First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

5 GHz Problems. Can someone help me with a single beacon?

  • retag add tags

Hello Everyone,

Forum is not letting me upload. Single AP beacon here.

http://s000.tinyupload.com/?file_id=3...

I am not able to see the traffic on Kali with Alfa 36ACH on 5GHz on many APs. This my AP is an example. 2.4GHz is fine.

What "iw" command do I need to run to see clients of this AP?

Many thanks!

Jesus, this CAPTCHA expired again. It takes 5 minutes with 10 CAPTCHA screens. Who thought of putting this on logged in users???

As requested:

Association Request From Client: http://s000.tinyupload.com/?file_id=0...

lsusb: Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter



iw phy phy5 info 

    Band 2:
        Capabilities: 0x19f2
            HT20/HT40
            Static SM Power Save
            RX Greenfield
            RX HT20 SGI
            RX HT40 SGI
            TX STBC
            RX STBC 1-stream
            Max AMSDU length: 7935 bytes
            DSSS/CCK HT40
        Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
        Minimum RX AMPDU time spacing: 16 usec (0x07)
        HT Max RX data rate: 952 Mbps
        HT TX/RX MCS rate indexes supported: 0-15
        VHT Capabilities (0x03c13aa2):
            Max MPDU length: 11454
            Supported Channel Width: neither 160 nor 80+80
            short GI (80 MHz)
            TX STBC
            SU Beamformer
            SU Beamformee
            +HTC-VHT
        VHT RX MCS set:
            1 streams: MCS 0-9
            2 streams: MCS 0-9
            3 streams: not supported
            4 streams: not supported
            5 streams: not supported
            6 streams: not supported
            7 streams: not supported
            8 streams: not supported
        VHT RX highest supported: 867 Mbps
        VHT TX MCS set:
            1 streams: MCS 0-9
            2 streams: MCS 0-9
            3 streams: not supported
            4 streams: not supported
            5 streams: not supported
            6 streams: not supported
            7 streams: not supported
            8 streams: not supported
        VHT TX highest supported: 867 Mbps
        Bitrates (non-HT):
            * 6.0 Mbps
            * 9.0 Mbps
            * 12.0 Mbps
            * 18.0 Mbps
            * 24.0 Mbps
            * 36.0 Mbps
            * 48.0 Mbps
            * 54.0 Mbps
        Frequencies:
            * 5180 MHz [36] (20.0 dBm) (no IR)
            * 5200 MHz [40] (20.0 dBm) (no IR)
            * 5220 MHz [44] (20.0 dBm) (no IR)
            * 5240 MHz [48] (20.0 dBm) (no IR)
            * 5260 MHz [52] (20.0 dBm) (no IR, radar detection)
CountingCrowz's avatar
3
CountingCrowz
asked 2019-08-19 16:46:33 +0000, updated 2019-08-19 21:10:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Unfortunately the CAPTCHA is necessary to keep the SPAM merchants down to a manageable level.

grahamb's avatar grahamb (2019-08-19 16:57:07 +0000) edit
more
  • delete

ip link set wlan0 down

iwconfig wlan0 mode monitor

iw dev wlan0 set channel 36 80MHz

ip link set wlan0 up

If I run iw with 80MHz, I can see the client in airodump-ng (Not with HT40+): Sorry I am not able to insert picture: https://i.imgur.com/cXtn6Pi.jpg

CountingCrowz's avatar CountingCrowz (2019-08-19 16:57:08 +0000) edit
more
  • delete

Yes I understand graham, but that is a bit overkill. At least it is not asking me on comments :)

CountingCrowz's avatar CountingCrowz (2019-08-19 16:59:25 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

What "iw" command do I need to run to see clients of this AP?

You did not give us enough information to know for sure, but probably no command will help you here. The performance envelope of the capture system has to be at least as big, or bigger, than the traffic you want to capture. With only one side of the communication (the beacon), we know what the AP will do; with an Association Request from the client, we would know what the client under review can do, performance wise, but this is not shown.

The beacon supports HT and VHT, 3SS, SGI, and LDPC.

For HT:

.... .... .... ...1 = HT LDPC coding capability: Transmitter supports receiving LDPC coded packets

For VHT:

.... .... .... .... .... .... ...1 .... = Rx LDPC: Supported

We don't know the client, but that capture adapter is, I think, an RTL8812au(https://wikidevi.com/wiki/ALFA_Network_AWUS036ACH). I have one of these chips:

 #lsusb
 Senao EUB1200AC AC1200 DB Wireless Adapter [Realtek RTL8812AU]

and from iw info it is a 2SS, SGI, but no LDPC (look under capabilities for RX LDPC):

#iw phy phy5 info
Band 2:
                Capabilities: 0x1a72
                        HT20/HT40
                        Static SM Power Save
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        RX STBC 2-streams
                        Max AMSDU length: 7935 bytes
                        DSSS/CCK HT40

                VHT RX MCS set:
                        1 streams: MCS 0-9
                        2 streams: MCS 0-9
                        3 streams: not supported

I would suspect that your client under review uses LPDC or is using 3SS to communicate with the AP, but your capture adapter is only 2SS and no LDPC. Most mobile devices are 2SS, so that leaves the probability at LDPC mismatch. However, some clients can do 3SS so it can't be ruled out at this point; in fact, it could be both. In any event, the AP can handle higher modulations than the capture setup so you have to be careful.

How to prove?

  1. Check the Association Request of the client and compare these performance-related fields
  2. Use a known adapter that can handle this performance envelope, and look at the radiotap header information from the frames that are captured between the client and AP and try to figure out what is unique about them that the 8812au can't pick up

You can also see if you can disable LDPC (very much depends on the AP and client - only need to disable on one of them) and/or allow only 2SS as a test to get the target traffic within the envelope of the test capability. I have not seen any Linux commands that control LDPC capabilities - either adapters have the capability and use it or don't when in monitor mode.

Bob Jones's avatar
1.5k
Bob Jones
answered 2019-08-19 20:03:40 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hey Bob, a quick thank you for this. I wanted to thank you for your answer from 2016 in another thread (I learnt where to look for primary/secondary channel): https://osqa-ask.wireshark.org/questi...

CountingCrowz's avatar CountingCrowz (2019-08-19 20:28:47 +0000) edit
more
  • delete

Yes, that is correct adaptor: Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter

I am not interested in adjusting anything in the AP, because I do not have control over other APs. I am trying to understand how I can see them, or what I need to configure to see them.

Client for now is: Killer Wireless-n/a/ac 1535 Wireless Network Adapter

I will see if I can get an association request capture.

CountingCrowz's avatar CountingCrowz (2019-08-19 20:36:27 +0000) edit
more
  • delete

Association Request from client is here: http://s000.tinyupload.com/?file_id=0...

CountingCrowz's avatar CountingCrowz (2019-08-19 20:48:21 +0000) edit
more
  • delete

Bob, updated the OP with data you requested. Also, I think this is beyond forum help and into paid help. Is there an IM system in forum to discuss this, or some sort of payment compensation for time spent on my issue?

CountingCrowz's avatar CountingCrowz (2019-08-19 21:13:13 +0000) edit
more
  • delete

From the AssocRqst, the client is HT/VHT, 2SS, SGI, LDPC capable. Suspicion is confirmed - try a capture adapter that can do LDPC.

Try a recent MacBook, Alfa AWUS036ACM, or Intel AC-7265, 8260/5, etc., for 2SS/SGI/LDPC support. This Alfa is a Mediatek 7612 with support in very recent kernels (4.19+) but is USB based and has decent performance.

Bob Jones's avatar Bob Jones (2019-08-19 21:21:13 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer