Lack of broadcast probe request frames in monitor mode

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
user_4087271
Level 1
Level 1
First like given

Hello,

we're developing a standalone PcB to monitor WiFi devices based on the management frames they are sending out (Probe Requests mainly).

We currently using the BCM943362WCD4_EVB Dev Board (BCM943362 chip) with WICED Studio Version 6.2.1.2.

We're initiating monitor mode on the board and print the output as suggested in the sample application snip/packet_filter.

Here is a piece of the code:

static const wiced_packet_filter_t anti_beacon = {

        .id = 1,

        .rule = WICED_PACKET_FILTER_RULE_NEGATIVE_MATCHING, // Negative match

        .offset = 0,

        .mask_size = 1, // 2

        .mask         = (uint8_t*)"\xff",

        .pattern      = (uint8_t*)"\x80",

};

char filter_list[] = {1};

void application_start() {

    wiced_init();

    wwd_wifi_select_antenna (WICED_ANTENNA_1);

    /* Mission Complete, disable & uninstall filters */

    pktfilter_disable(filter_list, sizeof(filter_list));

    pktfilter_remove(filter_list, sizeof(filter_list));

    /* Filter settings */

    wiced_wifi_set_packet_filter_mode( WICED_PACKET_FILTER_MODE_FORWARD );

    wiced_wifi_add_packet_filter( &anti_beacon );

    /* Register callback for packets that match filters */

    wwd_wifi_set_raw_packet_processor(raw_packet_callback);

    memset(&workspace->sniff_complete, 0, sizeof(workspace->sniff_complete));

    wiced_rtos_init_semaphore(&workspace->sniff_complete);

    /* Enable Filters */

    pktfilter_enable(filter_list, sizeof(filter_list));

    /* Display current filter settings */

    print_packet_filter_list();

    /* Demonstrate filters are all zeros to start. */

    pktfilter_stats(filter_list, sizeof(filter_list));

    /* Enable monitor mode so we will recieve the packets */

    wwd_wifi_set_channel( WICED_STA_INTERFACE, 6); //

    wwd_wifi_enable_monitor_mode();

//    /* Collect packets for 5 seconds. */

    wiced_rtos_get_semaphore(&workspace->sniff_complete, 50 * 1000);

//

//    /* Done sniffing.  Disable monitor mode */

    wwd_wifi_disable_monitor_mode();

//

//    /* Show number of hits.  Note that even without monitor mode the stats will still show number of matches. */

    pktfilter_stats(filter_list, sizeof(filter_list));

//

//    /* Deregister our callback routine */

    wwd_wifi_set_raw_packet_processor( NULL);

//

//    /* Mission Complete, disable & uninstall filters */

    pktfilter_disable(filter_list, sizeof(filter_list));

    pktfilter_remove(filter_list, sizeof(filter_list));

//

    wiced_rtos_deinit_semaphore(&workspace->sniff_complete);

}

We're receiving beacon frames, probe responses and other frames just fine, but we're not getting any Probe Requests sent to the broadcast address (receiver address and bssid set to ff:ff:ff:ff:ff:ff). Probe requests sent to any other Destination/BSSID are being received and displayed correctly.

Specifically, any frames with a receiver address starting with 'ff' (e.g. 'ff:aa:aa:aa:aa:aa) seem to be discarded and are not passed to the callback function. Probe requests sent to any other Receiver Address (e.g. 'fa:aa:aa:aa:aa:aa') are being received and displayed correctly.

We also try to get this working, without any packet filter on a less frequented channel, there where also no or less Probe Request Frames.

At the next point, we compare the output of the Dev Board Chip with an ESP6288 with a filter on probe requests - the ESP collect all of them.

Is there a configuration option/flag we have to set to receive Probe Requests sent to broadcast addresses (the VAST majority of probe requests), is this a limitation inposed by WICED or could this be a limitation from the chipset?

Thanks in advance for any help.

0 Likes
1 Solution
lock attach
Attachments are accessible only for community members.

Hello:

please use the firmware attached from 6.1 version, I just verified it in 43362WCD4 board.

View solution in original post

7 Replies