Closed LowSkillDeveloper closed 4 years ago
ZerBea
commented
5 years ago Please add the output of $ hcxdumptool -I and also the output of $ dmesg
BTW: iwconfig is deprecated and replaced by iw: https://www.tecmint.com/deprecated-linux-networking-commands-and-their-replacements/ since a long time: https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/
LowSkillDeveloper
commented
5 years ago This is on my RPi 4
[ 70.298075] usb 1-1.2: new high-speed USB device number 3 using xhci_hcd
[ 70.415148] usb 1-1.2: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 70.415185] usb 1-1.2: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 70.415209] usb 1-1.2: Product: UB93
[ 70.415229] usb 1-1.2: Manufacturer: ATHEROS
[ 70.415249] usb 1-1.2: SerialNumber: 12345
[ 70.585719] usb 1-1.2: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 70.586423] usbcore: registered new interface driver ath9k_htc
[ 70.889643] usb 1-1.2: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 71.150943] ath9k_htc 1-1.2:1.0: ath9k_htc: HTC initialized with 33 credits
[ 71.691657] ath9k_htc 1-1.2:1.0: ath9k_htc: FW Version: 1.4
[ 71.691692] ath9k_htc 1-1.2:1.0: FW RMW support: On
[ 71.691714] ath: EEPROM regdomain: 0x0
[ 71.691723] ath: EEPROM indicates default country code should be used
[ 71.691730] ath: doing EEPROM country->regdmn map search
[ 71.691742] ath: country maps to regdmn code: 0x3a
[ 71.691752] ath: Country alpha2 being used: US
[ 71.691760] ath: Regpair used: 0x3a
[ 71.726250] ieee80211 phy1: Atheros AR9271 Rev:1
[ 71.741112] brcmfmac: brcmf_cfg80211_reg_notifier: not an ISO3166 code (0x55 0x53)
[ 71.776636] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 72.351155] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 73.172598] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 73.266435] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 87.924297] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 87.942586] device wlan1 entered promiscuous mode
[ 157.529063] usb 1-1.2: USB disconnect, device number 3
[ 158.017334] ath: phy1: Timeout while waiting for nf to load: AR_PHY_AGC_CONTROL=0xa038160e
[ 158.028689] device wlan1 left promiscuous mode
[ 158.112001] usb 1-1.2: ath9k_htc: USB layer deinitialized
This is on my Virtualbox on PC
[ 55.542830] usb 1-2: new high-speed USB device number 3 using xhci_hcd
[ 55.908578] usb 1-2: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 55.908580] usb 1-2: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 55.908581] usb 1-2: Product: UB93
[ 55.908582] usb 1-2: Manufacturer: ATHEROS
[ 55.908583] usb 1-2: SerialNumber: 12345
[ 55.968620] usb 1-2: ath9k_htc: Firmware ath9k_htc/htc_9271-1.dev.0.fw requested
[ 55.968731] usbcore: registered new interface driver ath9k_htc
[ 55.970813] usb 1-2: firmware: direct-loading firmware ath9k_htc/htc_9271-1.dev.0.fw
[ 56.259048] usb 1-2: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.dev.0.fw, size: 51008
[ 56.512815] ath9k_htc 1-2:1.0: ath9k_htc: HTC initialized with 33 credits
[ 56.789472] ath9k_htc 1-2:1.0: ath9k_htc: FW Version: 1.4
[ 56.789474] ath9k_htc 1-2:1.0: FW RMW support: On
[ 56.789475] ath: EEPROM regdomain: 0x0
[ 56.789475] ath: EEPROM indicates default country code should be used
[ 56.789476] ath: doing EEPROM country->regdmn map search
[ 56.789476] ath: country maps to regdmn code: 0x3a
[ 56.789477] ath: Country alpha2 being used: US
[ 56.789477] ath: Regpair used: 0x3a
[ 56.796614] ieee80211 phy0: Atheros AR9271 Rev:1
[ 87.158832] device wlan0 entered promiscuous mode
[ 90.710576] ath: phy0: Unable to set channel
[ 132.137724] usb 1-2: USB disconnect, device number 3
[ 132.249860] device wlan0 left promiscuous mode
[ 132.307754] usb 1-2: ath9k_htc: USB layer deinitialized
I tried another adapter on same chipset. And this not works. but wifite and bettercap works fine.
And if you start hcxdumptool first, and then even if you manage to stop it, then wifite, etc. Do not see anymore networks. This also applies to hcxdumptool. At the first start, it shows several PROBE RESPONSE. The next one has nothing at all.
LowSkillDeveloper
commented
5 years ago hcxdumptool 5.2.2 works fine.
ZerBea
commented
5 years ago Thanks for the information. dmesg show you two driver errors
first one from here: https://github.com/ZerBea/hcxdumptool/issues/80#issuecomment-560548942: [ 87.942586] device wlan1 entered promiscuous mode [ 157.529063] usb 1-1.2: USB disconnect, device number 3 [ 158.017334] ath: phy1: Timeout while waiting for nf to load: AR_PHY_AGC_CONTROL=0xa038160e [ 158.028689] device wlan1 left promiscuous mode
second one from here: https://github.com/ZerBea/hcxdumptool/issues/80#issuecomment-560549179 [ 87.158832] device wlan0 entered promiscuous mode [ 90.710576] ath: phy0: Unable to set channel [ 132.137724] usb 1-2: USB disconnect, device number 3 [ 132.249860] device wlan0 left promiscuous mode
Make sure that NetworkManager doesn't have access to the device. hcxdumptool showed you a warning that it interfers with NetworkManager. We are not able to set a channel, because NetworkManager will prevent this [ 90.710576] ath: phy0: Unable to set channel
Read more about how to prevent this, here: How can I make NetworkManager ignore my wireless card? https://askubuntu.com/questions/21914/how-can-i-make-networkmanager-ignore-my-wireless-card
The other issue is already reported on kernel.org: https://bugzilla.kernel.org/show_bug.cgi?id=198701 and we have to wait for a fix.
ZerBea
commented
5 years ago Here are my logs (NetworkManager doesn't have access to the device): $ hcxdumptool -v hcxdumptool 6.0.0 (C) 2019 ZeroBeat
$ hcxdumptool -I wlan interfaces: f81a67077d0e wlp39s0f3u3u1u2 (ath9k_htc)
dmesg log: [18802.485520] usb 5-3.1.2: new high-speed USB device number 7 using xhci_hcd [18802.695446] usb 5-3.1.2: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [18802.695451] usb 5-3.1.2: New USB device strings: Mfr=16, Product=32, SerialNumber=48 [18802.695454] usb 5-3.1.2: Product: USB2.0 WLAN [18802.695457] usb 5-3.1.2: Manufacturer: ATHEROS [18802.695459] usb 5-3.1.2: SerialNumber: 12345 [18802.888604] usb 5-3.1.2: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [18802.888663] usbcore: registered new interface driver ath9k_htc [18803.180475] usb 5-3.1.2: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [18803.430744] ath9k_htc 5-3.1.2:1.0: ath9k_htc: HTC initialized with 33 credits [18803.660868] ath9k_htc 5-3.1.2:1.0: ath9k_htc: FW Version: 1.4 [18803.660872] ath9k_htc 5-3.1.2:1.0: FW RMW support: On [18803.660874] ath: EEPROM regdomain: 0x809c [18803.660875] ath: EEPROM indicates we should expect a country code [18803.660876] ath: doing EEPROM country->regdmn map search [18803.660877] ath: country maps to regdmn code: 0x52 [18803.660879] ath: Country alpha2 being used: CN [18803.660880] ath: Regpair used: 0x52 [18803.664696] ieee80211 phy3: Atheros AR9271 Rev:1 [18803.667298] ath9k_htc 5-3.1.2:1.0 wlp39s0f3u3u1u2: renamed from wlan0 [18803.673533] audit: type=1130 audit(1575322972.184:419): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [19082.951881] device wlp39s0f3u3u1u2 entered promiscuous mode [19082.951967] audit: type=1700 audit(1575323251.467:425): dev=wlp39s0f3u3u1u2 prom=256 old_prom=0 auid=1000 uid=0 gid=0 ses=2 [19096.731559] device wlp39s0f3u3u1u2 left promiscuous mode
and hcxdumptool works like expected - until I get hit by the driver issue.
BTW This caused the freeze: "Timeout while waiting for nf to load: AR_PHY_AGC_CONTROL" Just do a google search and you will find many, many issue reports.
LowSkillDeveloper
commented
5 years ago Okay, as I understand, we can only wait for the driver will be fixed?
And I recently ordered myself a Ralink RT3070. It will work fine with him?
ZerBea
commented
5 years ago If you "blacklisted" the device by "NetworkManager config" and the driver issue is still present, we must wait for the kernel driver fix.
The RT3070 uses the rt2800usb driver. It will work fine if you make sure that NetworkManager can't access the device (by adding the device mac to NetworkManager config). It will not work if you connect the device to an USB3 port especially on an AMD RYZEN motherboard. In that case you will run into this kernel issue (not fixed, yet): https://bugzilla.kernel.org/show_bug.cgi?id=202541
Here is an example of this issue: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter dmesg log: [ 43.907984] usb 1-2: new high-speed USB device number 6 using xhci_hcd [ 44.064919] usb 1-2: New USB device found, idVendor=148f, idProduct=3070, bcdDevice= 1.01 [ 44.064928] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.064934] usb 1-2: Product: 802.11 n WLAN [ 44.064940] usb 1-2: Manufacturer: Ralink [ 44.064944] usb 1-2: SerialNumber: 1.0 [ 44.725138] usb 1-2: reset high-speed USB device number 6 using xhci_hcd [ 44.876642] ieee80211 phy1: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected [ 44.893423] ieee80211 phy1: rt2x00_set_rf: Info - RF chipset 0005 detected [ 44.894231] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht' [ 44.904724] usbcore: registered new interface driver rt2800usb [ 44.958162] audit: type=1130 audit(1575358746.711:35): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [ 45.025041] rt2800usb 1-2:1.0 wlp0s20f0u2: renamed from wlan0 [ 45.092238] ieee80211 phy1: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin' [ 45.126266] ieee80211 phy1: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.36 [ 45.435450] ieee80211 phy1: rt2x00usb_vendor_request: Error - Vendor Request 0x06 failed for offset 0x0404 with error -71 [ 46.467853] ieee80211 phy1: rt2800_wait_csr_ready: Error - Unstable hardware [ 46.467866] ieee80211 phy1: rt2800usb_set_device_state: Error - Device failed to enter state 4 (-5)
The same device, connected to an USB2 port of the same notebook is working fine: [ 1839.849738] usb 1-3: new high-speed USB device number 9 using xhci_hcd [ 1840.008305] usb 1-3: New USB device found, idVendor=148f, idProduct=3070, bcdDevice= 1.01 [ 1840.008315] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1840.008321] usb 1-3: Product: 802.11 n WLAN [ 1840.008326] usb 1-3: Manufacturer: Ralink [ 1840.008331] usb 1-3: SerialNumber: 1.0 [ 1840.137020] usb 1-3: reset high-speed USB device number 9 using xhci_hcd [ 1840.288016] ieee80211 phy4: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected [ 1840.300254] ieee80211 phy4: rt2x00_set_rf: Info - RF chipset 0005 detected [ 1840.300882] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' [ 1840.321054] rt2800usb 1-3:1.0 wlp0s20f0u3: renamed from wlan0 [ 1869.514883] ieee80211 phy4: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin' [ 1869.514906] ieee80211 phy4: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.36 [ 1869.769893] device wlp0s20f0u3 entered promiscuous mode [ 1869.770056] audit: type=1700 audit(1575360571.519:168): dev=wlp0s20f0u3 prom=256 old_prom=0 auid=1000 uid=0 gid=0 ses=2 [ 1876.139841] device wlp0s20f0u3 left promiscuous mode [ 1876.139872] audit: type=1700 audit(1575360577.889:169): dev=wlp0s20f0u3 prom=0 old_prom=256 auid=1000 uid=0 gid=0 ses=2 [ 1876.161908] audit: type=1106 audit(1575360577.909:170): pid=1404 uid=0 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
As of today and kernel 5.3.13 most of the drivers are not(!) working out of the box due to several driver issues (especially under heavy workload), depending on the hardware configuration (e.g. USB3, VENDOR). Or they don't support monitor mode. If issues are reported on https://bugzilla.kernel.org and/or https://github.com/openwrt/mt76/issues and for rtl8812au on https://github.com/aircrack-ng/rtl8812au/issues
Some of them are fixed in latest kernel versions: https://bugzilla.kernel.org/show_bug.cgi?id=202241 https://bugzilla.kernel.org/show_bug.cgi?id=202243 https://bugzilla.kernel.org/show_bug.cgi?id=205305 https://github.com/openwrt/mt76/issues/216#issuecomment-500999516 but many, many of them are still unfixed.
It it is very fragile and really hard work to get a driver working like expected (monitor mode inclusive full packet injection). A single update/commit can destroy the driver. Here is a good example https://github.com/aircrack-ng/rtl8812au/issues/499
That is the reason, why I removed several adapters (formerly known as working) from the list of working devices: https://github.com/ZerBea/hcxdumptool/wiki/WiFi-Adapters
ZerBea
commented
5 years ago Some words about tx power, beside this ones here: https://metis.fi/en/2017/10/txpower/
It is a fairytale that increasing tx power will lead to more results! https://en.wikipedia.org/wiki/DBm "A power level of 0 dBm corresponds to a power of 1 milliwatt. A 10 dB increase in level is equivalent to a 10-fold increase in power. A 3 dB increase in level is approximately equivalent to doubling the power, which means that a level of 3 dBm corresponds roughly to a power of 2 mW. Similarly, for each 3 dB decrease in level, the power is reduced by about one half, making −3 dBm correspond to a power of about 0.5 mW. "
A good antenna is the best hf amplifier: https://www.arrl.org/files/file/Technology/tis/info/pdf/9811054.pdf
Increasing tx power will make the signal crappy! A spectrum analyzer will show you this.
... and thousands of more good reasons.
ZerBea
commented
4 years ago Just compiled kernel 5.4 and the driver issue is still present: $ uname -r 5.4.1-arch1-1
$ lsusb ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n
$ hcxdumptool -I wlan interfaces: f81a67077d0e wlp3s0f0u2 (ath9k_htc)
$ dmesg [ 1907.925136] usb 1-2: new high-speed USB device number 5 using xhci_hcd [ 1908.182905] usb 1-2: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1908.182910] usb 1-2: New USB device strings: Mfr=16, Product=32, SerialNumber=48 [ 1908.182912] usb 1-2: Product: USB2.0 WLAN [ 1908.182914] usb 1-2: Manufacturer: ATHEROS [ 1908.182916] usb 1-2: SerialNumber: 12345 [ 1908.320074] usb 1-2: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1908.320126] usbcore: registered new interface driver ath9k_htc [ 1909.396039] usb 1-2: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1909.646042] ath9k_htc 1-2:1.0: ath9k_htc: HTC initialized with 33 credits [ 1909.873443] ath9k_htc 1-2:1.0: ath9k_htc: FW Version: 1.4 [ 1909.873446] ath9k_htc 1-2:1.0: FW RMW support: On [ 1909.873448] ath: EEPROM regdomain: 0x809c [ 1909.873449] ath: EEPROM indicates we should expect a country code [ 1909.873450] ath: doing EEPROM country->regdmn map search [ 1909.873451] ath: country maps to regdmn code: 0x52 [ 1909.873453] ath: Country alpha2 being used: CN [ 1909.873454] ath: Regpair used: 0x52 [ 1909.877347] ieee80211 phy0: Atheros AR9271 Rev:1 [ 1909.879935] ath9k_htc 1-2:1.0 wlp3s0f0u2: renamed from wlan0 [ 2010.097396] device wlp3s0f0u2 entered promiscuous mode The device entered promiscuous mode until we get hit by the xhci issue. At this point, sometimes after receiving a few packets, the device stops working. [ 2135.948226] device wlp3s0f0u2 left promiscuous mode [ 2138.758824] usb 1-2: USB disconnect, device number 5 [ 2138.759204] xhci_hcd 0000:03:00.0: WARN Set TR Deq Ptr cmd failed due to incorrect slot or ep state. [ 2138.759316] xhci_hcd 0000:03:00.0: WARN Set TR Deq Ptr cmd failed due to incorrect slot or ep state. [ 2138.850646] audit: type=1130 audit(1575446536.167:90): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [ 2138.882373] usb 1-2: ath9k_htc: USB layer deinitialized
Unfortunately 5.4 is a LTS kernel.
strasharo
commented
4 years ago Any distro which has a non-buggy/fixed kernel by default currently?
ZerBea
commented
4 years ago I don't suppose. Not even Arch (rolling release) has a fix. Unfortunately some of this issues are difficult to prove. I'm hunting for the cause of that xhci issue for several weeks - without success. There is no warning and no error message. And if we have a warning or an error message it is different from time to time. So we have to wait.... https://bugzilla.kernel.org/show_bug.cgi?id=202541#c102
strasharo
commented
4 years ago Which is the latest kernel without the issue, 4.19 ?
ZerBea
commented
4 years ago 4.19.86 is running fine here: https://archlinuxarm.org/packages/armv7h/linux-raspberrypi as well as https://www.archlinux.org/packages/core/x86_64/linux-lts/ Unfortunately 5.4.2 provides some nice features, I do not want to miss.
ZerBea
commented
4 years ago Looks like we can expect an ath9k_htc fix on kernel 5.5. Two patches are merged: https://bugzilla.kernel.org/show_bug.cgi?id=198701#c5 If it works like expected, we can expect that both patches are ported back to LTS-Kernels.
ZerBea
commented
4 years ago I can reproduce that freeze: https://hashcat.net/forum/thread-6661-post-47168.html#pid47168
Possible fix for that kernel issue: (another two patches commited): https://hashcat.net/forum/thread-6661-post-47187.html#pid47187
ZerBea
commented
4 years ago Now removed TP-LINK TL-WN722N v1 from the "device known as working list" due to driver issues. https://github.com/ZerBea/hcxdumptool/commit/ca98009709424a9ea3eb8f7633efa33b9b0fec2c
gonzabrusco
commented
4 years ago Hello. This happened to me with latest Kali 2020.3. But when I updated to the kernel 5.8 it stopped happening. Maybe this got fixed?
ZerBea
commented
4 years ago @gonzabrusco hello. That depend on the driver. Unfortunately 99% of all reported issues are related to KALI, the driver or the firmware, eg.: https://bugzilla.kernel.org/show_bug.cgi?id=207397
Please comment output of $ hcxdumptool -I $ sudo hcxdumptool --check_driver $ sudo hcxdumptool --check_injection $ dmesg (all lines after you plugged in the device and start hcxdumptool) Maybe we can find out, what changed (especially dmesg log will tell us this).
BTW Kernel 5.8 reached EOL: https://www.kernel.org/
gonzabrusco
commented
4 years ago kali@kali:~$ uname -r
5.8.0-kali3-amd64
kali@kali:~$ sudo hcxdumptool -I
wlan interfaces:
e8de27a11847 wlan0 (ath9k_htc)
kali@kali:~$ sudo hcxdumptool -i wlan0 --check_driver
initialization...
starting driver test...
driver tests passed...
all required ioctl() system calls are supported by driver
terminating...
kali@kali:~$ sudo hcxdumptool -i wlan0 --check_injection
initialization...
starting packet injection test (that can take up to two minutes)...
packet injection is working!
terminating...
DMESG OUTPUT:
[ 41.393598] usb 1-1: new high-speed USB device number 2 using ehci-pci
[ 41.767035] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 41.767042] usb 1-1: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 41.767047] usb 1-1: Product: USB2.0 WLAN
[ 41.767050] usb 1-1: Manufacturer: ATHEROS
[ 41.767052] usb 1-1: SerialNumber: 12345
[ 41.829607] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 41.830094] cfg80211: Loaded X.509 cert 'benh@debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf'
[ 41.830539] cfg80211: Loaded X.509 cert 'romain.perier@gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328'
[ 41.830981] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 41.832367] platform regulatory.0: firmware: direct-loading firmware regulatory.db
[ 41.832590] platform regulatory.0: firmware: direct-loading firmware regulatory.db.p7s
[ 41.875475] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 41.877637] usbcore: registered new interface driver ath9k_htc
[ 41.877675] usb 1-1: firmware: direct-loading firmware ath9k_htc/htc_9271-1.4.0.fw
[ 42.178778] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 42.449469] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[ 43.218798] ath9k_htc 1-1:1.0: ath9k_htc: FW Version: 1.4
[ 43.218803] ath9k_htc 1-1:1.0: FW RMW support: On
[ 43.218807] ath: EEPROM regdomain: 0x809c
[ 43.218808] ath: EEPROM indicates we should expect a country code
[ 43.218810] ath: doing EEPROM country->regdmn map search
[ 43.218812] ath: country maps to regdmn code: 0x52
[ 43.218814] ath: Country alpha2 being used: CN
[ 43.218815] ath: Regpair used: 0x52
[ 43.264732] ieee80211 phy0: Atheros AR9271 Rev:1
[ 84.840218] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 84.869244] device wlan0 entered promiscuous mode
[ 86.424281] device wlan0 left promiscuous mode
[ 120.001071] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 120.012694] device wlan0 entered promiscuous mode
[ 135.274403] device wlan0 left promiscuous modeGreat, thanks. Everything is looking fine, now. Driver test and injection test passing without issues. Firmware loaded without issues: 1.4.0.fw Regdomain is set to CN Device is going into monitor mode: device wlan0 entered promiscuous mode Device is leaving monitor mode when hcxdumptool finished: device wlan0 left promiscuous mode Looks like the issues are fixed by kernel >= 5.8
ZerBea
commented
4 years ago After some tests on
$ uname -r
5.9.3-arch1-1I still can't recommend an ath9k_htc interface. We are running into a kernel issue that caused the driver after a while to freeze:
[ 6326.578280] usb 1-2: Product: USB2.0 WLAN
[ 6326.578282] usb 1-2: Manufacturer: ATHEROS
[ 6326.578284] usb 1-2: SerialNumber: 12345
[ 6326.718208] usb 1-2: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 6326.718261] usbcore: registered new interface driver ath9k_htc
[ 6327.794881] usb 1-2: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 6328.044267] ath9k_htc 1-2:1.0: ath9k_htc: HTC initialized with 33 credits
[ 6328.280918] ath9k_htc 1-2:1.0: ath9k_htc: FW Version: 1.4
[ 6328.280921] ath9k_htc 1-2:1.0: FW RMW support: On
[ 6328.280922] ath: EEPROM regdomain: 0x809c
[ 6328.280923] ath: EEPROM indicates we should expect a country code
[ 6328.280924] ath: doing EEPROM country->regdmn map search
[ 6328.280925] ath: country maps to regdmn code: 0x52
[ 6328.280926] ath: Country alpha2 being used: CN
[ 6328.280926] ath: Regpair used: 0x52
[ 6328.284655] ieee80211 phy0: Atheros AR9271 Rev:1
[ 6328.288461] ath9k_htc 1-2:1.0 wlp3s0f0u2: renamed from wlan0
...
[ 6344.644087] device wlp3s0f0u2 entered promiscuous mode
...
[ 6488.849536] xhci_hcd 0000:03:00.0: WARN Set TR Deq Ptr cmd failed due to incorrect slot or ep state.
[ 6488.849711] xhci_hcd 0000:03:00.0: WARN Set TR Deq Ptr cmd failed due to incorrect slot or ep state.
[ 6488.850873] xhci_hcd 0000:03:00.0: WARN Set TR Deq Ptr cmd failed due to incorrect slot or ep state.
[ 6489.171580] device wlp3s0f0u2 left promiscuous modeThis is a known issue and it is still unfixed: https://bugzilla.kernel.org/show_bug.cgi?id=202541
gonzabrusco
commented
4 years ago Fair enough. But reading the link you sent I come to the conclusion that this bug is not related to this adapter in particular. It seems like a bigger problem affecting several devices.
ZerBea
commented
4 years ago Yes, you're right. That is an xhci (USB host) issue and it affect several devices. The ath9k issue (driver and firmware) seems to be solved.
gonzabrusco
commented
3 years ago Can I run hcxdumptool with kernel 4.19 ? To avoid xhci errors...
ZerBea
commented
3 years ago There is no "general" answer. That depend on the chipset of the USB controller and the chipset of the WiFi device. Some are working, others not.
e.g.:
this one is not working:
USB controller: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller in combination with ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
while this one is working:
USB controller: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller in combination with ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
and this one is working:
USB controller: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller in combination with ID 7392:7710 Edimax Technology Co., Ltd Edimax Wi-Fi
while this one is not working on a Raspberry PI:
ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]
I prefer MT76 and RT2870/RT3070 chipsets, because they are working on all my systems (Desktop, Notebook and Raspberry PI "out of the box".
ZerBea
commented
3 years ago And to make it clear: We are talking about kernel issues. There is no workaround for hcxdumptool to prevent this issue.
gonzabrusco
commented
3 years ago I understand. My question was oriented to the workings of hcxdumptool. Is it compatible with Kernel 4.19? Because on the main readme you specify 5.4. Will it compile anyway? Thanks
ZerBea
commented
3 years ago Ok, now I understand, too. Please forgive me. I'm old and my brain is a little bit slow. Kernel 4.19 LTS is working fine - but you should know that some new drivers (and features) are not backported, yet. Running new hardware, it is not a good idea to use an older kernel. Luckily 5.10 was released today. It will be the new LTS kernel and I expect to see it on Arch Linux, soon. That include Arch Linux Arm - RaspBerry PI.
ZerBea
commented
3 years ago In README.md I mentioned 5.4, because it is the first kernel with working mt76x0 drivers.
gonzabrusco
commented
3 years ago Thanks @ZerBea Can you help me debug what's happening on my end? Because it seems something is crashing but I don't know what. Dmesg and hcxdumptool stop responding after some minutes. Nevertheless check_injection and check_driver work perfectly. I'm using latest Kali on top VMware with TP-LINK TL-WN722N v1. Don't think it a software problem because I can run airodump all night long and it does not crash.
ZerBea
commented
3 years ago First of all: you can't compare airodump-ng with hcxdumptool because airodump-ng is passive (doesn't transmit) and hcxdumptool is active (transmit).
To identify the issue open 2 terminals. Than plug in your the TP-LINK TL-WN722N v1 Now start hcxdumptool in terminal 1: $ hcxdumptool -i your_interface --enable_status=15 if hcxdumptool stops working run dmesg in terminal 2: $ dmesg
We only need the line from dmesg log after you plugged in the device. Output looks like this:
[15767.473292] usb 5-1.4: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[15767.724426] ath9k_htc 5-1.4:1.0: ath9k_htc: HTC initialized with 33 credits
[15767.953920] ath9k_htc 5-1.4:1.0: ath9k_htc: FW Version: 1.4
[15767.953923] ath9k_htc 5-1.4:1.0: FW RMW support: On
[15767.953924] ath: EEPROM regdomain: 0x809c
[15767.953925] ath: EEPROM indicates we should expect a country code
[15767.953926] ath: doing EEPROM country->regdmn map search
[15767.953927] ath: country maps to regdmn code: 0x52
[15767.953928] ath: Country alpha2 being used: CN
[15767.953929] ath: Regpair used: 0x52
[15767.957699] ieee80211 phy0: Atheros AR9271 Rev:1
[15767.967033] ath9k_htc 5-1.4:1.0 wlp39s0f3u1u4: renamed from wlan0
...
[15944.530389] device wlp39s0f3u1u4 entered promiscuous mode <---<< at this point hcxdumptool is going into monitor mode
...
[15944.548822] device wlp39s0f3u1u4 left promiscuous mode <---<< at this point hcxdumptool left monitor mode
...The lines between "entered promiscuous mode" and "left promiscuous mode" are important, because they tell us what happened.
gonzabrusco
commented
3 years ago The problem is that when hcxdumptool stops working, DMESG also stops responding. I have to eject the TL-WN722 to make it work again. I'm using latest version of hcxdumptool compiled from the github.
This is the result (It freezes and I have to pull the usb wifi adapter at the end):
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo hcxdumptool -i wlan0 --check_injection 1 ⨯
initialization...
starting packet injection test (that can take up to two minutes)...
packet injection is working!
ratio: 217 to 117
terminating...
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo hcxdumptool -i wlan0 --check_driver
initialization...
starting driver test...
driver tests passed...
all required ioctl() system calls are supported by driver
terminating...
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo hcxdumptool -o dump.pcapng -i wlan0 --enable_status=15 1 ⨯
initialization...
start capturing (stop with ctrl+c)
NMEA 0183 SENTENCE........: N/A
INTERFACE NAME............: wlan0
INTERFACE HARDWARE MAC....: e8de27a11847
DRIVER....................: ath9k_htc
DRIVER VERSION............: 5.9.0-kali1-amd64
DRIVER FIRMWARE VERSION...: 1.4
openSSL version...........: 1.1
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 001761182dd7 (BROADCAST HIDDEN)
ACCESS POINT (ROGUE)......: 001761182dd8 (BROADCAST OPEN)
ACCESS POINT (ROGUE)......: 001761182dd9 (incremented on every new client)
CLIENT (ROGUE)............: b025aa9831d0
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 65489
ANONCE....................: a3d387c6f33fe998fcc99fe6816a7a7dd43570dbc5a1d45c2e259d012e2a9447
SNONCE....................: aa1620fe493d39abf3d377b3a18ba91fd0db7c641bb0b951a5cd8b1f6ba827e8
08:36:19 1 ffffffffffff 28be9b9e170f Carilo A9 [BEACON]
08:36:19 1 ffffffffffff 24a43ca00dee CARILO_HOUSE [BEACON]
08:36:19 1 ffffffffffff 922aa8b3bfb2 [HIDDEN BEACON]
08:36:19 1 ffffffffffff 6014b39a4a60 Fibertel WiFi187 2.4GHz [BEACON]
08:36:19 1 ffffffffffff 822aa8b3bfb2 Seabreeze [BEACON]
08:36:19 1 ffffffffffff 788a2024420d Edificio Playas [BEACON]
08:36:19 1 ffffffffffff 14cc20b54db3 Renata 2.4GHz [BEACON]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [PROBERESPONSE]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [AUTHENTICATION]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [REASSOCIATION]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M2M3 EAPOLTIME:1687 RC:2 KDV:2]
08:36:19 1 ffffffffffff 6014b3d7d3d0 Fibertel WiFi935 2.4GHz [BEACON]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M1M2 EAPOLTIME:786 RC:1 KDV:2]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M2M3 EAPOLTIME:2499 RC:2 KDV:2]
08:36:19 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M3M4ZEROED EAPOLTIME:684 RC:2 KDV:2]
08:36:19 1 ffffffffffff ac84c6b3e988 Torrecillas VII [BEACON]
08:36:19 1 ffffffffffff ac84c6b3c642 Torre Dptos 8 y 9 [BEACON]
08:36:19 1 ffffffffffff 68ff7b5a8936 laposta wifi [BEACON]
08:36:20 6 ffffffffffff a4526f120184 CariloHouseC7 [BEACON]
08:36:20 6 ffffffffffff 98dac43b5b90 La Galeria Frida [BEACON]
08:36:20 6 ffffffffffff f4c114ae13f8 Los Maquez [BEACON]
08:36:20 6 02257cf15ead a4526f120184 CariloHouseC7 [PROBERESPONSE]
08:36:20 6 02257cf15ead 98dac43b5b90 La Galeria Frida [PROBERESPONSE]
08:36:23 6 dc9fdb3403d0 6014b39a4a60 Fibertel WiFi187 2.4GHz [PROBERESPONSE]
08:36:24 11 ffffffffffff ac84c6b3c76a Torrecillas IV [BEACON]
08:36:24 11 ffffffffffff 6872513abca8 CARILO_HOUSE [BEACON]
08:36:24 11 ffffffffffff 6872513abd1d CARILO_HOUSE [BEACON]
08:36:24 11 ffffffffffff c0ffd49b7286 Fibertel C9 Netgear [BEACON]
08:36:25 11 ffffffffffff 00156d9ee135 CARILO_HOUSE [BEACON]
08:36:25 11 ffffffffffff 00156d102436 Torrecillas [BEACON]
08:36:25 11 ffffffffffff 6872513abc24 CARILO_HOUSE [BEACON]
08:36:26 11 ffffffffffff b0fc3686f570 Fibertel DRI C9 [BEACON]
08:36:27 11 0022fe016108 6872513abc24 CARILO_HOUSE [PROBERESPONSE]
08:36:37 1 ffffffffffff 10feed0d32c2 Lemuhue WFPatio [BEACON]
08:36:37 1 ffffffffffff 00026f618b25 LemuhueWF [BEACON]
08:36:37 1 ffffffffffff 90671c865ee4 ARNET DRI [BEACON]
08:36:41 6 12abff4f1da9 c025e93360f2 La Galeria Admin [PROBERESPONSE]
08:36:44 11 ffffffffffff 7483c2342926 Edificio Playas [BEACON]
08:36:45 11 dc9fdb3403d0 ac84c6b3c76a Torrecillas IV [PROBERESPONSE]
08:36:45 11 9afbada0c9da 822aa8b3bfb2 Seabreeze [PROBERESPONSE]
08:36:45 11 fca621838ddb 00156d102436 Torrecillas [PROBERESPONSE]
08:36:47 11 3c0518642748 c0ffd49b7286 Fibertel C9 Netgear [PROBERESPONSE]
failed to read packet: Network is down
^C
terminating...
failed to get interface information: No such device
failed to set interface down: No such device
failed to restore old SIOCSIWMODE: No such device
failed to restore old SIOCSIFFLAGS and to bring interface up: No such deviceThis is the dmesg (after pulling the usb wifi adapter):
[ 149.634346] usb 1-1: new high-speed USB device number 2 using ehci-pci
[ 150.117163] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 150.117169] usb 1-1: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 150.117173] usb 1-1: Product: USB2.0 WLAN
[ 150.117175] usb 1-1: Manufacturer: ATHEROS
[ 150.117178] usb 1-1: SerialNumber: 12345
[ 150.194707] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 150.194985] cfg80211: Loaded X.509 cert 'benh@debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf'
[ 150.195243] cfg80211: Loaded X.509 cert 'romain.perier@gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328'
[ 150.195498] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 150.197188] platform regulatory.0: firmware: direct-loading firmware regulatory.db
[ 150.197489] platform regulatory.0: firmware: direct-loading firmware regulatory.db.p7s
[ 150.235337] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 150.236606] usbcore: registered new interface driver ath9k_htc
[ 150.236742] usb 1-1: firmware: direct-loading firmware ath9k_htc/htc_9271-1.4.0.fw
[ 150.652106] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 150.936301] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[ 152.284272] ath9k_htc 1-1:1.0: ath9k_htc: FW Version: 1.4
[ 152.284277] ath9k_htc 1-1:1.0: FW RMW support: On
[ 152.284281] ath: EEPROM regdomain: 0x809c
[ 152.284282] ath: EEPROM indicates we should expect a country code
[ 152.284284] ath: doing EEPROM country->regdmn map search
[ 152.284285] ath: country maps to regdmn code: 0x52
[ 152.284288] ath: Country alpha2 being used: CN
[ 152.284289] ath: Regpair used: 0x52
[ 152.326759] ieee80211 phy0: Atheros AR9271 Rev:1
[ 177.967183] device wlan0 entered promiscuous mode
[ 201.745498] device wlan0 left promiscuous mode
[ 217.211528] device wlan0 entered promiscuous mode
[ 217.885467] device wlan0 left promiscuous mode
[ 241.211218] device wlan0 entered promiscuous mode
[ 291.270322] ath: phy0: Unable to set channel
[ 416.400041] usb 1-1: USB disconnect, device number 2
[ 416.722291] ath: phy0: Chip reset failed
[ 416.722295] ath: phy0: Unable to reset channel (2437 Mhz) reset status -22
[ 416.722398] ath: phy0: Unable to set channel
[ 416.727415] device wlan0 left promiscuous modeLooks like the problem is "ath: phy0: Unable to set channel"
ZerBea
commented
3 years ago Something disconnect your USB device permanently and hcxdumptool retry to set monitor mode
[ 177.967183] device wlan0 entered promiscuous mode
[ 201.745498] device wlan0 left promiscuous mode
[ 217.211528] device wlan0 entered promiscuous mode
[ 217.885467] device wlan0 left promiscuous mode
[ 241.211218] device wlan0 entered promiscuous modeAt least hcxdumptool give up and print an error message that your network went down.
Now you have to find out, what exactly disconnect your USB device. I assume it is your VM or a tool which take access to the device.
gonzabrusco
commented
3 years ago Those are because I run the check_driver and check_injection before running your command.
gonzabrusco
commented
3 years ago This is the result again without running those commands before:
[ 136.376382] usb 1-1: new high-speed USB device number 2 using ehci-pci
[ 136.759571] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 136.759573] usb 1-1: New USB device strings: Mfr=16, Product=32, SerialNumber=48
[ 136.759575] usb 1-1: Product: USB2.0 WLAN
[ 136.759576] usb 1-1: Manufacturer: ATHEROS
[ 136.759576] usb 1-1: SerialNumber: 12345
[ 136.791615] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 136.791846] cfg80211: Loaded X.509 cert 'benh@debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf'
[ 136.792011] cfg80211: Loaded X.509 cert 'romain.perier@gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328'
[ 136.792155] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 136.792976] platform regulatory.0: firmware: direct-loading firmware regulatory.db
[ 136.793179] platform regulatory.0: firmware: direct-loading firmware regulatory.db.p7s
[ 136.821121] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 136.821455] usbcore: registered new interface driver ath9k_htc
[ 136.822221] usb 1-1: firmware: direct-loading firmware ath9k_htc/htc_9271-1.4.0.fw
[ 137.147884] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 137.429543] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[ 138.526682] ath9k_htc 1-1:1.0: ath9k_htc: FW Version: 1.4
[ 138.526686] ath9k_htc 1-1:1.0: FW RMW support: On
[ 138.526690] ath: EEPROM regdomain: 0x809c
[ 138.526691] ath: EEPROM indicates we should expect a country code
[ 138.526693] ath: doing EEPROM country->regdmn map search
[ 138.526694] ath: country maps to regdmn code: 0x52
[ 138.526697] ath: Country alpha2 being used: CN
[ 138.526698] ath: Regpair used: 0x52
[ 138.558945] ieee80211 phy0: Atheros AR9271 Rev:1
[ 161.020664] device wlan0 entered promiscuous mode
[ 431.116346] usb 1-1: USB disconnect, device number 2
[ 431.534080] device wlan0 left promiscuous mode
[ 431.591706] usb 1-1: ath9k_htc: USB layer deinitialized
┌──(kali㉿kali)-[~]
└─$ sudo hcxdumptool -o dump.pcapng -i wlan0 --enable_status=15
initialization...
start capturing (stop with ctrl+c)
NMEA 0183 SENTENCE........: N/A
INTERFACE NAME............: wlan0
INTERFACE HARDWARE MAC....: e8de27a11847
DRIVER....................: ath9k_htc
DRIVER VERSION............: 5.9.0-kali1-amd64
DRIVER FIRMWARE VERSION...: 1.4
openSSL version...........: 1.1
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 706f8122668f (BROADCAST HIDDEN)
ACCESS POINT (ROGUE)......: 706f81226690 (BROADCAST OPEN)
ACCESS POINT (ROGUE)......: 706f81226691 (incremented on every new client)
CLIENT (ROGUE)............: fcc233d3e44b
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 62538
ANONCE....................: 4cf03b79e5c90c168da58cf61f792037259a26b65d8b668ddfdb6fc205683993
SNONCE....................: 282dfed6c87e65a43ee73dd6335a7d6da7df930c80e821f3b26c520e3c269f5e
08:52:43 1 ffffffffffff 6014b3d7d3d0 Fibertel WiFi935 2.4GHz [BEACON]
08:52:43 1 ffffffffffff 28be9b9e170f Carilo A9 [BEACON]
08:52:43 1 ffffffffffff 6872513abd1d CARILO_HOUSE [BEACON]
08:52:43 1 ffffffffffff b0fc3686f570 Fibertel DRI C9 [BEACON]
08:52:43 1 ffffffffffff c025e9efa246 TP-LINK_A246 [BEACON]
08:52:43 1 ffffffffffff 00156d9ee135 CARILO_HOUSE [BEACON]
08:52:43 1 ffffffffffff 14cc20b54db3 Renata 2.4GHz [BEACON]
08:52:43 1 ffffffffffff 90671c865ee4 ARNET DRI [BEACON]
08:52:43 1 e43ed78aca9b 14cc20b54db3 Renata 2.4GHz [PROBERESPONSE]
08:52:43 1 ffffffffffff 788a2024420d Edificio Playas [BEACON]
08:52:43 1 e43ed78aca9b 14cc20b54db3 Renata 2.4GHz [AUTHENTICATION]
08:52:43 1 e43ed78aca9b 14cc20b54db3 Renata 2.4GHz [REASSOCIATION]
08:52:43 1 e43ed78aca9b 14cc20b54db3 Renata 2.4GHz [EAPOL:M1M2 EAPOLTIME:2501 RC:1 KDV:2]
08:52:43 1 e43ed78aca9b 14cc20b54db3 Renata 2.4GHz [EAPOL:M2M3 EAPOLTIME:7296 RC:2 KDV:2]
08:52:43 1 e43ed78aca9b 14cc20b54db3 Renata 2.4GHz [EAPOL:M3M4ZEROED EAPOLTIME:73 RC:2 KDV:2]
08:52:43 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [AUTHENTICATION]
08:52:43 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [REASSOCIATION]
08:52:43 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M2M3 EAPOLTIME:3873 RC:2 KDV:2]
08:52:43 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M3M4ZEROED EAPOLTIME:510 RC:2 KDV:2]
08:52:44 6 ffffffffffff f4c114ae13f8 Los Maquez [BEACON]
08:52:44 6 ffffffffffff 98dac43b5b90 La Galeria Frida [BEACON]
08:52:44 6 ffffffffffff 6014b39a4a60 Fibertel WiFi187 2.4GHz [BEACON]
08:52:44 6 ffffffffffff a4526f120184 CariloHouseC7 [BEACON]
08:52:44 6 dc9fdb3403d0 6014b39a4a60 Fibertel WiFi187 2.4GHz [PROBERESPONSE]
08:52:47 6 60f1894d08a0 f4c114ae13f8 Los Maquez [PROBERESPONSE]
08:52:48 11 ffffffffffff 822aa8b3bfb2 Seabreeze [BEACON]
08:52:48 11 ffffffffffff 922aa8b3bfb2 [HIDDEN BEACON]
08:52:48 11 ffffffffffff 24a43ca00dee CARILO_HOUSE [BEACON]
08:52:48 11 e43ed78aca9b c0ffd49b7286 Fibertel C9 Netgear [PROBERESPONSE]
08:52:48 11 ffffffffffff 6872513abca8 CARILO_HOUSE [BEACON]
08:52:48 11 e43ed78aca9b b0fc3686f570 Fibertel DRI C9 [PROBERESPONSE]
08:52:48 11 ffffffffffff 00156d102436 Torrecillas [BEACON]
08:52:49 11 ffffffffffff c0ffd49b7286 Fibertel C9 Netgear [BEACON]
08:52:49 11 ffffffffffff ac84c6b3c76a Torrecillas IV [BEACON]
08:52:49 11 ffffffffffff 6872513abc24 CARILO_HOUSE [BEACON]
08:52:50 11 dc9fdb3403d0 ac84c6b3c76a Torrecillas IV [PROBERESPONSE]
08:52:50 11 ffffffffffff 6014b300c8f0 Fibertel WiFi240 2.4GHz [BEACON]
08:52:52 3 ffffffffffff 68ff7bcb02e1 Sea Point [BEACON]
08:52:54 3 ffffffffffff 60e3273525ee ADMIN_HOUSE [BEACON]
08:52:54 3 20326c0fd6a8 68ff7bcb02e1 Sea Point [PROBERESPONSE]
08:52:57 5 8efa504beb3c c025e93360f2 La Galeria Admin [PROBERESPONSE]
08:53:00 1 ffffffffffff ac84c6b3e988 Torrecillas VII [BEACON]
08:53:00 1 ffffffffffff 68ff7b5a8936 laposta wifi [BEACON]
08:53:01 1 ffffffffffff 10feed0d32c2 Lemuhue WFPatio [BEACON]
08:53:01 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M1M2 EAPOLTIME:4880 RC:1 KDV:2]
08:53:01 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M2M3 EAPOLTIME:1523 RC:2 KDV:2]
08:53:01 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [EAPOL:M3M4ZEROED EAPOLTIME:516 RC:2 KDV:2]
08:53:02 1 ffffffffffff 00026f618b25 LemuhueWF [BEACON]
08:53:02 1 ffffffffffff ac84c6b3c642 Torre Dptos 8 y 9 [BEACON]
08:53:03 1 ffffffffffff 00156d7ce740 Torrecillas [BEACON]
08:53:06 6 02717b85786b 98dac43b5b90 La Galeria Frida [PROBERESPONSE]
08:53:08 11 4ec18f57a7cf 6872513abca8 CARILO_HOUSE [PROBERESPONSE]
08:53:09 11 620f1abb069a 24a43ca00dee CARILO_HOUSE [PROBERESPONSE]
08:53:09 11 de60fdba3a5a 00156d9ee135 CARILO_HOUSE [PROBERESPONSE]
08:53:10 11 0022fe016108 6872513abc24 CARILO_HOUSE [PROBERESPONSE]
08:53:11 11 84100d4447fc 822aa8b3bfb2 Seabreeze [PROBERESPONSE]
08:53:13 2 ffffffffffff 6872515464a0 La Hosteria [BEACON]
08:53:13 2 6466b3221a29 6872515464a0 La Hosteria [PROBERESPONSE]
08:53:20 1 dc9fdb3403d0 00156d7ce740 Torrecillas [PROBERESPONSE]
08:53:38 9 dc9fdb3403d0 c025e9efa246 TP-LINK_A246 [PROBERESPONSE]
08:53:40 1 ffffffffffff 7683c2342926 [HIDDEN BEACON]
08:53:41 1 3cdcbce32015 68ff7b5a8936 laposta wifi [PROBERESPONSE]
08:53:57 10 ffffffffffff 50d4f793cc04 Sea Point [BEACON]
08:54:01 1 60f1894d08a0 6014b3d7d3d0 Fibertel WiFi935 2.4GHz [PROBERESPONSE]
08:54:01 1 60f1894d08a0 10feed0d32c2 Lemuhue WFPatio [PROBERESPONSE]
08:54:01 1 30074d139e2d 90671c865ee4 ARNET DRI [PROBERESPONSE]
08:54:03 1 ffffffffffff 7a8a20244331 [HIDDEN BEACON]
^C
terminating...
failed to get interface information: No such device
failed to set interface down: No such device
failed to restore old SIOCSIWMODE: No such device
failed to restore old SIOCSIFFLAGS and to bring interface up: No such deviceIt freezed again. So I had to pull the usb adapter again to be able to print dmesg. If I don't manually plug the USB adapter, dmesg does not work. It hangs. Something is hanging very badly but I cannot see exactly why. But this happens when I run hcxdumptool only. It there any "more verbose" mode? or maybe a development version I can try.
ZerBea
commented
3 years ago I can reproduce that running my TP-LINK TL--WN722N. After a while and under heavy load (as hcxdudmptool produce it), the driver died. I'll do some further going investigations to find out why the driver died.
gonzabrusco
commented
3 years ago I changed my VMWARE virtual machine setting from usb 2.0 to usb 3.1 and now it's working (for now). I will let you know if it fails again. Thanks!
ZerBea
commented
3 years ago That may one problem, but there is another one.
gonzabrusco
commented
3 years ago It finally freezed again. But after much longer time. I don't know if it was a coincidence. This is dmesg (after pulling the usb adaptar):
[ 4601.294806] ath: phy0: Unable to set channel
[ 4835.221456] INFO: task vmtoolsd:510 blocked for more than 120 seconds.
[ 4835.221466] Tainted: G E 5.9.0-kali1-amd64 #1 Debian 5.9.1-1kali2
[ 4835.221469] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4835.221472] task:vmtoolsd state:D stack: 0 pid: 510 ppid: 1 flags:0x00000000
[ 4835.221479] Call Trace:
[ 4835.221494] __schedule+0x281/0x8a0
[ 4835.221502] schedule+0x4a/0xb0
[ 4835.221507] schedule_preempt_disabled+0xa/0x10
[ 4835.221512] __mutex_lock.constprop.0+0x13a/0x480
[ 4835.221518] ? __netlink_lookup+0xb4/0x120
[ 4835.221523] __netlink_dump_start+0xba/0x2d0
[ 4835.221529] ? rtnl_fill_ifinfo+0x1290/0x1290
[ 4835.221534] rtnetlink_rcv_msg+0x231/0x360
[ 4835.221539] ? rtnl_fill_ifinfo+0x1290/0x1290
[ 4835.221544] ? rtnl_calcit.isra.0+0x110/0x110
[ 4835.221548] netlink_rcv_skb+0x47/0x110
[ 4835.221553] netlink_unicast+0x1f9/0x2c0
[ 4835.221558] netlink_sendmsg+0x243/0x480
[ 4835.221565] sock_sendmsg+0x5e/0x60
[ 4835.221570] __sys_sendto+0xee/0x150
[ 4835.221581] ? exit_to_user_mode_prepare+0x32/0x140
[ 4835.221586] __x64_sys_sendto+0x25/0x30
[ 4835.221591] do_syscall_64+0x33/0x80
[ 4835.221597] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 4835.221603] RIP: 0033:0x7f4f558d535c
[ 4835.221605] Code: Bad RIP value.
[ 4835.221607] RSP: 002b:00007ffe28126780 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 4835.221611] RAX: ffffffffffffffda RBX: 00007ffe28127910 RCX: 00007f4f558d535c
[ 4835.221613] RDX: 0000000000000014 RSI: 00007ffe28127850 RDI: 0000000000000009
[ 4835.221615] RBP: 0000000000000000 R08: 00007ffe28127810 R09: 000000000000000c
[ 4835.221617] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe28127810
[ 4835.221618] R13: 00007ffe28127850 R14: 000055d19727cc30 R15: 00007ffe281267c0
[ 4835.221657] INFO: task kworker/2:2:1468 blocked for more than 120 seconds.
[ 4835.221661] Tainted: G E 5.9.0-kali1-amd64 #1 Debian 5.9.1-1kali2
[ 4835.221664] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4835.221668] task:kworker/2:2 state:D stack: 0 pid: 1468 ppid: 2 flags:0x00004000
[ 4835.221680] Workqueue: ipv6_addrconf addrconf_verify_work
[ 4835.221682] Call Trace:
[ 4835.221688] __schedule+0x281/0x8a0
[ 4835.221694] schedule+0x4a/0xb0
[ 4835.221698] schedule_preempt_disabled+0xa/0x10
[ 4835.221703] __mutex_lock.constprop.0+0x13a/0x480
[ 4835.221709] ? __switch_to_asm+0x36/0x70
[ 4835.221715] addrconf_verify_work+0xa/0x20
[ 4835.221721] process_one_work+0x1b4/0x370
[ 4835.221726] worker_thread+0x53/0x3e0
[ 4835.221730] ? process_one_work+0x370/0x370
[ 4835.221733] kthread+0x11b/0x140
[ 4835.221736] ? __kthread_bind_mask+0x60/0x60
[ 4835.221741] ret_from_fork+0x22/0x30
[ 4956.053234] INFO: task vmtoolsd:510 blocked for more than 241 seconds.
[ 4956.053244] Tainted: G E 5.9.0-kali1-amd64 #1 Debian 5.9.1-1kali2
[ 4956.053247] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4956.053251] task:vmtoolsd state:D stack: 0 pid: 510 ppid: 1 flags:0x00000000
[ 4956.053257] Call Trace:
[ 4956.053273] __schedule+0x281/0x8a0
[ 4956.053280] schedule+0x4a/0xb0
[ 4956.053285] schedule_preempt_disabled+0xa/0x10
[ 4956.053346] __mutex_lock.constprop.0+0x13a/0x480
[ 4956.053370] ? __netlink_lookup+0xb4/0x120
[ 4956.053375] __netlink_dump_start+0xba/0x2d0
[ 4956.053382] ? rtnl_fill_ifinfo+0x1290/0x1290
[ 4956.053386] rtnetlink_rcv_msg+0x231/0x360
[ 4956.053392] ? rtnl_fill_ifinfo+0x1290/0x1290
[ 4956.053397] ? rtnl_calcit.isra.0+0x110/0x110
[ 4956.053401] netlink_rcv_skb+0x47/0x110
[ 4956.053406] netlink_unicast+0x1f9/0x2c0
[ 4956.053410] netlink_sendmsg+0x243/0x480
[ 4956.053417] sock_sendmsg+0x5e/0x60
[ 4956.053422] __sys_sendto+0xee/0x150
[ 4956.053434] ? exit_to_user_mode_prepare+0x32/0x140
[ 4956.053439] __x64_sys_sendto+0x25/0x30
[ 4956.053444] do_syscall_64+0x33/0x80
[ 4956.053451] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 4956.053457] RIP: 0033:0x7f4f558d535c
[ 4956.053459] Code: Bad RIP value.
[ 4956.053462] RSP: 002b:00007ffe28126780 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 4956.053466] RAX: ffffffffffffffda RBX: 00007ffe28127910 RCX: 00007f4f558d535c
[ 4956.053468] RDX: 0000000000000014 RSI: 00007ffe28127850 RDI: 0000000000000009
[ 4956.053470] RBP: 0000000000000000 R08: 00007ffe28127810 R09: 000000000000000c
[ 4956.053472] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe28127810
[ 4956.053473] R13: 00007ffe28127850 R14: 000055d19727cc30 R15: 00007ffe281267c0
[ 4956.053514] INFO: task kworker/2:2:1468 blocked for more than 241 seconds.
[ 4956.053519] Tainted: G E 5.9.0-kali1-amd64 #1 Debian 5.9.1-1kali2
[ 4956.053522] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 4956.053524] task:kworker/2:2 state:D stack: 0 pid: 1468 ppid: 2 flags:0x00004000
[ 4956.053536] Workqueue: ipv6_addrconf addrconf_verify_work
[ 4956.053538] Call Trace:
[ 4956.053544] __schedule+0x281/0x8a0
[ 4956.053550] schedule+0x4a/0xb0
[ 4956.053554] schedule_preempt_disabled+0xa/0x10
[ 4956.053559] __mutex_lock.constprop.0+0x13a/0x480
[ 4956.053566] ? __switch_to_asm+0x36/0x70
[ 4956.053572] addrconf_verify_work+0xa/0x20
[ 4956.053577] process_one_work+0x1b4/0x370
[ 4956.053583] worker_thread+0x53/0x3e0
[ 4956.053586] ? process_one_work+0x370/0x370
[ 4956.053590] kthread+0x11b/0x140
[ 4956.053593] ? __kthread_bind_mask+0x60/0x60
[ 4956.053597] ret_from_fork+0x22/0x30
[ 5036.258317] xhci_hcd 0000:03:00.0: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 7 comp_code 4
[ 5036.258372] xhci_hcd 0000:03:00.0: Looking for event-dma 000000012b464080 trb-start 0000000134dd1090 trb-end 0000000134dd1090 seg-start 0000000134dd1000 seg-end 0000000134dd1ff0
[ 5036.260219] usb 2-2.1: USB disconnect, device number 5
[ 5036.275327] xhci_hcd 0000:03:00.0: WARN Set TR Deq Ptr cmd failed due to incorrect slot or ep state.
[ 5036.329246] device wlan0 left promiscuous mode
[ 5036.379322] usb 2-2.1: ath9k_htc: USB layer deinitializedThere's another error not related (vmtools) but the ath: phy0: Unable to set channel appeared again.
ZerBea
commented
3 years ago After some investigations, it looks like we are running into a (well known) driver issue:
[ 7380.126863] device wlp5s0f4u2 entered promiscuous mode
[ 7388.146435] kauditd_printk_skb: 4 callbacks suppressed
[ 7556.470126] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7556.975375] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7557.480254] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7557.984752] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7558.491501] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7559.079128] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7559.585129] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7560.089505] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7560.595753] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7561.100137] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7561.604635] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7562.108259] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7562.682879] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7563.189002] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7563.693506] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7564.199255] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7564.786885] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7565.292644] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7565.796886] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7566.301008] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040
[ 7566.805258] ath: phy27: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x02000020 DMADBG_7=0x00028040After doing some DuckDuckGo searches, I noticed that the issue is well known for a long time. It is also reported on Arch Linux bug tracker (and this is not caused by hcxdumptool):
Description:
The Internet disappears (red wi-fi indicator) and the system freezes (almost always).https://bugs.archlinux.org/task/68578
I try to add some code to hcxdumptool to detect this driver issue and to terminate hcxdumptool on this error.
ZerBea
commented
3 years ago By latest commits https://github.com/ZerBea/hcxdumptool/commit/539251196b2eae7d3647dd2fa5b27a6c5f24d388 and https://github.com/ZerBea/hcxdumptool/commit/647874025b5d223b3d1652aae2e331c5f8f7fd7b I added some function to detect if the driver does not respond (especially on ath9k devices like TP-LINK TL-WN722N v1 - green LED doesn't flash any longer). Either hcxdumptool stops (if max errors reached) or you can terminate it by pressing ctrl+c. That is all I can do until the driver receive a fix!
ZerBea
commented
3 years ago 21.12.2020
==========
removed TP-LINK TL-WN722N v1 (ath9k driver) from list of working devices due to driver issuesee changelog for more details
ZerBea
commented
3 years ago Now the issue is moved to bugzilla.kernel.org: https://bugzilla.kernel.org/show_bug.cgi?id=207397
@gonzabrusco can you confirm that hcxdumptool (latest git head) no longer freezes when the ath9k driver died?
ZerBea
commented
3 years ago I don't expect a "quick solution": https://duckduckgo.com/?q=ath9k+freeze&t=h_&ia=web
gonzabrusco
commented
3 years ago I tried it a few times. It always hangs. Sorry. Only one time it showed me this: "driver is busy: failed to transmit proberesponse" but it hanged nevertheless. I'm using this as OS on WMWare with Windows 10 as host: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ (Kali Linux VMware 64-Bit (7z))
Sometimes it works for a couple of seconds before it hangs, sometimes it works for minutes. But always the led stops blinking and it freezes. The error message you added does not always shows up. Dmesg stops responding so I have to pull the adapter to see it. But it does not show anything relevant really. I'm not sure why it is freezing.
┌──(kali㉿kali)-[~/Desktop/hcxdumptool]
└─$ ./hcxdumptool -v
hcxdumptool 6.1.4-13-g41ca5ae (C) 2020 ZeroBeat
┌──(kali㉿kali)-[~/Desktop/hcxdumptool]
└─$ sudo ./hcxdumptool -i wlan0 --enable_status=15
initialization...
start capturing (stop with ctrl+c)
NMEA 0183 SENTENCE........: N/A
INTERFACE NAME............: wlan0
INTERFACE HARDWARE MAC....: e8de27a11847
DRIVER....................: ath9k_htc
DRIVER VERSION............: 5.9.0-kali1-amd64
DRIVER FIRMWARE VERSION...: 1.4
openSSL version...........: 1.1
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 0c811201d239 (BROADCAST HIDDEN)
ACCESS POINT (ROGUE)......: 0c811201d23a (BROADCAST OPEN)
ACCESS POINT (ROGUE)......: 0c811201d23b (incremented on every new client)
CLIENT (ROGUE)............: f0a225ee726e
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 64376
ANONCE....................: 37c8574ab1480f497f0b39b09947b6e3c3b2d128c9f2eb0b24149764fdfa9624
SNONCE....................: 5744a50ccbef7cb2e7290287b84a6b6e2c1bfc83ef58bb6b955dc5b0abb5de5a
08:23:59 1 ffffffffffff ac84c6b3e988 Torrecillas VII [BEACON]
08:23:59 1 ffffffffffff 14cc20b54db3 Renata 2.4GHz [BEACON]
08:23:59 1 34f39a07a7ec 14cc20b54db3 Renata 2.4GHz [PROBERESPONSE]
08:23:59 1 ffffffffffff 6872513abca8 CARILO_HOUSE [BEACON]
08:23:59 1 ffffffffffff 6014b3d7d3d0 Fibertel WiFi935 2.4GHz [BEACON]
08:24:00 6 ffffffffffff 28be9b9e170f Carilo A9 [BEACON]
driver is busy: failed to transmit proberesponseI'm now thinking in buying a Tp Link Archer T2uh because this 722N is having too many driver problems. Can you recommend that adapter?
ZerBea
commented
3 years ago It is not easy to recommend a special device. Running into issues or not is driven by many different factors:
My preferred devices are running a mt76 chipset and/or a RT2870/RT3070 chipset.
Also you should know that issues could happen - and we have had lots of them: https://bugzilla.kernel.org/show_bug.cgi?id=202243 https://bugzilla.kernel.org/show_bug.cgi?id=201875 https://github.com/openwrt/mt76/issues/216#issuecomment-500999516 ... and more.
gonzabrusco
commented
3 years ago Thanks @ZerBea . I think I will try my luck with that adapter.
I tried again my TP-LINK TL-WN722N v1 with a live Kali from USB (without virtual machine) and it fails too. It just hangs. No warning from hcxdumptool. Dmesg also hangs. Something very wrongs is happening with the driver. I guess I will just sell it. For airodump works perfectly but I want to use your tool.
Every few days I update all the utilities in my system. And after the last update, hcxdumptool stopped working.
That is, when I try to start as usual
hcxdumptool -i wlan1 --reactive --enable_status 31 -o manual_a9.pcapngIt works the first 5-10 seconds and freezes. I cannot close using Ctrl + C and the iwconfig command is not responding. Everyone wifi commands stops normal working. Everything becomes normal again when I disconnect the wifi adapter.
Having rolled back to the version from the kali repository, everything works fine there.
I checked these commands
Everything is fine here.