Monitor Mode with Orinoco IEEE 802.11b Cards & Linux
The following is a terse description of how to install the Orinoco
wireless PCMCIA drivers on Suse 9.3. In addition to providing some guidance on
monitor mode, it also helps solve the problem of iwlist eth1
scanning
resulting in the msssage interface doesn't support
scanning
, by upgrading the drivers to a later revision. Note that 0.13e
revision 8 is for kernel 2.6.11: you will need higher revisions if you are
using a later kernel.
- Install the linux kernel sources package, (and the development tools for C/C++ if you haven't already), using YAST.
- Assuming you're running the same version of kernel as the one you
downloaded, go into the
/usr/src/linux
directory, and then runcp /proc/config.gz .; gzip -d config.gz; mv config .config
to get the .config file into the correct place. - Confirm that the symbolic link
/lib/modules/
your versionbuild
points to the sources you just downloaded. - Ensure that the directory
/lib/modules/kernel-version/kernel/drivers/net/wireless/
exists. If it does not, you need to compile the Orinoco drivers as modules into your kernel (go into/usr/src/kernel-version/
and runmake menuconfig
and go through Device Drivers, Networking, Wireless, and select the two Hermes modules). - In the
/usr/src/linux/
directory, runmake prepare-all
. This ensures that scripts/genksyms/genksyms exists and works when it's needed later on. - Download the latest Orinoco drivers (I
used version 0.15). no longer available: now included in Linux kernel.
Update: Version 0.13e is likely to be better for monitor mode: version 0.15 does not provide the monitor modeioctl()
. See below.
Note: if you are using the updated version of this Howto, ignore the remainder of this bulleted list! The old instructions are for the 0.15 version of the drivers. - Unzip the drivers, and then edit the Makefile to comment out the lines relating to PCI cards (68 to 71). As far as I am aware (i.e. this is a guess!), if you are using a PCMCIA card you do not need the PCI modules. The reason for doing this is that on my installation the make failed on the PCI module.
- Download the patch to the v0.15
drivers (scroll down), from the Kismet site to enable
signal strength monitoring. Place the diff file in the same directory
as the unzipped drivers, and run
patch -p1 < orinoco-0.15rc2-dargorn-02.diff
(or the relevant filename). The result should be three patched files.
Note: if you use the 0.13e drivers and the relevant patch with a kernel of version 2.6.11 or higher, there will be compilation errors. See the updated version of these notes below. - Run
make
and thenmake install
. - Run
/etc/init.d/pcmcia restart
. - Now try
iwconfig eth1 mode monitor
(with the appropriate interface ID for your machine), and see if it works (you can check by runningiwconfig eth1
and checking the mode there. Note that without the patch, runningiwpriv eth1
does not list anymonitor
ioctl(), which precludes the use ofiwlist eth1 scanning
. With the patch the ioctl() entry still doesn't appear, but scanning and signal strength do work.
Following more in depth testing and investigation, I found that the above
procedure does not in fact give true monitor mode (in the sense that the
monitor ioctl()
does not appear in the list output by
iwpriv
). The following does appear to work better -- comments welcome!
- Download version 0.13e revision 8 of the Patched Orinoco drivers. These are Dave Gibson's drivers already patched for monitor mode, which have the compilation bug under kernel 2.6.11 fixed.
- These drivers should enable you to work with the newest Orinoco firmware (8.72), but the above page notes that it appears some users are missing packets... See what you find. To check or upgrade your firmware version, you'll need to put the card into a Windows-based machine, and use the Proxim firmware upgrade utility (Proxim no longer hosts the WSUS utility, so this is an alternative source). For this to work properly you are likely to need to Proxim Orinoco driver (no longer available from Proxim, this is from one of the free driver download sites) installed too.
- Having obtained the patched drivers, you should simply unzip them, and run
make
. - Next,
cp *.ko /lib/modules/kernel-version/kernel/drivers/net/wireless/
, to install them. For some reasonmake install
puts the modules into the/lib/modules/kernel-version/extra/
directory, so don't use it. - If you now restart PCMCIA services,
/etc/init.d/pcmcia restart
, the new drivers should be loaded. - Run
iwpriv eth1
(or whatever your interface name is) to see whether themonitor
mode now appears in the list ofioctl()
calls. If you don't have this command, install Jean Tourrilhe'swireless-tools
package (under Gentoo this isnet-wireless/wireless-tools
). - To run
tcpdump
on the interface, you'll also want to perform channel hopping. You can use Snax's Channel hopper. Compile usinggcc -o hopper orinoco_hopper.c
. Then you can just./hopper
to start it off. Runningtcpdump eth1
should then produce some output (assuming there are one or more active wireless networks around). - Note that the channel hopper will interfere with
iwlist
. In my case to getiwlist
to produce any output again, the channel hopper had to be terminated, and then PCMCIA services restarted. You may have better luck: if you do please let me know! ;-).
Note: Another useful page is Airsnort's Orinoco page.