Monday, February 20, 2017

iw monitor mode flags

Out of curiosity, I looked at iw to set monitor mode and it has the following flags:



Pretty much all of them seem pretty self-explanatory but it's worth giving more details about each of them:
  • fcsfailFCS (Frame Check Sequence) is the checksum of the frame (CRC32), to make sure it was received correctly. By default, a driver should only forward valid frames to the monitor mode interface. This flag allow you to receive frame that also fail the test. One of the use could be monitoring the quality of a wireless network.
  • control: There are 3 type of frames: data, management and control. Data is pretty obvious. Management help maintain a connection and control (beacons, probe request/response, authentication, association, deauthentication, deassociation, etc). Control help facilitate the transmission of frame between devices (ACK, RTS, CTS, etc). This is hardware-dependent.
  • otherbss: It would allow receiving frames from other BSS (other than the ones to/from the access point the card is connected to or the clients this access point is serving). This is hardware-dependent.
  • cook: Refer to a mode for HostAPd where authentication frames that mac80211 didn't actually look at. It is only for ancient versions of HostAPd.
  • active: ACK is time sensitive and software is too slow to answer it quick enough so this would be done in the hardware itself instead of software. If an ACK is not received within a certain amount of time, the frame will be considered as lost and a new frame with the retry flag will be sent. The only exception would be very long distance links: the longer the links, the longer it takes for a frame to arrive and in some rare cases, software could be fast enough.

TL;DR: none is what you need.