walts Posted November 20, 2008 Posted November 20, 2008 OK now I have 2.1 running..... Maybe my first impression was wrong - I thought the Fon was now set up as a MITM for unsecured networks; that it would answer "Here I am" to any broadcasts seeking an unsecured AP and insert itself between the client and the AP. I don't seem to be seeing that on the "Connected Clients" display. Maybe my question is answered in the log... I'm seeing a lot of DHCP entries in the log, but the last line in the log display is always "The IP address doesn't look like an IP address, aborting" (sic) Is this a misconfiguration of some sort? Where should I be looking for answers? TIA Walt Quote
digininja Posted November 20, 2008 Posted November 20, 2008 That error message is when you do a port scan and the device doesn't have an ip address yet. Are you manually running a portscan on the clients or have you done a symlink between the portscan module and the rc.assoc directory? Quote
walts Posted November 21, 2008 Author Posted November 21, 2008 That error message is when you do a port scan and the device doesn't have an ip address yet. Are you manually running a portscan on the clients or have you done a symlink between the portscan module and the rc.assoc directory? Neither - the Fon is just sitting on the desk, with the Ethernet cable connected to the pc running a web browser monitoring the status display. I think I need more instruction on setup and use. Is there a wiki somewhere that I'm missing? All I have found so far is the installation wiki and the Hak5 episode that discussed Jasager in the first place. Walt Quote
digininja Posted November 21, 2008 Posted November 21, 2008 You've found it all. The error you report is generated by the portscan script. That is sym-linked to the rc.dhcp directory in a default install, that is why it is being called. It may be that the script is trying to run slightly faster than the dhcp server is actually giving out the ip address, even though it is sending to the log that it has issued the address. To debug this, delete the S01portscan symlink in /karma/etc/rc.dhcp and create a symlink from ../../scripts/echo.rb to S01echo . This will then trigger the echo script when a dhcp address is given which will then display the info passed to it. Have a look at the ip field and see what it says. Quote
walts Posted November 25, 2008 Author Posted November 25, 2008 To debug this, delete the S01portscan symlink in /karma/etc/rc.dhcp and create a symlink from ../../scripts/echo.rb to S01echo . This will then trigger the echo script when a dhcp address is given which will then display the info passed to it. Have a look at the ip field and see what it says. OK I've done as you suggested. Here's a recent log - I don't see anything "wrong" with the IP addresses. root@OpenWrt:~# cat status.log Jan 1 00:01:37: Adding the following ssid to the list ["OpenWrt"] Jan 1 00:02:04: Node [00:19:4f:d5:6a:57] associating to ssid ["linksys"] Jan 1 00:02:08: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57 Jan 1 00:02:08: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Jan 1 00:02:08: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57 Jan 1 00:02:08: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Jan 1 00:02:08: DHCPREQUEST(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Jan 1 00:02:08: DHCPACK(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Nokia-N800-23-14 Jan 1 00:15:24: DHCPREQUEST(br-lan) 192.168.1.247 00:16:cb:a0:29:96 Jan 1 00:15:26: DHCPREQUEST(br-lan) 192.168.1.247 00:16:cb:a0:29:96 Jan 1 00:15:29: DHCPREQUEST(br-lan) 192.168.1.247 00:16:cb:a0:29:96 Jan 1 00:15:32: DHCPDISCOVER(br-lan) 00:16:cb:a0:29:96 Jan 1 00:15:32: DHCPOFFER(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:15:32: DHCPDISCOVER(br-lan) 00:16:cb:a0:29:96 Jan 1 00:15:32: DHCPOFFER(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:15:33: DHCPREQUEST(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:15:33: DHCPACK(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:20:17: DHCPREQUEST(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:20:17: DHCPACK(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:26:32: Node [00:0e:7f:b6:81:e3] associating to ssid ["City of Boca - Guest"] Jan 1 00:26:33: DHCPREQUEST(br-lan) 192.168.1.48 00:0e:7f:b6:81:e3 Jan 1 00:26:34: DHCPREQUEST(br-lan) 192.168.1.48 00:0e:7f:b6:81:e3 Jan 1 00:26:37: DHCPDISCOVER(br-lan) 00:0e:7f:b6:81:e3 Jan 1 00:26:37: DHCPOFFER(br-lan) 192.168.0.197 00:0e:7f:b6:81:e3 Jan 1 00:26:37: DHCPDISCOVER(br-lan) 00:0e:7f:b6:81:e3 Jan 1 00:26:37: DHCPOFFER(br-lan) 192.168.0.197 00:0e:7f:b6:81:e3 Jan 1 00:26:37: DHCPDISCOVER(br-lan) 00:0e:7f:b6:81:e3 Jan 1 00:26:37: DHCPOFFER(br-lan) 192.168.0.197 00:0e:7f:b6:81:e3 Jan 1 00:29:04: ssid ["OpenWrt"] found in blacklist so rejecting Jan 1 00:29:04: ssid ["OpenWrt"] found in blacklist so rejecting Jan 1 00:29:04: ssid ["OpenWrt"] found in blacklist so rejecting Jan 1 00:29:06: ssid ["OpenWrt"] found in blacklist so rejecting Jan 1 00:42:06: DHCPREQUEST(br-lan) 192.168.0.247 00:16:cb:a0:29:96 Jan 1 00:42:06: DHCPACK(br-lan) 192.168.0.247 00:16:cb:a0:29:96 root@OpenWrt:~# Walt Quote
digininja Posted November 26, 2008 Posted November 26, 2008 Try manually running the echo command from the dropdown once a client has associated. That should output the echo stuff to the log. Tail it and see what you get. If you are a coder you can also get the portscan to dump out parameter 3, the IP address to see what it is getting when it thinks it isn't getting an IP address. Quote
walts Posted November 26, 2008 Author Posted November 26, 2008 Try manually running the echo command from the dropdown once a client has associated. That should output the echo stuff to the log. Tail it and see what you get. If you are a coder you can also get the portscan to dump out parameter 3, the IP address to see what it is getting when it thinks it isn't getting an IP address. OK some more information. Running echo with a client associated gave "Jan 01 16:45:22 Echo Script, echoing .... Echo done" I added ip to the error message about the bad ip address, but have not yet triggered the error. I ran the postscan command with ./ portscan.rb foo bar 192.168.0.216 and it ran normally. I see what ARGV[0] does (but I don't know why) I can't find where ARGV[1] is used I don't understand what triggers the portscan script in the first place - does it run automatically when a client associates? Thanks for all the help! Walt Quote
digininja Posted November 26, 2008 Posted November 26, 2008 ARGV[0] is the first argument ARGV[1] isn't used ARGV[2] is the ip address The script is triggered by it being sym-linked into the rc.dhcp directory. When a client gets a dhcp address all files in that directory starting with an S are executed in numeric order. Quote
walts Posted November 26, 2008 Author Posted November 26, 2008 Thanks! I'm learning a lot about how this guy works - it's a really nice implementation. Right now my main hangup is getting a link out to the Internet. Probably after the upcoming long weekend i will have a fresh outlook and can make some more progress. You have been very helpful - thanks :D Walt Quote
walts Posted December 1, 2008 Author Posted December 1, 2008 Happy to help. I'm back at this after a couple of days. I did as you suggested, and the echo script gave the correct Mac and IP addresses. Now I want to add the postscan script back, but if I enter ln -s ../../scripts/portscan.rb S01portscan the portscan sript does not run. If I try to run it via the symlink immediately after the client associates, I get the "Not enough Parameters" message from portscan. Am I doing something wrong with the way I am setting up the symlink? Also, do ALL of the scripts in the rc.dhcp directory get executed? If so, in what order? Walt Quote
digininja Posted December 2, 2008 Posted December 2, 2008 I'm back at this after a couple of days. I did as you suggested, and the echo script gave the correct Mac and IP addresses. Now I want to add the postscan script back, but if I enter ln -s ../../scripts/portscan.rb S01portscan the portscan sript does not run. If I try to run it via the symlink immediately after the client associates, I get the "Not enough Parameters" message from portscan. Am I doing something wrong with the way I am setting up the symlink? The symlink looks ok, I assume that you've got the directories right and the traversal is correct. All the scripts expect the parameters to be MAC, SSID, IP , so, if you want to call it from the command line you can pass it anything for the first two values then the IP for the last one. Watch out, it does take quite a while to run as by default it scans 1-8192 ports. To see if it is running just run top on the fon, you should see the activity. Also, do ALL of the scripts in the rc.dhcp directory get executed? If so, in what order? They are the same as init scripts so get executed in numeric order. Quote
walts Posted December 5, 2008 Author Posted December 5, 2008 I'm still having trouble with the portscan script. In /karma/etc/rc.dhcp I have 2 files - S01something (which looks like a shell script) and S01portscan (symlink to ../../scripts/portscan.rb) If I enter ./S01portscan foo bar 192.168.0.216 at the command line it works, but when 192.168.0.216 authenticates to the AP it does not. If I do as you suggested, deleting S01portscan and adding S01echo, then the echo script runs upon authentication. I'm not real good at Linux - is there something with file permissions that could be messing this up? I don't see any error messages at the terminal or in the log, I'm stumped. Walt Quote
digininja Posted December 5, 2008 Posted December 5, 2008 Get rid of the S01something, that was testing on the original scripts system and just wrote to a file to prove it been executed. Be careful mixing the states up, there is association and dhcp, not authentication. You want the portscan to run on dhcp as that is when it gets its IP adress. If you link both echo and portscan in to the rc.dhcp directory and then get a dhcp address, what is the output from echo? Do the values in the fields tie up with what the labels say? Quote
walts Posted December 5, 2008 Author Posted December 5, 2008 Point taken - I meant association, not authentication. OK I guess I really need to figure out in more depth what is happening here. Is there any write-up that you can point me to, that discussed the interactions among the different ports on the Jasager? ifconfig shows four, not counting lo: Ath0 and wifi0 share the same mac address - which I assume to be the 802.11 interface br-lan and etho share the same mac address - which I assume to the the wired ethernet port. With the Jasager turned on and the ethernet cable connected to my laptop I get the following log: root@OpenWrt:~# cat ~/status.log Jan 1 00:01:04: DHCPDISCOVER(br-lan) 10.100.3.91 00:09:6b:d0:9a:35 Jan 1 00:01:04: DHCPOFFER(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 Jan 1 00:01:04: DHCPREQUEST(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 Jan 1 00:01:04: DHCPACK(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 exp-t6100 Jan 1 00:10:54: DHCPACK(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 exp-t6100 Jan 1 00:10:58: DHCPACK(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 exp-t6100 Jan 1 00:11:24: Adding the following ssid to the list ["OpenWrt"] Jan 1 00:12:32: Node [00:19:4f:d5:6a:57] associating to ssid ["linksys"] Jan 1 00:12:36: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57 Jan 1 00:12:36: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Jan 1 00:12:36: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57 Jan 1 00:12:36: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Jan 1 00:12:36: DHCPREQUEST(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Jan 1 00:12:36: DHCPACK(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Nokia-N800-23-14 Jan 01 00:12:39: Echo script, echoing.... MAC address=00:19:4f:d5:6a:57 SSID=192.168.0.216 Echo done root@OpenWrt:~# ls /karma/etc/rc.dhcp -l lrwxrwxrwx 1 root root 25 Dec 5 2008 S01portscan -> ../../scripts/portscan.rb lrwxrwxrwx 1 root root 21 Dec 5 2008 S02echo -> ../../scripts/echo.rb root@OpenWrt:~# ls /karma/scripts -l -rwxr-xr-x 1 root root 565 Jan 1 00:05 echo.rb -rwxr-xr-x 1 root root 1572 Jan 1 2000 portscan.rb root@OpenWrt:~# 10.100.3.91 was the IP address the ethernet port on my laptop had a few minutes previously, when it was plugged in to my LAN. It looks like a connection was established with my laptop (exp-t6100). Then I opened the web interface and added "OpenWrt" to the list of forbidden SSIDs, turned Karma on, and told my Nokia=N800 to associate with "linksys", which it did, getting the IP address 192.168.0.216. I don't understand why the DHCP transactions used "br-lan" - I thought that was the wired ethernet port! At this point the "echo" script seems to have run, but not the "portscan" script. I waited a full 5 minutes before going on. Here also are directory listings of the two script directories. I'm not looking for a free ride here, just some advice as to how to diagnose and cure this issue, at the level of a Linux amateur but fairly advanced in Windows and Networking. TIA Walt Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.