Home Wireless Home General Software Firmware Promiscuous WEP AP mode Links

Linux and Prism2-based wireless cards


General observations

07-01-2003 UPDATE:A number of patches I have listed to enable monitor/promiscuous mode on the prism2 cards are no longer necessary with the latest linux-wlan drivers, linux-wlan-ng-0.2.1-pre9.tar.gz as of this writing (jul 2003). Check the linux-wlan site for updates. In addition, the use of a relatively new libpcap (check the www.tcpdump.org site for updates and/or ethereal http://www.ethereal.com will give you raw 802.11b captures nicely.

The Intersil prism2 cards are some of the cheapest wireless cards available on the market today; You can pick up one of these cards at any CompUSA/J&R electronics. Prices range from $100-$150 USD.

The default wvlan_cs/orinoco_cs drivers _will_ work, but they will complain that it is not a "true" Lucent chipset, and that you should get a Prism2-specific driver. The most complete driver is available at linux-wlan.com. I've taken some flaming email for making this recommendation, but all I can say it that for the Linksys/SMC cards I have, the linux-wlan drivers work well. I use the Orinoco drivers in the kernel for my "classic" Orinoco silver and gold though.

There are also many different versions of the linux-wlan drivers floating around; some with more capabilities than others: some support adhoc mode, some support AP mode (!), and some support monitor (promiscuous) mode.

Software

With 0.1.0 or greater releases, I can do BSS, IBSS, and promiscuous mode without patching! Its highly recommended you try the latest linux-wlan drivers first. You will still need to update the firmware to support IBSS, however.

I am using linux-wlan-0.2.1-pre9.tar.gz using 128-bit WEP in BSS mode with no problems. Linux kernel version 2.4.21 with pcmcia-cs-3.2.4.

Link Description
0.8.3 Prism2 firmware update (can be used on ANY Prism2-based card). Runs under Windows only. NOTE: One user has reported that this update caused their Proxim RangeLAN-DS card to hang and become an expensive paperweight, so don't blame me.
linux-wlan-0.2.1-pre9.tar.gz Newest version (jul 2003) of the linux-wlan drivers.
linux-wlan-ng-0.1.13.tar.gz OLD version (april 2002) of the linux-wlan drivers.
linux-wlan-ng-0.1.10.tar.gz OLD version (sep 2001) of the driver from linux-wlan, they put monitor and IBSS mode back in finally, making the patches below to 0.1.8-pre13 unnecessary.
linux-wlan-ng-0.1.8-pre13+adhoc+newsham.tar.gz OLD: linux-wlan drivers with the adhoc patch below and newsham's monitor patches
linux_wlan_ng_0.1.8_pre13.tar.gz OLD: the last release of linux-wlan drivers from linux-wlan.com
linux-wlan-ng-0.1.8-pre13-ap-2.2.tar.gz Access Point (AP) mode support for the prism2 cards. For use with linux kernel 2.4.x
linux_wlan_ng_0.1.6.tar.gz OLD: the release of linux-wlan drivers which include monitor mode (?), which is apparently removed in newer versions of the driver.
linux_wlan_ng_adhoc_patch_1.tar.gz OLD: Patch to linux_wlan_ng_0.1.8_pre13 to support IBSS mode, supplied by SMC from their webpage.
tools-prismdump_20010530.tgz prismdump, which allows you to sniff promiscuously with a Prism2-based card. Written by Johan Jorgensen at Axis Communications AB.
Tools from the people at sublimation which are intended to analyze prismdump output.
wlan-monitor.patch OLD: Newsham's patch against linux_wlan_ng_0.1.8_pre13 to put the monitor mode (promisc) mode back in.
wlan-mods.tgz OLD: Newsham's patches against libpcap (0.6.2) & ethereal (0.8.17).
wep_tools.tgz OLD: Newsham's tools for brute-forcing WEP encryption, includes wep_decrypt and wep_crack.

Firmware issues

Intersil Prism2 cards

On the Intersil Prism2 cards, you must have station firmware 0.8.3 in order to support ad-hoc (IBSS) mode, by default, most cards ship with 0.7.6. Compaq ships an update to 0.8.0, but that doesn't work for IBSS, SMC is the only vendor I could find who updates the Prism2 firmware to 0.8.3. (Version 0.7.6 will support infrastructure (BSS) mode without problems, this upgrade is only necessary for IBSS under Linux). Interestingly, since all these cards (SMC, Compaq, Dlink, Linksys, USR) use the same Prism2 chipset, you can use a firmware update from ANY of them to update your card. I have used the SMC firmware update utility to upgrade both my SMC and USR cards.

NOTE: The Prism2 firmware update programs runs ONLY under Windows, so keep one windows box handy for this purpose. You MUST have the wireless drivers installed correctly under windows first in order to use the firmware update utility.

SECOND NOTE: Please beware, a wrong firmware upgrade can destroy you card, and I've received some reports that it doesn't work for some people. You were warned!

When you insert the card into your Linux laptop, you should see something this in your log files, the "ident" lines are the important ones: 

Jul 27 17:09:20 badmonkey cardmgr[329]: initializing socket 1
Jul 27 17:09:20 badmonkey cardmgr[329]: socket 1: Intersil PRISM2 Reference Design 11Mb/s WLAN Card
Jul 27 17:09:21 badmonkey cardmgr[329]: executing: 'modprobe prism2_cs'
Jul 27 17:09:21 badmonkey kernel: init_module: prism2_cs.o: 0.1.8-pre13 Loaded 
Jul 27 17:09:21 badmonkey kernel: init_module: dev_info is: prism2_cs 
Jul 27 17:09:21 badmonkey kernel: prism2_cs: index 0x01: Vcc 5.0, irq 5, io 0x0100-0x013f 
Jul 27 17:09:21 badmonkey kernel: ident: nic h/w: id=0x8002 1.0.0 
Jul 27 17:09:21 badmonkey kernel: ident: pri f/w: id=0x15 0.3.0 
Jul 27 17:09:21 badmonkey kernel: ident: sta f/w: id=0x1f 0.8.3 
Jul 27 17:09:21 badmonkey kernel: MFI:SUP:role=0x00:id=0x01:var=0x01:b/t=1/1 
Jul 27 17:09:21 badmonkey kernel: CFI:SUP:role=0x00:id=0x02:var=0x01:b/t=1/1 
Jul 27 17:09:21 badmonkey kernel: PRI:SUP:role=0x00:id=0x03:var=0x01:b/t=1/2 
Jul 27 17:09:21 badmonkey kernel: STA:SUP:role=0x00:id=0x04:var=0x01:b/t=1/6 
Jul 27 17:09:21 badmonkey kernel: PRI-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1
Jul 27 17:09:21 badmonkey kernel: STA-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1
Jul 27 17:09:21 badmonkey kernel: STA-MFI:ACT:role=0x01:id=0x01:var=0x01:b/t=1/1
Jul 27 17:09:21 badmonkey kernel: Prism2 card SN: 99SA01000000 
Jul 27 17:09:21 badmonkey cardmgr[329]: executing: './wlan-ng start wlan0'
Jul 27 17:09:21 badmonkey cardmgr[329]: + IBSS mode started.

If you don't have the right firmware for IBSS mode, you will see something like this, notice the cardmgr message that IBSS is not supported: 
Jul 25 18:40:18 badmonkey cardmgr[313]: initializing socket 1
Jul 25 18:40:18 badmonkey kernel: cs: memory probe 0xa0000000-0xa0ffffff: clean.
Jul 25 18:40:18 badmonkey cardmgr[313]: socket 1: Intersil PRISM2 Reference Design 11Mb/s WLAN Card
Jul 25 18:40:18 badmonkey cardmgr[313]: executing: 'modprobe prism2_cs'
Jul 25 18:40:18 badmonkey kernel: init_module: prism2_cs.o: 0.1.8-pre13 Loaded 
Jul 25 18:40:18 badmonkey kernel: init_module: dev_info is: prism2_cs 
Jul 25 18:40:18 badmonkey kernel: cs: IO port probe 0x0100-0x04ff: clean. 
Jul 25 18:40:18 badmonkey kernel: cs: IO port probe 0x0a00-0x0aff: clean. 
Jul 25 18:40:18 badmonkey kernel: cs: IO port probe 0x1000-0x17ff: clean. 
Jul 25 18:40:18 badmonkey kernel: prism2_cs: index 0x01: Vcc 5.0, irq 5, io 0x0100-0x013f 
Jul 25 18:40:18 badmonkey kernel: ident: nic h/w: id=0x8002 1.0.0 
Jul 25 18:40:18 badmonkey kernel: ident: pri f/w: id=0x15 0.3.0 
Jul 25 18:40:18 badmonkey kernel: ident: sta f/w: id=0x1f 0.7.6 
Jul 25 18:40:18 badmonkey kernel: MFI:SUP:role=0x00:id=0x01:var=0x01:b/t=1/1 
Jul 25 18:40:18 badmonkey kernel: CFI:SUP:role=0x00:id=0x02:var=0x01:b/t=1/1 
Jul 25 18:40:18 badmonkey kernel: PRI:SUP:role=0x00:id=0x03:var=0x01:b/t=1/2 
Jul 25 18:40:18 badmonkey kernel: STA:SUP:role=0x00:id=0x04:var=0x01:b/t=1/4 
Jul 25 18:40:18 badmonkey kernel: PRI-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1
Jul 25 18:40:18 badmonkey kernel: STA-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1
Jul 25 18:40:18 badmonkey kernel: STA-MFI:ACT:role=0x01:id=0x01:var=0x01:b/t=1/1
Jul 25 18:40:18 badmonkey kernel: Prism2 card SN: 99SA01000000 
Jul 25 18:40:18 badmonkey cardmgr[313]: executing: './wlan-ng start wlan0'
Jul 25 18:40:19 badmonkey cardmgr[313]: + IBSS not started, resultcode=not_supported
Jul 25 18:40:19 badmonkey cardmgr[313]: start cmd exited with status 1

Intersil Prism 2_5

I'm told that the latest wlng-ng drives support versions 2, 2.5, and 3.0 of the prism2 chipset, but I have not confirmed this myself.

Promiscuous mode support

NOTE: With the release of the 0.1.10 drivers, its no longer necessary to patch 0.1.8-pre13 with newsham's patches to get promiscuous mode support, its not built in. Its recommended that you use the 0.1.10 driver if you intend on using tools such as prismdump, and airsnort. Enabling promiscuous mode works the same way as outlined below (i.e. using wlanctl-ng).

On the old archives of the list, it was mentioned that the 0.1.6 verison of the driver still had "monitor" mode capabilities, but then were later removed in 0.1.7 and newer versions of the driver -- I'm not sure why.

With Tim Newsham's patches to 0.1.8-pre13, he re-enables the monitor mode, works like a champ, but apparently you can only sniff on one channel at a time.

After applying the patch and recompiling/reinstalling the driver, you can enable monitor mode on channel 11, for example, by doing the following: 

wlanctl-ng wlan0 lnxreq_wlansniff channel=11 enable=true
If successful, you should see a message like: 
message=lnxreq_wlansniff
  enable=true
  channel=11
  resultcode=success
If you get a resultcode=no_value, then something is wrong. Once you have got this working, you can then run prismdump to capture packets on the wlan0 interface. For some reason, I cannot get tcpdump/ethereal to show me the raw 802.11b in "realtime" as I can with the Aironet cards. As far as I can tell you are limited to using prismdump for captures.

WEP (encryption)

I have been able to use both 64 and 128-bit WEP to talk to a SMC2652W AP with no problems. I haven't yet figured out if I can set the value using wlancfg, I simply edited the /etc/pcmcia/wlan-ng.opts file to reflect my desired SSID, and WepKeys.

Access Point (AP) mode

Using the linux-wlan-ng-0.1.8-pre13-ap-2.2.tar.gz tarball above, I was able to get AP mode working! I haven't tried getting AP bridging mode working, but I simply used Linux ipmasquerading to route the wireless clients. 40 and 128-bit WEP works correctly. I'm not sure of the legal status of this code, I don't know who wrote it, or even who sent it to me (anonymous remailer). Don't ask me about it.

With debug=3, what I see in /var/log/messages: 

Aug 26 18:17:46 badmonkey cardmgr[1302]: initializing socket 1
Aug 26 18:17:46 badmonkey cardmgr[1302]: socket 1: SMC 2632W 11Mbps 802.11b WLAN Card
Aug 26 18:17:46 badmonkey cardmgr[1302]: executing: 'modprobe prism2_cs prism2_debug=3'
Aug 26 18:17:46 badmonkey kernel: init_module: prism2_cs.o: 0.1.8-pre12 Loaded 
Aug 26 18:17:46 badmonkey kernel: init_module: dev_info is: prism2_cs 
Aug 26 18:17:46 badmonkey kernel: prism2_cs: index 0x01: Vcc 5.0, irq 3, io 0x010 0-0x013f 
Aug 26 18:17:46 badmonkey cardmgr[1302]: executing: './wlan-ng start wlan0'
Aug 26 18:17:46 badmonkey kernel: ident: nic h/w: id=0x8002 1.0.0 
Aug 26 18:17:46 badmonkey kernel: ident: pri f/w: id=0x15 0.3.0 
Aug 26 18:17:46 badmonkey kernel: ident: sta f/w: id=0x1f 0.8.3 
Aug 26 18:17:46 badmonkey kernel: MFI:SUP:role=0x00:id=0x01:var=0x01:b/t=1/1 
Aug 26 18:17:46 badmonkey kernel: CFI:SUP:role=0x00:id=0x02:var=0x01:b/t=1/1 
Aug 26 18:17:46 badmonkey kernel: PRI:SUP:role=0x00:id=0x03:var=0x01:b/t=1/2 
Aug 26 18:17:46 badmonkey kernel: STA:SUP:role=0x00:id=0x04:var=0x01:b/t=1/6 
Aug 26 18:17:46 badmonkey kernel: PRI-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1 
Aug 26 18:17:46 badmonkey kernel: STA-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1 
Aug 26 18:17:46 badmonkey kernel: STA-MFI:ACT:role=0x01:id=0x01:var=0x01:b/t=1/1 
Aug 26 18:17:46 badmonkey kernel: Prism2 card SN: 99SA01000000 
Aug 26 18:17:46 badmonkey kernel: Writing 1024 bytes to ram @0x1f1800 
Aug 26 18:17:46 badmonkey kernel: Writing 1024 bytes to ram @0x1f1c00 
Aug 26 18:17:46 badmonkey kernel: Writing 1024 bytes to ram @0x1f2000 
Aug 26 18:17:46 badmonkey kernel: Writing 1024 bytes to ram @0x1f2400 
Aug 26 18:17:46 badmonkey kernel: Writing 1024 bytes to ram @0x1f2800 
Aug 26 18:17:46 badmonkey kernel: Writing 1024 bytes to ram @0x1f2c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f3000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f3400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f3800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f3c00 
Aug 26 18:17:47 badmonkey cardmgr[1302]: + Reading S-record file /etc/pcmcia/t100 03c7.hex...
Aug 26 18:17:47 badmonkey cardmgr[1302]: + prism2dl: finished.
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f4000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f4400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f4800 
Aug 26 18:17:47 badmonkey cardmgr[1302]: + WLAN AP mode started
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f4c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f5000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f5400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f5800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f5c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f6000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f6400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f6800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f6c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f7000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f7400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f7800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f7c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f8000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f8400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f8800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f8c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f9000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f9400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f9800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1f9c00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1fa000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1fa400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1fa800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1fac00 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1fb000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1fb400 
Aug 26 18:17:47 badmonkey kernel: Writing 2 bytes to ram @0x1fb800 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1ff000 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1ff400 
Aug 26 18:17:47 badmonkey kernel: Writing 1024 bytes to ram @0x1ff800 
Aug 26 18:17:47 badmonkey kernel: Writing 72 bytes to ram @0x1ffc00 
Aug 26 18:17:47 badmonkey kernel: ident: nic h/w: id=0x8002 1.0.0 
Aug 26 18:17:47 badmonkey kernel: ident: pri f/w: id=0x15 0.3.0 
Aug 26 18:17:47 badmonkey kernel: ident:  ap f/w: id=0x14b 0.3.7 
Aug 26 18:17:47 badmonkey kernel: MFI:SUP:role=0x00:id=0x01:var=0x01:b/t=1/1 
Aug 26 18:17:47 badmonkey kernel: CFI:SUP:role=0x00:id=0x02:var=0x01:b/t=1/1 
Aug 26 18:17:47 badmonkey kernel: PRI:SUP:role=0x00:id=0x03:var=0x01:b/t=1/2 
Aug 26 18:17:47 badmonkey kernel: AP:SUP:role=0x00:id=0x05:var=0x01:b/t=1/5 
Aug 26 18:17:47 badmonkey kernel: PRI-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1 
Aug 26 18:17:47 badmonkey kernel: STA-CFI:ACT:role=0x01:id=0x02:var=0x01:b/t=1/1 
Aug 26 18:17:47 badmonkey kernel: STA-MFI:ACT:role=0x01:id=0x01:var=0x01:b/t=1/1 
Aug 26 18:17:47 badmonkey kernel: Prism2 card SN: 99SA01000000 
Aug 26 18:17:47 badmonkey kernel: atimwindow not used in Infrastructure mode, ignored. 
Aug 26 18:17:47 badmonkey kernel: prism2mgmt_start: probedelay not supported in p rism2, ignored. 
Aug 26 18:17:47 badmonkey kernel: prism2mgmt_start: read(pcfinfo) failed, assume it's not supported, pcf settings ignored. 
Aug 26 18:17:50 badmonkey kernel: prism2sta_inf_assocstatus: assocstatus info frame received for non-authenticated station.

Assuming you have a Linux machine with 2 interfaces, one wired (eth0, network 192.168.1.0/24) and one wireless (wlan0 network 192.168.3.0/24), here is how to quickly set up an access point:

NotesCommand
Give your wlan0 an IP address, probably .1 
   /sbin/ifconfig wlan0 192.168.3.1 netmask 255.255.255.0
Setup simple ipchains masquerading rules. If you are using a kernel 2.4, you might need to modprobe ipchains. (I'm too lazy to figure out iptables right now). With kernel 2.2, ipchains is your only choice. 
   /sbin/modprobe ipchains
   /sbin/ipchains -M -S 7200 10 160
   /sbin/ipchains -P forward DENY
   /sbin/ipchains -A forward -i eth0 -s 192.168.3.0/24 -j MASQ
Enable ip_forwarding. 
   echo "1" > /proc/sys/net/ipv4/ip_forward
Setup a DHCP server for 192.168.3.0/24, listening on wlan0 My /etc/dhcpd.conf looks like: 
  subnet 192.168.3.0 netmask 255.255.255.0 {
        option routers                  192.168.3.1;
        option subnet-mask              255.255.255.0;
        option domain-name              "foobar.com";
        option domain-name-servers      192.168.1.2;
        option time-offset              -5;     # Eastern Standard Time
        range dynamic-bootp 192.168.3.2 192.168.3.255;
        default-lease-time 604800;
        max-lease-time 2592000;
  }
Please see the man pages of dhcpd for more information. Start your dhcpd like so: /usr/sbin/dhcpd wlan0.

Using this, along with an antenna mod for your card, or an external antenna, this might be a viable option for nycwireless.net folks. Check out the super-cool antenna modification for the SMC2632W at guerilla.net, link below.

Links