that it finds.
|
|
.It Fl i Ar iface Fl S
|
|
Display NIC status information.
|
|
This includes the current operating
|
|
status, current BSSID, SSID, channel, beacon period and currently
|
|
associated access point.
|
|
The operating mode indicates the state of
|
|
the NIC, MAC status and receiver status.
|
|
When the "synced" keyword
|
|
appears, it means the NIC has successfully associated with an access
|
|
point, associated with an ad-hoc "master" station, or become a "master"
|
|
itself.
|
|
The beacon period can be anything between 20 and 976 milliseconds.
|
|
The default is 100.
|
|
.It Fl i Ar iface Fl I
|
|
Display NIC capability information.
|
|
This shows the device type,
|
|
frequency, speed and power level capablities and firmware revision levels.
|
|
.It Fl i Ar iface Fl T
|
|
Display the NIC's internal statistics counters.
|
|
.It Fl i Ar iface Fl C
|
|
Display current NIC configuration.
|
|
This shows the current operation mode,
|
|
receive mode, MAC address, power save settings, various timing settings,
|
|
channel selection, diversity, transmit power and transmit speed.
|
|
.It Fl i Ar iface Fl t Ar 0|1|2|3|4
|
|
Select transmit speed.
|
|
The available settings are as follows:
|
|
.Bl -column "TX rate " "NIC speed " -offset indent
|
|
.Em "TX rate NIC speed"
|
|
0 Auto -- NIC selects optimal speed
|
|
1 1Mbps fixed
|
|
2 2Mbps fixed
|
|
3 5.5Mbps fixed
|
|
4 11Mbps fixed
|
|
.El
|
|
.Pp
|
|
Note that the 5.5 and 11Mbps settings are only supported on the 4800
|
|
series adapters: the 4500 series adapters have a maximum speed of 2Mbps.
|
|
.It Fl i Ar iface Fl s Ar 0|1|2|3
|
|
Set power save mode.
|
|
Valid selections are as follows:
|
|
.Bl -column "Selection " "Power save mode " -offset indent
|
|
.Em "Selection Power save mode"
|
|
0 None - power save disabled
|
|
1 Constantly awake mode (CAM)
|
|
2 Power Save Polling (PSP)
|
|
3 Fast Power Save Polling (PSP-CAM)
|
|
.El
|
|
.Pp
|
|
Note that for IBSS (ad-hoc) mode, only PSP mode is supported, and only
|
|
if the ATIM window is non-zero.
|
|
.It Xo
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 1|2|3|4
|
|
.Fl a Ar AP
|
|
.Xc
|
|
Set preferred access point.
|
|
The
|
|
.Ar AP
|
|
is specified as a MAC address consisting of 6 hexadecimal values
|
|
separated by colons.
|
|
By default, the
|
|
.Fl a
|
|
option only sets the first entry in the AP list.
|
|
The
|
|
.Fl v
|
|
modifier can be used to specify exactly which AP list entry is to be
|
|
modified.
|
|
If the
|
|
.Fl v
|
|
flag is not used, the first AP list entry will be changed.
|
|
.It Fl i Ar iface Fl b Ar beacon period
|
|
Set the ad-hoc mode beacon period.
|
|
The becon period is specified in
|
|
milliseconds.
|
|
The default is 100ms.
|
|
.It Xo
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 0|1
|
|
.Fl d Ar 0|1|2|3
|
|
.Xc
|
|
Select the antenna diversity.
|
|
Aironet devices can be configured with up
|
|
to two antennas, and transmit and receive diversity can be configured
|
|
accordingly.
|
|
Valid selections are as follows:
|
|
.Bl -column "Selection " "Diversity " -offset indent
|
|
.Em "Selection Diversity"
|
|
0 Select factory default diversity
|
|
1 Antenna 1 only
|
|
2 Antenna 2 only
|
|
3 Antenna 1 and 2
|
|
.El
|
|
.Pp
|
|
The receive and transmit diversity can be set independently.
|
|
The user
|
|
must specify which diversity setting is to be modified by using the
|
|
.Fl v
|
|
option: selection
|
|
.Ar 0
|
|
sets the receive diversity and
|
|
.Ar 1
|
|
sets the transmit diversity.
|
|
.It Fl i Ar iface Fl e Ar 0|1|2|3
|
|
Set the transmit WEP key to use.
|
|
Note that until this command is issued, the device will use the
|
|
last key programmed. The transmit key is stored in NVRAM. Currently
|
|
set transmit key can be checked via "-C" option.
|
|
.It Xo
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 0|1|2|3|4|5|6|7
|
|
.Fl k Ar key
|
|
.Xc
|
|
Set a WEP key.
|
|
For 40 bit prefix 10 hex character with 0x.
|
|
For 128 bit prefix 26 hex character with 0x.
|
|
Use "" as the key to erase the key.
|
|
Supports 4 keys; even numbers are for permanent keys
|
|
and odd number are for temporary keys.
|
|
For example, "-v 1" sets the first temporary key.
|
|
(A "permanent" key is stored in NVRAM; a "temporary" key is not.)
|
|
Note that the device will use the most recently-programmed key by default.
|
|
Currently set keys can be checked via "-C" option, only the sizes of the
|
|
keys are returned.
|
|
.It Fl i Ar iface Fl K Ar 0|1|2
|
|
Set authorization type.
|
|
Use 0 for none, 1 for "Open", 2 for "Shared Key".
|
|
.It Fl i Ar iface Fl W Ar 0|1|2
|
|
Enable WEP.
|
|
Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell.
|
|
.It Fl i Ar iface Fl j Ar netjoin timeout
|
|
Set the ad-hoc network join timeout.
|
|
When a station is first activated
|
|
in ad-hoc mode, it will search out a 'master' station with the desired
|
|
SSID and associate with it.
|
|
If the station is unable to locate another
|
|
station with the same SSID after a suitable timeout, it sets itself up
|
|
as the 'master' so that other stations may associate with it.
|
|
This
|
|
timeout defaults to 10000 milliseconds (10 seconds) but may be changed
|
|
with this option.
|
|
The timeout should be specified in milliseconds.
|
|
.It i Ar iface Fl l Ar station name
|
|
Set the station name used internally by the NIC.
|
|
The
|
|
.Ar station name
|
|
can be any text string up to 16 characters in length.
|
|
The default name
|
|
is set by the driver to
|
|
.Dq Li FreeBSD .
|
|
.It Fl i Ar iface Fl m Ar mac address
|
|
Set the station address for the specified interface.
|
|
The
|
|
.Ar mac address
|
|
is specified as a series of six hexadecimal values separated by colons,
|
|
e.g.: 00:60:1d:12:34:56.
|
|
This programs the new address into the card
|
|
and updates the interface as well.
|
|
.It Xo
|
|
.Fl i Ar iface
|
|
.Op Fl v Ar 1|2|3
|
|
.Fl n Ar SSID
|
|
.Xc
|
|
Set the desired SSID (network name).
|
|
There are three SSIDs which allows
|
|
the NIC to work with access points at several locations without needing
|
|
to be reconfigured.
|
|
The NIC checks each SSID in sequence when searching
|
|
for a match.
|
|
The SSID to be changed can be specified with the
|
|
.Fl v
|
|
modifier option.
|
|
If the
|
|
.Fl v
|
|
flag isn't used, the first SSID in the list is set.
|
|
.It Fl i Ar iface Fl o Ar 0|1
|
|
Set the operating mode of the Aironet interface.
|
|
Valid selections are
|
|
.Ar 0
|
|
for ad-hoc mode and
|
|
.Ar 1
|
|
for infrastructure mode.
|
|
The default driver setting is for infrastructure
|
|
mode.
|
|
.It Fl i Ar iface Fl p Ar tx power
|
|
Set the transmit power level in milliwatts.
|
|
Valid power settings
|
|
vary depending on the actual NIC and can be viewed by dumping the
|
|
device capabilities with the
|
|
.Fl I
|
|
flag.
|
|
Typical values are 1, 5, 20, 50 and 100mW.
|
|
Selecting 0 sets
|
|
the factory default.
|
|
.It Fl i Ar iface Fl c Ar channel
|
|
Set the radio frequency of a given interface.
|
|
The
|
|
.Ar frequency
|
|
should be specfied as a channel ID as shown in the table below.
|
|
The
|
|
list of available frequencies is dependent on radio regulations specified
|
|
by regional authorities.
|
|
Recognized regulatory authorities include
|
|
the FCC (United States), ETSI (Europe), France and Japan.
|
|
Frequencies
|
|
in the table are specified in Mhz.
|
|
.Bl -column "Channel ID " "FCC " "ETSI " "France " "Japan " -offset indent
|
|
.Em "Channel ID FCC ETSI France Japan"
|
|
1 2412 2412 - -
|
|
2 2417 2417 - -
|
|
3 2422 2422 - -
|
|
4 2427 2427 - -
|
|
5 2432 2432 - -
|
|
6 2437 2437 - -
|
|
7 2442 2442 - -
|
|
8 2447 2447 - -
|
|
9 2452 2452 - -
|
|
10 2457 2457 2457 -
|
|
11 2462 2462 2462 -
|
|
12 - 2467 2467 -
|
|
13 - 2472 2472 -
|
|
14 - - - 2484
|
|
.El
|
|
.Pp
|
|
If an illegal channel is specified, the
|
|
NIC will revert to its default channel.
|
|
For NICs sold in the United States
|
|
and Europe, the default channel is 3.
|
|
For NICs sold in France, the default
|
|
channel is 11.
|
|
For NICs sold in Japan, the only available channel is 14.
|
|
Note that two stations must be set to the same channel in order to
|
|
communicate.
|
|
.It Fl i Ar iface Fl f Ar fragmentation threshold
|
|
Set the fragmentation threshold in bytes.
|
|
This threshold controls the
|
|
point at which outgoing packets will be split into multiple fragments.
|
|
If a single fragment is not sent successfully, only that fragment will
|
|
need to be retransmitted instead of the whole packet.
|
|
The fragmentation
|
|
threshold can be anything from 64 to 2312 bytes.
|
|
The default is 2312.
|
|
.It Fl i Ar iface Fl M Ar 0-15
|
|
Set monitor mode via bit mask, meaning:
|
|
.Bl -tag -offset indent -compact -width 0x000000
|
|
.Em "Bit Mask Meaning"
|
|
.It 0
|
|
to not dump 802.11 packet.
|
|
.It 1
|
|
to enable 802.11 monitor.
|
|
.It 2
|
|
to monitor any SSID.
|
|
.It 4
|
|
to not skip beacons, monitor beacons produces a high system load.
|
|
.It 8
|
|
to enable full Aironet header returned via BPF.
|
|
Note it appears that a SSID must be set.
|
|
.El
|
|
.It Fl i Ar iface Fl r Ar RTS threshold
|
|
Set the RTS/CTS threshold for a given interface.
|
|
This controls the
|
|
number of bytes used for the RTS/CTS handhake boundary.
|
|
The
|
|
.Ar RTS threshold
|
|
can be any value between 0 and 2312.
|
|
The default is 2312.
|
|
.It Fl h
|
|
Prints a list of available options and sample usage.
|
|
.El
|
|
.Sh SECURITY NOTES
|
|
WEP ("wired equivalent privacy") is based on the RC4 algorithm,
|
|
using a 24 bit initialization vector.
|
|
.Pp
|
|
RC4 is supposedly vunerable to certain known plaintext attacks,
|
|
especially with 40 bit keys.
|
|
So the security of WEP in part depends on how much known plaintext
|
|
is transmitted.
|
|
.Pp
|
|
Because of this, although counter-intuitive, using "shared key"
|
|
authentication (which involves sending known plaintext) is less
|
|
secure than using "open" authentication when WEP is enabled.
|
|
.Pp
|
|
Devices may alternate among all of the configured WEP keys when
|
|
tranmitting packets.
|
|
Therefore, all configured keys (up to four) must agree.
|
|
.Sh EXAMPLES
|
|
.Bd -literal -offset indent
|
|
ancontrol -i an0 -v 0 -k 0x12345678901234567890123456
|
|
ancontrol -i an0 -K 2
|
|
ancontrol -i an0 -W 1
|
|
ancontrol -i an0 -e 0
|
|
.Ed
|
|
.Pp
|
|
Sets a WEP key 0, enables "Shared Key" authentication, enables full WEP
|
|
and uses transmit key 0.
|
|
.Sh SEE ALSO
|
|
.Xr an 4 ,
|
|
.Xr ifconfig 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command first appeared in
|
|
.Fx 4.0 .
|
|
.Sh BUGS
|
|
The statistics counters do not seem to show the amount of transmit
|
|
and received frames as increasing.
|
|
This is likely due to the fact that
|
|
the
|
|
.Xr an 4
|
|
driver uses unmodified packet mode instead of letting the NIC perform
|
|
802.11/ethernet encapsulation itself.
|
|
.Pp
|
|
Setting the channel does not seem to have any effect.
|
|
.Sh AUTHORS
|
|
The
|
|
.Nm
|
|
command was written by
|
|
.An Bill Paul Aq wpaul@ee.columbia.edu .
|