Dear all,
I am Luca Bencini an employee of Tecnosistemi S.p.A.
I have to realize an IEEE 802.11 b/g/n sniffer. For this purpose I am looking for a wifi transceiver that support the "monitor mode". The "monitor mode" allows a wireless network interface to monitor all traffic received from a wireless network.
Does TiWi01-R2 support monitor mode? How can I configure it?
Thank you for your help.
Luca Bencini
Hi Luca,
The WL1271 FW does not support monitor mode. TI has licensed the FW to several partners that may be interested in helping you to implement a sniffer. If you want me to help you get it touch with them, please send out your contact information.
Regards,
Eyal
Hello Eyal,
I prefer not to disclose my company name right here and now, but if there is a way to discuss with you in private it would be a pleasure to give you more details.
I am also hoping to realize a 802.11 sniffer using WL1271/WL1273 and feel disappointed to read that its FW does not support monitor mode...
I am not sure I exactly understand what you replied to Luca: does this mean that under some conditions it is possible to have access to WL1271 FW source code in order to adapt it?
Could you help me going further in this direction?
Thank you very much in advance for your help.
Hello again Eyal,
I am coming back to you regarding this.
I wish we could find a way to go on. Is there another way I can contact you?
Thank you very much in advance,
Best regards.
Hi,
I got your email which i will respond
I verified that with Marketing and got their advice. the way to get that contact is to contact TI Local distributer in your Aria and they will be able to help
Thank you for your reply.
Could it be possible that you give us the list of companies that could help us more directly with the firmware? Maybe some of the ones you mentioned in your first post above?
Please note that my company already signed a NDA with TI.
FS
Hi FS,
There are 2 "types" of FW:
I do see the rx-filters registers in the NLCP driver but for some reason they are commented out. Maybe trying to forcely change these value will also do the trick.
Elad
- Elad Raz
CTO
www.integrity-project.com
Would this provide
- all packets for all BSSIDs ?
- or just all the packets for the BSSID that I am part of ?
( My understanding of the wireless promiscuous mode is that it would provide all the packets for the BSSID that I am part of)
Has any tried this and sucessfully got the equivalent of the MONITOR mode running on a wl1271?
thanks
Bernard
All packets that are in the same band. The HW will not drop any packet out. This is risky, since the memblocks in the FW will be block very very fast...
So the packet poll rate suppose to be higher.
I never tried it, and I'm not sure that anyone tried it out.
Elad.
I was asking if had been tried because my undestanding is
that this approach works on the wl1251, but the wl1271 has more "intelligence" and there might not be the right hooks to completely disable the filtering so we can see all packets for all bssids (although some might be encrypted of course) for a given channel
Yep, I look at the FW code, in wl12xx (open-source driver) there is "link" classification for RX, and there are couple of places there to change:
Hello Elad,
Thank you very much for the very valuable information you posted recently.
I am also very interested in enabling wl127x monitor mode but so far all my attempts were unsuccessful. Thanks to you I think I better see why now...
There is something I didn't get: you wrote : "So you need to change the FW as well". I would be super happy to do so, but how can I get access to the firmware sources?
I think that I searched quite thoroughly, but there is no way to get something else than .bin files for firmware...
Could you help me with this?
Thank you very much in advance.
You can't get any access to TI FW. It's not a public code.
You can use external design house (such as ourselves).
- Elad.
Hi Elad,
Thank you.
So: What is the best way for me to contact you directly?
Should I use the contact form on your company's website?