nexmon icon indicating copy to clipboard operation
nexmon copied to clipboard

Published 20 hours ago โ€ข verified publisher icon seemoo-lab

with 0x88, no packet is captured

Open mikeWangJC opened this issue 4 years ago โ€ข 11 comments

Hey guys, I meet some problem in using this interesting tool, hope someone can help me to find the answer.

  1. With the 0x80, the receiver can captures packets, but receiver can never capture packet wih 0x88. So, why is this?

  2. The collected CSI data usually covers only 20MHz. By viewing other issues, I understand the reason for this phenomenon. However, is there any way to make sure that I can collect CSI with bandwidth of 80MHz stably?

Compared to the Intel 5300 CSI tool and Atheros (I have used both tools), the advantage of this nexmon tool is that it can collect CSI with a larger bandwidth. When I use the Intel 5300 CSI tool, I can control the frequency and bandwidth of the signal, so I can collect the CSI I want, I mean with specific frequency and bandwidth.

However, in nexmon, I failed to collect stable CSI with bandwidth of 80MHz on 5G.

So, I hope someone can help me. Thanks in advance! :)

mikeWangJC avatar May 08 '20 12:05 mikeWangJC

I have had success capturing ICMP ping packets @ 80Mhz. I found sometimes you have to play with the payload size (increase it) to get the packets to appear. I found It is AP dependent how 0x88 packets behave. Alternatively, you can go with the packet injection route, and control bandwidth/channel manually.

mzakharo avatar May 08 '20 12:05 mzakharo

@mzakharo I also encountered the same problem, so what should I do? Specific steps......๐Ÿ˜‚

289536718 avatar May 08 '20 12:05 289536718

@mzakharo Hi buddy, thank you very much for your reply!!!! The problem is how to realize the packet injection route??? Do hope you can help me with this! THANK YOU SO MUCH!

mikeWangJC avatar May 08 '20 12:05 mikeWangJC

Never needed to play with frame injection -> ping works reliably with my AC-68U AP and was simple enough to get what I needed. From what I understand, any NIC that supports frame injection will do -> you can use scapy to craft the message. If you want to use broadcomm, it seems 4339 firmware patch has extra bells and whistles-> not only you can control data rate, but set periodicity and number of packets to inject, which will be guaranteed to be precise by the firmware.

mzakharo avatar May 08 '20 13:05 mzakharo

4339 firmware patch .Is mobisys2018_nexmon_software_defined_radio?@mzakharo ๐Ÿ˜‚ i used ping to my route,but it seems But it doesn't seem to work.

289536718 avatar May 08 '20 13:05 289536718

No, you probably dont need SDR. Try this: https://www.aircrack-ng.org/doku.php?id=aireplay-ng

mzakharo avatar May 08 '20 13:05 mzakharo

@mzakharo Thank you, sir. I'll try what you say. I hope I can keep in touch here๐Ÿ˜‚

289536718 avatar May 08 '20 13:05 289536718

@mzakharo
dude, itried โ€˜ping+IP of another AP on 5Gโ€™ on my ASUS ac86u, but no packet is received. Can you help me with this?

mikeWangJC avatar May 08 '20 15:05 mikeWangJC

@mzakharo hi, dude, as you said,how to increase the payload size?

mikeWangJC avatar May 09 '20 13:05 mikeWangJC

@mzakharo Sir, I want to use RI4 to inject frame into ac86u to collect 80MHz CSI. Use aireplay-ng for injection. The command is: aireplay-ng -9 -e essid -a bssid -i eth5 mon0. The ac-86u has installed nexmon_csi and enabled monitoring mode (eth5).

An error occurred: IOCTL (siocginfindex) failed: no such device How can I solve it? I have switched two network cards to the same channel.๐Ÿ˜‚

289536718 avatar May 10 '20 12:05 289536718

I can detect ping around 2600 bytes ping -s 2600

nabeelni avatar Oct 03 '22 08:10 nabeelni