TiWi01-R2 sniffer

Hi Luca,

The WL1271 FW does not support monitor mode. TI has licensed the FW to several partners that may be interested in helping you to implement a sniffer. If you want me to help you get it touch with them, please send out your contact information.

Regards,

Eyal

Hello Eyal,

I prefer not to disclose my company name right here and now, but if there is a way to discuss with you in private it would be a pleasure to give you more details.

I am also hoping to realize a 802.11 sniffer using WL1271/WL1273 and feel disappointed to read that its FW does not support monitor mode...

I am not sure I exactly understand what you replied to Luca: does this mean that under some conditions it is possible to have access to WL1271 FW source code in order to adapt it?

Could you help me going further in this direction?

Thank you very much in advance for your help.

Hello again Eyal,

I am coming back to you regarding this.

I wish we could find a way to go on. Is there another way I can contact you?

Thank you very much in advance,

Best regards.

Hi,

I got your email which i will respond

Regards,

Eyal

Hi,

I verified that with Marketing and got their advice. the way to get that contact is to contact TI Local distributer in your Aria and they will be able to help

Regards,

Eyal  

Hello Eyal,

Thank you for your reply.

Could it be possible that you give us the list of companies that could help us more directly with the firmware? Maybe some of the ones you mentioned in your first post above?

Please note that my company already signed a NDA with TI.

Best regards.

FS

Hi FS,

There are 2 "types" of FW:

• Open source project (Internally called NLCP) which you can download via git. 
• MCP driver sources + firmware

I do see the rx-filters registers in the NLCP driver but for some reason they are commented out. Maybe trying to forcely change these value will also do the trick. 

Elad

Would this provide

       - all packets for all BSSIDs ?

        - or just all the packets for the BSSID that I am part of ?

( My understanding of the wireless promiscuous mode is that it would provide all the packets for the BSSID that I am part of)

Has any tried this and sucessfully got the equivalent of the MONITOR mode running on a wl1271?

thanks

Bernard

All packets that are in the same band. The HW will not drop any packet out. This is risky, since the memblocks in the FW will be block very very fast...

So the packet poll rate suppose to be higher.

I never tried it, and I'm not sure that anyone tried it out.

Elad.

I was asking if had been tried because my undestanding is

that this approach works on the wl1251, but the wl1271 has more "intelligence" and there might not be the right hooks to completely disable the filtering so we can see all packets for all bssids (although some might be encrypted of course) for a given channel

Bernard

Yep, I look at the FW code, in wl12xx (open-source driver) there is "link" classification for RX, and there are couple of places there to change:

1. Encrypted frame are being decrypted by the FW and thrown away if there is no key (and we don't have it)
2. The MAC address are being classified to link-ids, and wrong classification will also mean that the packet is being dispose.

Hello Elad,

Thank you very much for the very valuable information you posted recently. 

I am also very interested in enabling wl127x monitor mode but so far all my attempts were unsuccessful. Thanks to you I think I better see why now...

There is something I didn't get: you wrote : "So you need to change the FW as well".  I would be super happy to do so, but how can I get access to the firmware sources?

I think that I searched quite thoroughly, but there is no way to get something else than .bin files for firmware...

Could you help me with this? 

Thank you very much in advance.

FS 

You can't get any access to TI FW. It's not a public code.

You can use external design house (such as ourselves).

- Elad.

Hi Elad,

Thank you.

So: What is the best way for me to contact you directly?

Should I use the contact form on your company's website? 

You can use website's email, and you have my public email under my profile

Ok: I overlooked the fact your public email is readily available on your profile, thanks. I'll get in touch with you shortly.

Elad Raz92038 said:

You can't get any access to TI FW. It's not a public code.

You can use external design house (such as ourselves).

- Elad.

I would be very interested in talking to you about this.  I sent an email, but haven't heard back.  Is there a better way to touch base with you?

Thanks,

Craig

Hi Craig,

Thank you for getting touch with us. Just for the forum purposes, my email work fine. I haven't been next to it in the last 3 days. Hope you will enjoy our services.

- Elad

Eyal,

I am interested in discussing licensing options (direct and via third parties) for WL1271 custom firmware. Can you put me in contact with the appropriate person at TI? Below is my email:

vic.gunter@teligy.com.

Thanks,.

Vic

Eyal,

I'm very interested in Monitor mode for the WL1283. Is it supported by TI? I would also be interested in partners that provide this support.

My contact info:

Greg Munroe

gmunroe@keywcorp.com

Thanks,

--

Greg

Hi,

Basically Monitor mode is not supported by TI and please note that there are 2 main limitations in the chipset for Monitor mode, the first limitation is that we support 11n single stream therefore we cannot guarantee reception of MIMO traffic due to CPU load (MIMO is twice the traffic), in addition the Host interface is SDIO which limits the traffic rate between the Chip and the Host.

Regards,

Eyal

Hi Greg

As Eyal mentioned out, there are issues with develop monitor mode as is, either HW limitation to 11n rates and throughput issues that might occurred (=packet lost).

However, there are solution to compensate on these drawbacks depending on your desired product. 

We will talk offline. 

Thanks,

- Elad

Hi,

  I am Lavanya from Sasken Inida, in our project we are using Panda board with TiWi BLE wireless module. Even if we set "RX_CONFIG" and "RX_FILTER" we are able to receive only few packet from the other BSSID and STAs. We came to know FW does not support monitor mode even if we enable RX_CFG_PROMISCUOUS. How to resolve this, Does TI released new FW binary with monitor mode enabled? Please give me some solution for this issue.

Thanks,

Lavanya

Hi Luca,

Intelligraphics offers a TI-based Sniffer as described at http://www.intelligraphics.com/wlan-packet-sniffer-development.

We have source code and can customize TI WLAN firmware.  We have available full featured off-the-shelf sniffer firmware for WL125x, WL127x and WL128x.

Please email me at andrew.duquet@intelligraphics.com if you would like more info on this.

Regards

-Andrew

Hi All,

I'm pleased to say that there is WiLink 8 sniffer (monitor) mode as well

You can read about it at - WiLink monitor mode