There is an open router that can't be seen by my cellphone, but can be seen by my notebook. I ran kismet on it and the display does not show the channel number, though if you drill down a bit in kismet it can show the frequencies being used.
I'm going to see if I can get the place to flash the firmware. I doubt it left the factory in this mode. It's a Dlink router (model unknown). Dlink is OK stuff. (Not my choice though.) Not knowing enough about wifi, I find it baffling that kismet can see everything about this router but the channel it wants to use. When a router broadcasts it's SSID and such, is this on the selected channel, or is there a frequency where all the wifi devices go to er um hook-up. ;-)
If this is a wifi device of any sort that anything can see, it must be transmitting packets of some sort.
If it's an access point ("router"), then if it's transmitting packets, they have to be on one specific channel. Normally an AP will transmit about 10 beacons per second on that channel.
If you're really curious about this stuff, get a sniffer and the Gast book.
If this is a "router" (AP), then it must beacon. Beacons are always broadcast.
The channel is not a data field *inside* the beacon, but rather is an aspect of the physical transmission. That is: if I am scanning or sniffing on channel 1 (2412 MHz), and if I can decode an 802.11 beacon, then I can infer that that beacon is transmitted on channel 1[*]
Cheers,
Aaron
[*] Although this is actually not strictly true, especially if using DSSS modulation (1 and 2 Mbps.) E.g. if an 802.11b transmitter is transmitting at 1Mbps on a center frequency of 2412 MHz (channel 1), and if my receiver is tuned to a center frequency of say 2422 MHz (channel 1), and if I am very close to the transmitter (let's say that I am receiving at -30dBm), then I actually may be able to demodulate the frame. See the very entertaining IEEE paper "The Myth of Non-Overlapping Channels: Interference Measurements in IEEE 802.11" (Fuxjäger, Valerio, Ricciato).
I see this all the time. I even have it on my own WRT54G wireless router, running some DD-WRT mutation. I have two SSID's sharing the same wireless MAC address. This drives many wireless client nuts, especially cell phones and PDA's. I have several old wireless HP iPaq PDA's that will not see anything, unless I disable one of the SSID's. I have a fairly old Toshiblah something laptop on my bench today, that will see one of the SSID's, but not both, at the same time. Which one is apparently random. My jailbroken iPhone 5 is even stranger. Sometimes it sees both SSID's, sometimes neither, but never just one. Across the hallway, the neighbors old iMac G4 lampshade 10.3.9 can't see either SSID, but sees an identical router, running the same DD-WRT, but with only one SSID.
While it's possible that your specific problem might be the Dlink firmware (highly likely), especially if it's an old router, I've seen more problems with whatever is running the client wireless.
Oh, if you really need some entertaining, I have a wireless router which will not successfully negotiate a WPA-TKIP encryption exchange if the pass phrase is exactly 10 characters long, and is all numbers. There may be some other keys that don't work. The clients seem to think it's WEP, try to negotiate using WEP, and bomb.
Complaining to the manufacturers is futile as many such combinations are so hardware/software/version specific, that it's not worth their while to even report it, much less fix it.
Here is the guts of the kismet file with SSIDs deleted to protect the innocent.
--------------- Network 1 Manuf : BelkinInte Type : infrastructure Channel : 5 Frequency : 2432 - 10 packets, 100.00%
Network 2 Manuf : BelkinInte Type : infrastructure Channel : 5 Frequency : 2432 - 15 packets, 100.00%
Network 3: Manuf : D-Link Type : infrastructure Channel : 0 Frequency : 2412 - 781 packets, 65.52% Frequency : 2417 - 39 packets, 3.27% Frequency : 2422 - 242 packets, 20.30% Frequency : 2427 - 126 packets, 10.57% Frequency : 2432 - 2 packets, 0.17% Frequency : 2437 - 2 packets, 0.17%
Network 5 Manuf : Cisco Type : infrastructure Channel : 6 Frequency : 2422 - 63 packets, 2.24% Frequency : 2427 - 896 packets, 31.91% Frequency : 2432 - 37 packets, 1.32% Frequency : 2437 - 894 packets, 31.84% Frequency : 2442 - 75 packets, 2.67% Frequency : 2447 - 766 packets, 27.28% Frequency : 2452 - 77 packets, 2.74%
----------------------
I only listed infrastructure and not clients or devices that are probing.
Network 3 and network 5 are at the site. Network 5 is their private wifi. It shows up fine on my phone. Network 3 is the guest wifi. I can connect from my notebook but not my phone.
Networks 1 and 2 are nearby. Yeah, both on channel 5. The SSIDs are different. I guess nobody bothers to run the most cursory site survey these days.
Now getting back to network 3. It shows up as channel 0. From what I have seen of kismet output, channel 0 is just for some client "probing". Yet it seems to be doing traffic on a few channels and kismet does see it as infrastructure.
First, I have to wonder if kismet is working correctly. Look at network 5. Kismet believes it is using channel 6. The published lower limit of channel 6 is 2426, but kismet says 2422 was used. Similarly, the upper limit of channel 6 is 2448, but kismet saw 2452.
I guess the other obvious thing is this site has their wifi channels overlapping. Maybe network 3 is on channel 4.
just an aside, (ie have no idea of the tech reasons, nor if my assumptions make any sense) but have a regular wap/router for b/g stuff and a special one (with Double wide 40 mhz bands) for my file server.... dont use kismet, but my ipod sees both (wide one with no channels showing AND the regular b/g one) but my laptops only see the one normal b/g... just wondering if the other stuff shows up but no channel, cuz the bands are wider, any clue what happens if you use say a european wap/router that has more channels than us ones? What would kismet show?...
Kismet lists the country of the router. I have one for the Korean market near me. You would have to study the NTIA Redbook to determine the interference.
I never ran kismet on anything other than B/G. Most sites that have N run a mixed mode as far as I know.
Since there are stealth wifi systems, you really need to run kismet to know what is around you. It won't see analog signals such as wireless cameras. It has been my experience that wireless barcode scanners are usually stealth, so being near a store can be an issue.
Kismet is a relatively easy program to install. The repositiory version didn't work with my adpater, but the current rev was easy to compile from source. GPSD is another story. The repo version was plain broken. I found a RPM that worked. When I have the linux box booted, I'll do another post with the link.
So ... this AP is supposedly on channel 6 (2437 MHz) ... but according to your tool, it is also transmitting lots of packets at other frequencies, from 2422 (channel 3) up to 2452 (9).
So ... my assumtion is that this AP is beaconing in DSSS (1Mbps, I'll bet), not at a harder-to-decode rate like
11Mbps or 24Mbps.
I am also assuming that you are quite close to this AP.
So ... your tool is dwelling in these other channels, and is able to decode the beacons (or other low bit rate modulation transmissions), and so it imagines that these packets really are "on" these other channels.
That's just a theory of course. There are other, more exotic possible explanations, such as that the AP is actually going off channel once in a while and emitting packets.
(Which our APs *can* do, for example in lightweight mode they will go off channel once in a while and broadcast neighbor packets so that their neighboring APs can hear them ... also there's RLDP whereby an AP can go off channel, and act like a client in order to associate to a "rogue" AP, so that we can try to figure out where the rogue is.)
Again, if you're really curious what's going on, you'll do some sniffing and look at these mystery packets.
I think I will just ask them to move the router to channel 11 and hopefully that gets rid of the issue. I'd also suggest flashing the firmware, but non-technical people are loath to do such.
I know how to park kismet on a channel and then run wireshark. I did this years ago to sniff my own packets just to get an idea what a bad idea it is to run unencrypted. I really don't want to read the data on their open packets, but is there something else in the packet that is useful?
I guess I have to put that O'Reilly book on my amazon order to really understand what is going on. I would have guessed a beacon is always in the narrow bandwidth long distance mode, much like a modem handshake starts in low speed mode and then goes faster if conditions are favorable.
Yeah but not exactly. A beacon is just a data packet that is broadcast periodically. The beacons will typically (but not necessarily) be transmitted at a data rate significantly lower than the highest supported one - 1Mbps is frequently used in 2.4GHz. This is because you want devices at the cell edge to hear the beacons (and also because 802.11 broadcasts are not acknowledged, so it's smart to be conservative with your data rate.)
What is perhaps more analogous to the modem training that you're thinking of is how different parts of the 802.11 packet are modulated at different rates. Like, the preamble of a 54Mbps packet may be encoded at 1Mbps.
I dunno; I don't do "free ebooks". My hardbound hardcopy edition has the normal range of blank and printed pages, although I admit that it does contain some funny looking equations and graphs that I can't quite follow.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.