I wanted to use the Intel AX210 WiFi-6E adapter that supports the new 6GHz channels to capture traffic once I was able to setup communications between an Extreme AP4000u AP and a Windows 11 PC with the same Intel AX210 adapter. I could tell the Windows system was using 6GHz channels via netsh commands, but wanted to check the traffic via monitor mode.
My Linux capture platform is
user@system:~$ cat /etc/debian_version
11.1
running kernel
user@system:~$ uname -a
Linux system 5.14.0-0.bpo.2-amd64 #1 SMP Debian 5.14.9-2~bpo11+1 (2021-10-10) x86_64 GNU/Linux
Ndx Iface Phy Driver Mode Up? Channel Width Center Packets
0 wlan1 phy3 rt2800usb monitor Y 1 (2412MHz) 20MHz 2412 MHz 1298
1 wlan6 phy2 rt2800usb monitor Y 6 (2437MHz) 20MHz 2437 MHz 1407
2 wlan11 phy4 rt2800usb monitor Y 11 (2462MHz) 20MHz 2462 MHz 3462
3 wlancu phy1 mt76x2u managed N 0
4 wlp1s0 phy0 iwlwifi managed Y 36 (5180MHz) 80MHz 5210 MHz 2270
The AX210 wireless adapter is phy0 here and shows up in lspci as:
01:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
with
capabilities:user@system:~$
iw phy phy0 info
<cut>
Frequencies:
* 5955 MHz [1] (disabled)
* 5975 MHz [5]
(disabled)
* 5995 MHz [9] (disabled)
* 6015 MHz [13] (disabled)
* 6035 MHz [17]
(disabled)
<cut>
Notice that the 6GHz channels are all ‘disabled’? That doesn’t bode well for trying to capture on these channels.
This is what I had to go through to get the adapter to correctly assess that it was in an FCC region, and that it could actually use these 6GHz channels. Though the regulatory domain is correct for the system, it does not much matter when the adapter does not respect the system setting:
user@system:~$
iw reg get
global
country US: DFS-FCC
(2400 -
2483 @ 40), (N/A, 30), (N/A)
(5150 - 5250 @ 80), (N/A, 23),
(N/A), AUTO-BW
(5250 - 5350 @ 80), (N/A, 23), (0 ms), DFS,
AUTO-BW
(5470 - 5730 @ 160), (N/A, 23), (0 ms), DFS
(5730
- 5850 @ 80), (N/A, 30), (N/A)
(57240 - 71000 @ 2160), (N/A,
40), (N/A)
phy#0 (self-managed)
country 00:
DFS-UNSET
(2402 - 2437 @ 40), (6, 22), (N/A), AUTO-BW,
NO-HT40MINUS, NO-80MHZ, NO-160MHZ
(2422 - 2462 @ 40), (6,
22), (N/A), AUTO-BW, NO-80MHZ, NO-160MHZ
(2447 - 2482 @ 40),
(6, 22), (N/A), AUTO-BW, NO-HT40PLUS, NO-80MHZ, NO-160MHZ
(5170
- 5190 @ 160), (6, 22), (N/A), NO-OUTDOOR, AUTO-BW, IR-CONCURRENT,
NO-HT40MINUS, PASSIVE-SCAN
(5190 - 5210 @ 160), (6, 22),
(N/A), NO-OUTDOOR, AUTO-BW, IR-CONCURRENT, NO-HT40PLUS,
PASSIVE-SCAN
(5210 - 5230 @ 160), (6, 22), (N/A), NO-OUTDOOR,
AUTO-BW, IR-CONCURRENT, NO-HT40MINUS, PASSIVE-SCAN
(5230 -
5250 @ 160), (6, 22), (N/A), NO-OUTDOOR, AUTO-BW, IR-CONCURRENT,
NO-HT40PLUS, PASSIVE-SCAN
(5250 - 5270 @ 160), (6, 22), (0
ms), DFS, AUTO-BW, NO-HT40MINUS, PASSIVE-SCAN
(5270 - 5290 @
160), (6, 22), (0 ms), DFS, AUTO-BW, NO-HT40PLUS,
PASSIVE-SCAN
(5290 - 5310 @ 160), (6, 22), (0 ms), DFS,
AUTO-BW, NO-HT40MINUS, PASSIVE-SCAN
(5310 - 5330 @ 160), (6,
22), (0 ms), DFS, AUTO-BW, NO-HT40PLUS, PASSIVE-SCAN
(5490 -
5510 @ 240), (6, 22), (0 ms), DFS, AUTO-BW, NO-HT40MINUS,
PASSIVE-SCAN
(5510 - 5530 @ 240), (6, 22), (0 ms), DFS,
AUTO-BW, NO-HT40PLUS, PASSIVE-SCAN
(5530 - 5550 @ 240), (6,
22), (0 ms), DFS, AUTO-BW, NO-HT40MINUS, PASSIVE-SCAN
(5550 -
5570 @ 240), (6, 22), (0 ms), DFS, AUTO-BW, NO-HT40PLUS,
PASSIVE-SCAN
(5570 - 5590 @ 240), (6, 22), (0 ms), DFS,
AUTO-BW, NO-HT40MINUS, PASSIVE-SCAN
(5590 - 5610 @ 240), (6,
22), (0 ms), DFS, AUTO-BW, NO-HT40PLUS, PASSIVE-SCAN
(5610 -
5630 @ 240), (6, 22), (0 ms), DFS, AUTO-BW, NO-HT40MINUS,
PASSIVE-SCAN
(5630 - 5650 @ 240), (6, 22), (0 ms), DFS,
AUTO-BW, NO-HT40PLUS, PASSIVE-SCAN
(5650 - 5670 @ 80), (6,
22), (0 ms), DFS, AUTO-BW, NO-HT40MINUS, NO-160MHZ,
PASSIVE-SCAN
(5670 - 5690 @ 80), (6, 22), (0 ms), DFS,
AUTO-BW, NO-HT40PLUS, NO-160MHZ, PASSIVE-SCAN
(5690 - 5710 @
80), (6, 22), (0 ms), DFS, AUTO-BW, NO-HT40MINUS, NO-160MHZ,
PASSIVE-SCAN
(5710 - 5730 @ 80), (6, 22), (0 ms), DFS,
AUTO-BW, NO-HT40PLUS, NO-160MHZ, PASSIVE-SCAN
(5735 - 5755 @
80), (6, 22), (N/A), AUTO-BW, IR-CONCURRENT, NO-HT40MINUS, NO-160MHZ,
PASSIVE-SCAN
(5755 - 5775 @ 80), (6, 22), (N/A), AUTO-BW,
IR-CONCURRENT, NO-HT40PLUS, NO-160MHZ, PASSIVE-SCAN
(5775 -
5795 @ 80), (6, 22), (N/A), AUTO-BW, IR-CONCURRENT, NO-HT40MINUS,
NO-160MHZ, PASSIVE-SCAN
(5795 - 5815 @ 80), (6, 22), (N/A),
AUTO-BW, IR-CONCURRENT, NO-HT40PLUS, NO-160MHZ, PASSIVE-SCAN
(5815
- 5835 @ 40), (6, 22), (N/A), AUTO-BW, IR-CONCURRENT, NO-HT40MINUS,
NO-80MHZ, NO-160MHZ, PASSIVE-SCAN
What I had to do is bring up the adapter in managed mode, add a secondary monitor interface to this phy, and then perform a scan:
user@system:~$ sudo iw dev wlp1s0 set type managed
user@system:~$ sudo ip link set wlp1s0 up
user@system:~$ sudo iw phy phy0 interface add mon0 type monitor
user@system:~$ sudo ip link set mon0 up
<cut>
user@system:~$ iw reg get
global
country US: DFS-FCC
<cut>
phy#0 (self-managed)
country US: DFS-UNSET
<cut>
<cut>
Frequencies:
* 5955 MHz [1] (22.0 dBm) (no IR)
* 5975 MHz [5] (22.0 dBm) (no IR)
* 5995 MHz [9] (22.0 dBm) (no IR)
* 6015 MHz [13] (22.0 dBm) (no IR)
* 6035 MHz [17] (22.0 dBm) (no IR)
<cut>
Disable the managed interface:
Set a 6GHz channel and use your favorite capture system (tcpdump, dumpcap, wireshark, etc) to capture monitor mode on 6GHz:
user@system:~$ sudo iw mon0 set freq 6935 160 6985
No comments:
Post a Comment