I'm currently planning to do cheap wireless video transmission from mobile, battery powered devices to a base station.
To be clear, I did not do any tests so far, but because the required range will be quite large (>2000ft/600m) and by my experience on wifi I'm quite sure this won't work using a standard wifi connection using standard german wifi cards (max 100mW power). Wifi requires a two-way connection to keep associated with each other.
However, I don't really care if my device can receive data from my base station.
I can use large antennas on the receiving side (base station) but not on the device. So I thought what is not there can't break. So my intention is to send 802.11 packets without beeing connected.
How can I send and receive 802.11 frames in Linux without the network stack adding or removing any data (or even dropping the packet because it does not know how to handle it) ?
An 802.11 frame at it's lowest level consists of the following fields:
Preamble | PLCP header | MPDU (MAC PDU)
My intent is to control anything that's inside the MPDU.
Thanks in advance.
Related
I'm trying to build a small program that reads the BLE beacons around my devices and parses the ones that I'm interested in to publish on MQTT. I'm using Raspberry Pis to run the code, I develop using my mac. The language is JS (Node 10.x), my Pis are running latest Buster, that is Bluez 5.50 and a fork of Noble to interface with the bluetooth layer.
For some reason, on one of the Pis that I moved to an open area (in order to get clear readings), I only receive the Scan Response Packets. I never receive the Advertisement Packet. I do sometimes receive the Advertisement packet for one of the device that is quite far away, making me suspect that signal comes in play here. From the Pis in the network cabinet (small Faraday cage) I do get inconsistently both packets every now and then (reason for dedicating a Pi in an open location).
Is there any way to force Bluez to always receive the Advertisement packet? Is there a bug somehow or a feature that I am not using properly?
EDIT
I installed tshark to monitor closely, and I do see the advertisement packet reaching my device. This means that BlueZ is ignoring them. Is there some complete documentation on how to use bluetoothctl and how to configure the bluetooth deamon/tool in order for these packets to be read?
After many days investigating, I manage to get the desired result for my project. I first thought of using the bluewalker project to access the raw packets. With this you can scan in passive mode, meaning only the advertising packet is retrieved.
By looking more in depth into noble project, the one I actually use to interface with, there is a workaround to scan in passive mode (https://github.com/noble/noble/issues/701), but also a variable to capture both advertising and response packets: NOBLE_REPORT_ALL_HCI_EVENTS. Setting this to 1 will give me exactly what I need, both the scan request which contains the data that changes more frequently, and the scan response that contains more data, such as min/max 24h values. And as a matter of fact, combining this setting with duplicates=false seems to give me only the scan request data, just like in passive mode.
Question still opened:
Having this, I still don't know how to use bluetoothctl to display both scan request data along with the scan response. Nor did I find a way to force the scan mode to passive. I could investigate more hcitool hciconfig, but they are deprecated (although every article on the internet refers to them).
I know that bluetooth uses hoping, and because of this difficult to intercept traffic.
Сan i put my dong into monitoring mode?
If for example are 30 devices nearby, and i will always listen just one bluetooth channel, and my dongle works in monitor mode, should i get sometimes some data?
Can i use for these purposes Hcidump or tcpdump?
If I understand correctly, if bluetooth device does not have a password, i can directly interact with its services(with hcitool and tmux).?
I read that i can watch the battery level, device name, and other information.
PS: sorry for bad english.
It is possible to monitor traffic between Bluetooth devices but I am quite sure that your default laptop dongle is not capable of doing that.
Before establishing connection between two Bluetooth devices, they send connection request/response packets on primary advertising channels (37th, 38th, 39th channel). You need to capture these packets to learn hopping pattern, connection interval and etc. After receiving packets, you can monitor insecure Bluetooth connections. However it is hard to monitor 30 device simultaneously because you need to make time division between each connection.
Let's answer your questions.
It might be possible but you need to write driver level code.
It might be possible. As I mentioned, it is good approach to capture connection request/response packets before monitoring devices.
I have no idea about these tools.
To manipulate services, you need to know service handle and duplicate GATT client's mac address. I am not sure that, this method will work.
As I understand it, Bluetooth Low Energy communication can be established with or without pairing. This is in the context of mobile development, Android more specifically but I believe iOS is more or less the same.
Are there instances where one would choose one over the other? And what would be the purpose? What is technically considered paired communication and what is considered unpaired communication?
I've dabbled around for a bit on the differences and have even made a few demo only apps related to BLE but I haven't found a clear explanation if what I am doing is actually considered paired or not.
Edit:
The reason I ask the question is that I believe I am looking to encrypt unpaired BLE connections. In some cases, and essentially my main use case, a mobile device may want to connect to several different peripherals randomly at different times throughout the day and the process of physically accepting a pair request seems unnecessary and quite time consuming. By 'randomly' I mean I am walking by one if I have a dozen scattered around my apartment and I personally don't know exactly which one without physically checking. I don't what to walk in the room the first time and have to manually pair each device, that would be insane if I had 100 devices. Note that these devices don't necessarily have to be connected at the same time, but could. Also note that I understand this isn't generally the main use case of the typical peripheral to mobile use case.
Here are a few differences:
If you bond the devices, the link will become encrypted, so it becomes more secure. So "paired" communication basically means the link is encrypted plus the device "knows" what it talks to.
The remote device also learns your phone's IRK (identity resolving key), which can be used to identify the phone later on. By default, the phone rotates the Bluetooth Device Address every 15 minutes or so. Without knowing the IRK, the peripheral can't identify the phone.
A good thing if the devices are bonded, is that the GATT db of the remote device gets cached, which means upon next connection, you don't have to wait a long time for service discovery to complete.
On Android, connecting by Bluetooth Device Address without first scanning is broken since the API lacks the "address type" bit (public/random address). If Android "guesses" wrong, you will connect to the wrong device and therefore fail. However if devices are bonded, the address type is stored and looked up based upon Bluetooth Device Address, which makes it work as expected. So if you plan to automatically connect to your peripherals in the background upon boot for example, it's a good idea to bond the devices.
A small detail is that Client Characteristic Configuration Descriptor values should also be stored by the GATT server and restored once the bonded device reconnects so it doesn't have to rewrite the descriptor value.
Some Bluetooth profiles needs bonding, for example HID (at least on iOS and Android).
Recently I encountered several questions on SO regarding working with sockets on a very low level. Here's an example. While looking for an answer, I realised that sockets have relatively low capabilities on OSI Level 2. On Linux, we can specify a protocol when creating a socket, but obviously not all Level 2 protocols are present in the list.
While it is possible to assemble and send an ethernet frame, it's (presumably) not possible to send a 802.11 packet - though it looks like wifi device drivers do convert ethernet frames to wifi packets and vice versa.
This made me wonder, if there are more possibilities in reading and writing directly to device files like eht0, ath0? Is it a socket implementation who usually writes to these files, or a device driver? And who's on receiving side - a NIC driver, a peripheral bus controller?
I want to implement a driver in Linux, that has a Ethernet stack but the data going out on hardware will be a serial port. Basically, I want to register my serial port as a Ethernet driver. Does anyone have any idea if this is possible?
I want to be able to push IPv6 and/or UDP packets out of the serial port and in a similar way receive the packets via a serial port and pass it up the Ethernet stack.
I do not want to use the solution of serial-to-ethernet convertors(external hardware that convert a serial port to a ethernet port) but have that in my PC itself.
I tried PPP over the serial port and it works well. I am also told that I can do FTP, HTTP etc using the PPP. Reference to this - http://www.faqs.org/docs/Linux-HOWTO/Serial-Laplink-HOWTO.html
I have tried to hack the code from a RealTek Ethernet driver with a serial driver but not able to gain much success. Rather I do not know the stack of either to actually do anything meaningful. Any advice, guidance or tutorials would be helpful.
Thanks
Aditya
You need to get back to de basics on networking, the way I understand you question is: "I have a serial port and I want to use is an Ethernet link". Sorry to crush your dreams but you don't have the real hardware to do so, I'll elaborate on it.
A serial connection is a physical connection that requires 3 wires (at least) tx, rx and ground. On the logical side you have an IC that coverts binary data into signals that are represented by discrete voltage ranges.
Ethernet is a layer 2 protocol, the layer 1 is provided by the technology used to transmit the signals (coax, up, fiber etc.) As you might see by now, you need a different set of hardware to convert the logical Ethernet frames into a stream of digital numbers, in fact this is call framing.
Since Ethernet has been an easy to use protocol it has been implemented as e preferred protocol for many network operators, of course one of the biggest is PPPoE where you have a PPP session over an Ethernet link. Of course this won't work with your example neither since you're trying the opposite.
If you're just learning and have all the time in the world you can attempt to write your own Ethernet framer over serial lines. This means you need to implement IEEE802.3 into the driver and then you need to serialize the data to push it as a stream of bits over the serial line. Of course note the following drawbacks:
Your driver won't be able to fully support Ethernet, you need some support at hardware level to implement some signaling (example, auto negotiation, CSMA/CD, etc)
You driver will be pretty much useless unless you back in time where 115.2kbps is top speed in data transfers
IMHO there are more exciting projects that you can pick up in the networking field for device drivers. You can for example attempt to buy a NIC and develop the device driver for it from scratch and you can optimize certain areas. Finally, remember that most of the Ethernet implementations are now done in hardware so you don't have to do anything but filling a few registers on the MAC and voila!
SLIP and PPP do already what you want.