search

seemoo-lab / mobisys2018_nexmon_channel_state_information_extractor

Example project for extracting channel state information of up to 80 MHz wide 802.11ac Wi-Fi transmissions using the BCM4339 Wi-Fi chip of Nexus 5 smartphones.
Other
98 stars 39 forks source link

The pcap file is not correct. #11

Closed xcl0416 closed 4 years ago

xcl0416 commented 6 years ago

I have installed the utilities and firmware patch on my Nexus 5. I use echo "0210010080000000ffffffffffff206be774da6e" | xxd -r -p | base64 nexutil -s500 -l20 -b -vAhABAIAAAAD///////8ga+d02m4 to set the frame filter.(206be774da6e is my AP mac address) Then I use nexutil -m1 tcpdump -i wlan0 -xxx -w test.pcap to log the infomation to the file. At last, I use Wireshark to analyze the pcap file, it looks something strange like this. image And I cannot get CSI by using your Matlab code. The matrix are all zero. I also check your sample pcap file, they are all UDP frame. So I get confused about it. I am looking forward to your reply, please.

matthiasseemoo commented 6 years ago

You have to debug the code to figure out, where the information is getting lost. Are you on an empty channel, where only the frames show up whose csi you want to measure?

向晨路 notifications@github.com schrieb am Fr., 20. Juli 2018, 08:15:

I have installed the utilities and firmware patch on my Nexus 5. I use echo "0210010080000000ffffffffffff206be774da6e" | xxd -r -p | base64 nexutil -s500 -l20 -b -vAhABAIAAAAD///////8ga+d02m4 to set the frame filter.(206be774da6e is my AP mac address) Then I use nexutil -m1 tcpdump -i wlan0 -xxx -w test.pcap to log the infomation to the file. At last, I use Wireshark to analyze the pcap file, it looks something strange like this. [image: image] https://user-images.githubusercontent.com/14949508/42986036-9bfc0534-8c26-11e8-8d4e-a0fc5f3319ee.png And I cannot get CSI by using your Matlab code. The matrix are all zero. I also check your sample pcap file, they are all UDP frame. So I get confused about it. I am looking forward to your reply, please.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/issues/11, or mute the thread https://github.com/notifications/unsubscribe-auth/ALP_7jGnhKyhD5hwIEyV75yLX2EiHUqqks5uIXV4gaJpZM4VXgiu .

xcl0416 commented 6 years ago

I have used a free channel to get CSI. So I have another question, when I use nexutil -m1 command, the phone will be set as monitor mode and will not connect with the AP. But in your sample pcap, I find IP address of source and destination. How could you get IP address from the broadcast frames.

matthiasseemoo commented 6 years ago

You need to read the code to understand whats going on. Whenever the wifi chip extracts csi data, i create a new ethernet frame including ip and udp headers and then i send it to android:

https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/blob/master/src/csi_extraction.c

向晨路 notifications@github.com schrieb am Fr., 20. Juli 2018, 10:41:

I have used a free channel to get CSI. So I have another question, when I use nexutil -m1 command, the phone will be set as monitor mode and will not connect with the AP. But in your sample pcap, I find IP address of source and destination. How could you get IP address from the broadcast frames.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/mobisys2018_nexmon_channel_state_information_extractor/issues/11#issuecomment-406531416, or mute the thread https://github.com/notifications/unsubscribe-auth/ALP_7o-YrpFDqQlET1Qcv1Xecbg42jjdks5uIZfJgaJpZM4VXgiu .

gkpln3 commented 5 years ago

Same here, any idea why almost all packets come with a "ffffffff" prefix?