Revision history [back]

Hello

I am trying to debug a connection problem with an arduino using wifi. Specifically I am trying to resolve a MQTT error, however in that effort I can't get to the point where I can debug the problem via decoding third party devices.

I have used the wiki to create a monitor interface. I have added my keyphrase:ssid pair in 802.11 keys. I have turned the arduino device off and on so that it rejoins the network in an effort to capture the EAPOL handshaking sequnce. I can't see decoded frames in wireshark so perhaps I am not capturing the EAPOL sequence.

If I add to the Display Filter eapol, the capture shows two frames. Both have the router as the src and the arduino as the destination. The frame info for these two frames say Message 1 of 4 and message 3 of 4. The other two don't show up. Is this a problem?

Hello

I am trying to debug a connection problem with an arduino using wifi. Specifically I am trying to resolve a MQTT error, however in that effort I can't get to the point where I can debug the problem via decoding third party devices.

I have used the wiki to create a monitor interface. I have added my keyphrase:ssid pair in 802.11 keys. I have turned the arduino device off and on so that it rejoins the network in an effort to capture the EAPOL handshaking sequnce. I can't see decoded frames in wireshark so perhaps I am not capturing the EAPOL sequence.

If I add to the Display Filter eapol, the capture shows two frames. Both have the router as the src and the arduino as the destination. The frame info for these two frames say Message 1 of 4 and message 3 of 4. The other two don't show up. Is this a problem?

#!/bin/bash

# From wireshark wiki.


#ORIG DEFAULT_WIPHY=phy0
DEFAULT_WIPHY=wlx00c0ca6d23eb
#DEFAULT_WIPHY=wlp4s0
#ORIG WIPHY=${1:-$DEFAULT_WIPHY}
WIPHY=${DEFAULT_WIPHY}

DEFAULT_MONIF=mon0
#ORIG MONIF=${2:-$DEFAULT_MONIF}
MONIF=${DEFAULT_MONIF}

# The original src gives a valid reason to
# have the channels to be the same.
DEFAULT_CHANNEL=6


#sudo ip link set mon0 down
echo "Setting up wifi monitor interface on" $WIPHY
# This iw command can only be done once    
# This command below runs once and creates the mon0 interface.  I've
# tried with software to remove the mon0 interface and redo the command 
# without an error.  I never could do that.  The only way is to remove
# the usb connection or reboot.
sudo iw $WIPHY interface add mon0 type monitor flags none control otherbss

echo "Bringing up $MONIF"
#ORIG sudo ifconfig mon0 up promisc
# I did this by accident.  In case it mattered.  I already had the network 
# in use so no telling.
#sudo ip link set $DEFAULT_WIPHY down
#JFDecho sudo ip link set $DEFAULT_WIPHY up
#JFDsudo ip link set $DEFAULT_WIPHY up

sudo ip link set $DEFAULT_WIPHY promisc on


sudo ip link set mon0 promisc on 
sudo ip link set $DEFAULT_WIPHY up
sudo ip link set mon0 up



echo "Setting wifi channel to" $CHANNEL
sudo iw dev $DEFAULT_WIPHY set channel $DEFAULT_CHANNEL
sudo iw dev mon0 set channel $DEFAULT_CHANNEL



echo Still need to configure interface options in Wireshark for monitor mode for mon0.
echo Use capture on interface mon0 afterwards.

echo Some errors will generate when run twice.
echo Verify the ssid, channel and interface names 
sudo iw dev

echo verify the promisc flag with these commands
sudo ip addr show $WIPHY
sudo ip addr show mon0

echo The arduino is captured using this display filter
echo F8:F0:5:EC:83:8
echo wlan.addr == F8:F0:5:EC:83:8

Use capture on interface mon0 afterwards.
Some errors will generate when run twice.
Verify the ssid, channel and interface names
phy#3
    Interface mon0
        ifindex 11
        wdev 0x300000002
        addr 00:c0:ca:6d:23:eb
        type monitor
        txpower 30.00 dBm
    Interface wlx00c0ca6d23eb
        ifindex 10
        wdev 0x300000001
        addr 00:c0:ca:6d:23:eb
        ssid WRCNC Guest
        type managed
        channel 11 (2462 MHz), width: 20 MHz (no HT), center1: 2462 MHz
        txpower 30.00 dBm
phy#0
    Unnamed/non-netdev interface
        wdev 0x5
        addr a0:d3:7a:d9:da:b0
        type P2P-device
        txpower 0.00 dBm
    Interface phy0.mon
        ifindex 7
        wdev 0x3
        addr a0:d3:7a:d9:da:af
        type monitor
        txpower 0.00 dBm
    Interface wlp4s0
        ifindex 3
        wdev 0x1
        addr a0:d3:7a:d9:da:af
        ssid WRCNC Guest
        type managed
        channel 36 (5180 MHz), width: 40 MHz, center1: 5190 MHz
        txpower 22.00 dBm
verify the promisc flag with these commands
10: wlx00c0ca6d23eb: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:c0:ca:6d:23:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.176/24 brd 192.168.3.255 scope global dynamic noprefixroute wlx00c0ca6d23eb
       valid_lft 86366sec preferred_lft 86366sec
    inet6 fe80::e037:e7b0:9364:af07/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
11: mon0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ieee802.11/radiotap 00:c0:ca:6d:23:eb brd ff:ff:ff:ff:ff:ff
The arduino is captured using this display filter
F8:F0:5:EC:83:8
wlan.addr == F8:F0:5:EC:83:8

Hello

I am trying to debug a connection problem with an arduino using wifi. Specifically I am trying to resolve a MQTT error, however in that effort I can't get to the point where I can debug the problem via decoding third party devices.

I have used the wiki to create a monitor interface. I have added my keyphrase:ssid pair in 802.11 keys. I have turned the arduino device off and on so that it rejoins the network in an effort to capture the EAPOL handshaking sequnce. I can't see decoded frames in wireshark so perhaps I am not capturing the EAPOL sequence.

If I add to the Display Filter eapol, the capture shows two frames. Both have the router as the src and the arduino as the destination. The frame info for these two frames say Message 1 of 4 and message 3 of 4. The other two don't show up. Is this a problem?

EDIT to show more detail about my setup.

This is the script I use to bring up mon0.

#!/bin/bash

# From wireshark wiki.


#ORIG DEFAULT_WIPHY=phy0
DEFAULT_WIPHY=wlx00c0ca6d23eb
#DEFAULT_WIPHY=wlp4s0
#ORIG WIPHY=${1:-$DEFAULT_WIPHY}
WIPHY=${DEFAULT_WIPHY}

DEFAULT_MONIF=mon0
#ORIG MONIF=${2:-$DEFAULT_MONIF}
MONIF=${DEFAULT_MONIF}

# The original src gives a valid reason to
# have the channels to be the same.
DEFAULT_CHANNEL=6


#sudo ip link set mon0 down
echo "Setting up wifi monitor interface on" $WIPHY
# This iw command can only be done once    
# This command below runs once and creates the mon0 interface.  I've
# tried with software to remove the mon0 interface and redo the command 
# without an error.  I never could do that.  The only way is to remove
# the usb connection or reboot.
sudo iw $WIPHY interface add mon0 type monitor flags none control otherbss

echo "Bringing up $MONIF"
#ORIG sudo ifconfig mon0 up promisc
# I did this by accident.  In case it mattered.  I already had the network 
# in use so no telling.
#sudo ip link set $DEFAULT_WIPHY down
#JFDecho sudo ip link set $DEFAULT_WIPHY up
#JFDsudo ip link set $DEFAULT_WIPHY up

sudo ip link set $DEFAULT_WIPHY promisc on


sudo ip link set mon0 promisc on 
sudo ip link set $DEFAULT_WIPHY up
sudo ip link set mon0 up



echo "Setting wifi channel to" $CHANNEL
sudo iw dev $DEFAULT_WIPHY set channel $DEFAULT_CHANNEL
sudo iw dev mon0 set channel $DEFAULT_CHANNEL



echo Still need to configure interface options in Wireshark for monitor mode for mon0.
echo Use capture on interface mon0 afterwards.

echo Some errors will generate when run twice.
echo Verify the ssid, channel and interface names 
sudo iw dev

echo verify the promisc flag with these commands
sudo ip addr show $WIPHY
sudo ip addr show mon0

echo The arduino is captured using this display filter
echo F8:F0:5:EC:83:8
echo wlan.addr == F8:F0:5:EC:83:8

Here is the output of the above script

Use capture on interface mon0 afterwards.
Some errors will generate when run twice.
Verify the ssid, channel and interface names
phy#3
    Interface mon0
        ifindex 11
        wdev 0x300000002
        addr 00:c0:ca:6d:23:eb
        type monitor
        txpower 30.00 dBm
    Interface wlx00c0ca6d23eb
        ifindex 10
        wdev 0x300000001
        addr 00:c0:ca:6d:23:eb
        ssid WRCNC Guest
        type managed
        channel 11 (2462 MHz), width: 20 MHz (no HT), center1: 2462 MHz
        txpower 30.00 dBm
phy#0
    Unnamed/non-netdev interface
        wdev 0x5
        addr a0:d3:7a:d9:da:b0
        type P2P-device
        txpower 0.00 dBm
    Interface phy0.mon
        ifindex 7
        wdev 0x3
        addr a0:d3:7a:d9:da:af
        type monitor
        txpower 0.00 dBm
    Interface wlp4s0
        ifindex 3
        wdev 0x1
        addr a0:d3:7a:d9:da:af
        ssid WRCNC Guest
        type managed
        channel 36 (5180 MHz), width: 40 MHz, center1: 5190 MHz
        txpower 22.00 dBm
verify the promisc flag with these commands
10: wlx00c0ca6d23eb: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:c0:ca:6d:23:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.176/24 brd 192.168.3.255 scope global dynamic noprefixroute wlx00c0ca6d23eb
       valid_lft 86366sec preferred_lft 86366sec
    inet6 fe80::e037:e7b0:9364:af07/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
11: mon0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ieee802.11/radiotap 00:c0:ca:6d:23:eb brd ff:ff:ff:ff:ff:ff
The arduino is captured using this display filter
F8:F0:5:EC:83:8
wlan.addr == F8:F0:5:EC:83:8

Here is the EAPOL Message 1 of 4 highlighted. Below that you see a response and then later the 3 of 4.

The markdown does not show an https url? Here is the URL for the decode screenshot. https://imgur.com/WESPxse