Jump to content

Operating Questions


walts
 Share

Recommended Posts

OK now I have 2.1 running.....

Maybe my first impression was wrong - I thought the Fon was now set up as a MITM for unsecured networks; that it would answer "Here I am" to any broadcasts seeking an unsecured AP and insert itself between the client and the AP. I don't seem to be seeing that on the "Connected Clients" display.

Maybe my question is answered in the log... I'm seeing a lot of DHCP entries in the log, but the last line in the log display is always "The IP address doesn't look like an IP address, aborting" (sic)

Is this a misconfiguration of some sort? Where should I be looking for answers?

TIA

Walt

Link to comment
Share on other sites

That error message is when you do a port scan and the device doesn't have an ip address yet. Are you manually running a portscan on the clients or have you done a symlink between the portscan module and the rc.assoc directory?

Link to comment
Share on other sites

That error message is when you do a port scan and the device doesn't have an ip address yet. Are you manually running a portscan on the clients or have you done a symlink between the portscan module and the rc.assoc directory?

Neither - the Fon is just sitting on the desk, with the Ethernet cable connected to the pc running a web browser monitoring the status display.

I think I need more instruction on setup and use. Is there a wiki somewhere that I'm missing? All I have found so far is the installation wiki and the Hak5 episode that discussed Jasager in the first place.

Walt

Link to comment
Share on other sites

You've found it all.

The error you report is generated by the portscan script. That is sym-linked to the rc.dhcp directory in a default install, that is why it is being called. It may be that the script is trying to run slightly faster than the dhcp server is actually giving out the ip address, even though it is sending to the log that it has issued the address.

To debug this, delete the S01portscan symlink in /karma/etc/rc.dhcp and create a symlink from ../../scripts/echo.rb to S01echo . This will then trigger the echo script when a dhcp address is given which will then display the info passed to it. Have a look at the ip field and see what it says.

Link to comment
Share on other sites

To debug this, delete the S01portscan symlink in /karma/etc/rc.dhcp and create a symlink from ../../scripts/echo.rb to S01echo . This will then trigger the echo script when a dhcp address is given which will then display the info passed to it. Have a look at the ip field and see what it says.

OK I've done as you suggested. Here's a recent log - I don't see anything "wrong" with the IP addresses.

root@OpenWrt:~# cat status.log
Jan  1 00:01:37: Adding the following ssid to the list ["OpenWrt"]
Jan  1 00:02:04: Node [00:19:4f:d5:6a:57] associating to ssid ["linksys"]
Jan  1 00:02:08: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57 
Jan  1 00:02:08: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 
Jan  1 00:02:08: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57 
Jan  1 00:02:08: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 
Jan  1 00:02:08: DHCPREQUEST(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 
Jan  1 00:02:08: DHCPACK(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Nokia-N800-23-14
Jan  1 00:15:24: DHCPREQUEST(br-lan) 192.168.1.247 00:16:cb:a0:29:96 
Jan  1 00:15:26: DHCPREQUEST(br-lan) 192.168.1.247 00:16:cb:a0:29:96 
Jan  1 00:15:29: DHCPREQUEST(br-lan) 192.168.1.247 00:16:cb:a0:29:96 
Jan  1 00:15:32: DHCPDISCOVER(br-lan) 00:16:cb:a0:29:96 
Jan  1 00:15:32: DHCPOFFER(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:15:32: DHCPDISCOVER(br-lan) 00:16:cb:a0:29:96 
Jan  1 00:15:32: DHCPOFFER(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:15:33: DHCPREQUEST(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:15:33: DHCPACK(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:20:17: DHCPREQUEST(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:20:17: DHCPACK(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:26:32: Node [00:0e:7f:b6:81:e3] associating to ssid ["City of Boca - Guest"]
Jan  1 00:26:33: DHCPREQUEST(br-lan) 192.168.1.48 00:0e:7f:b6:81:e3 
Jan  1 00:26:34: DHCPREQUEST(br-lan) 192.168.1.48 00:0e:7f:b6:81:e3 
Jan  1 00:26:37: DHCPDISCOVER(br-lan) 00:0e:7f:b6:81:e3 
Jan  1 00:26:37: DHCPOFFER(br-lan) 192.168.0.197 00:0e:7f:b6:81:e3 
Jan  1 00:26:37: DHCPDISCOVER(br-lan) 00:0e:7f:b6:81:e3 
Jan  1 00:26:37: DHCPOFFER(br-lan) 192.168.0.197 00:0e:7f:b6:81:e3 
Jan  1 00:26:37: DHCPDISCOVER(br-lan) 00:0e:7f:b6:81:e3 
Jan  1 00:26:37: DHCPOFFER(br-lan) 192.168.0.197 00:0e:7f:b6:81:e3 
Jan  1 00:29:04: ssid ["OpenWrt"] found in blacklist so rejecting
Jan  1 00:29:04: ssid ["OpenWrt"] found in blacklist so rejecting
Jan  1 00:29:04: ssid ["OpenWrt"] found in blacklist so rejecting
Jan  1 00:29:06: ssid ["OpenWrt"] found in blacklist so rejecting
Jan  1 00:42:06: DHCPREQUEST(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
Jan  1 00:42:06: DHCPACK(br-lan) 192.168.0.247 00:16:cb:a0:29:96 
root@OpenWrt:~#

Walt

Link to comment
Share on other sites

Try manually running the echo command from the dropdown once a client has associated. That should output the echo stuff to the log. Tail it and see what you get.

If you are a coder you can also get the portscan to dump out parameter 3, the IP address to see what it is getting when it thinks it isn't getting an IP address.

Link to comment
Share on other sites

Try manually running the echo command from the dropdown once a client has associated. That should output the echo stuff to the log. Tail it and see what you get.

If you are a coder you can also get the portscan to dump out parameter 3, the IP address to see what it is getting when it thinks it isn't getting an IP address.

OK some more information.

Running echo with a client associated gave

"Jan 01 16:45:22 Echo Script, echoing ....

Echo done"

I added ip to the error message about the bad ip address, but have not yet triggered the error.

I ran the postscan command with

./ portscan.rb foo bar 192.168.0.216

and it ran normally.

I see what ARGV[0] does (but I don't know why)

I can't find where ARGV[1] is used

I don't understand what triggers the portscan script in the first place - does it run automatically when a client associates?

Thanks for all the help!

Walt

Link to comment
Share on other sites

ARGV[0] is the first argument

ARGV[1] isn't used

ARGV[2] is the ip address

The script is triggered by it being sym-linked into the rc.dhcp directory. When a client gets a dhcp address all files in that directory starting with an S are executed in numeric order.

Link to comment
Share on other sites

Thanks!

I'm learning a lot about how this guy works - it's a really nice implementation. Right now my main hangup is getting a link out to the Internet. Probably after the upcoming long weekend i will have a fresh outlook and can make some more progress.

You have been very helpful - thanks :D

Walt

Link to comment
Share on other sites

Happy to help.

I'm back at this after a couple of days.

I did as you suggested, and the echo script gave the correct Mac and IP addresses. Now I want to add the postscan script back, but if I enter

ln -s ../../scripts/portscan.rb S01portscan

the portscan sript does not run. If I try to run it via the symlink immediately after the client associates, I get the "Not enough Parameters" message from portscan. Am I doing something wrong with the way I am setting up the symlink?

Also, do ALL of the scripts in the rc.dhcp directory get executed? If so, in what order?

Walt

Link to comment
Share on other sites

I'm back at this after a couple of days.

I did as you suggested, and the echo script gave the correct Mac and IP addresses. Now I want to add the postscan script back, but if I enter

ln -s ../../scripts/portscan.rb S01portscan

the portscan sript does not run. If I try to run it via the symlink immediately after the client associates, I get the "Not enough Parameters" message from portscan. Am I doing something wrong with the way I am setting up the symlink?

The symlink looks ok, I assume that you've got the directories right and the traversal is correct.

All the scripts expect the parameters to be MAC, SSID, IP , so, if you want to call it from the command line you can pass it anything for the first two values then the IP for the last one.

Watch out, it does take quite a while to run as by default it scans 1-8192 ports. To see if it is running just run top on the fon, you should see the activity.

Also, do ALL of the scripts in the rc.dhcp directory get executed? If so, in what order?

They are the same as init scripts so get executed in numeric order.

Link to comment
Share on other sites

I'm still having trouble with the portscan script.

In /karma/etc/rc.dhcp I have 2 files - S01something (which looks like a shell script) and S01portscan (symlink to ../../scripts/portscan.rb)

If I enter

./S01portscan foo bar 192.168.0.216

at the command line it works, but when 192.168.0.216 authenticates to the AP it does not.

If I do as you suggested, deleting S01portscan and adding S01echo, then the echo script runs upon authentication.

I'm not real good at Linux - is there something with file permissions that could be messing this up? I don't see any error messages at the terminal or in the log, I'm stumped.

Walt

Link to comment
Share on other sites

Get rid of the S01something, that was testing on the original scripts system and just wrote to a file to prove it been executed.

Be careful mixing the states up, there is association and dhcp, not authentication. You want the portscan to run on dhcp as that is when it gets its IP adress.

If you link both echo and portscan in to the rc.dhcp directory and then get a dhcp address, what is the output from echo? Do the values in the fields tie up with what the labels say?

Link to comment
Share on other sites

Point taken - I meant association, not authentication.

OK I guess I really need to figure out in more depth what is happening here. Is there any write-up that you can point me to, that discussed the interactions among the different ports on the Jasager? ifconfig shows four, not counting lo:

Ath0 and wifi0 share the same mac address - which I assume to be the 802.11 interface

br-lan and etho share the same mac address - which I assume to the the wired ethernet port.

With the Jasager turned on and the ethernet cable connected to my laptop I get the following log:

root@OpenWrt:~# cat ~/status.log
Jan  1 00:01:04: DHCPDISCOVER(br-lan) 10.100.3.91 00:09:6b:d0:9a:35
Jan  1 00:01:04: DHCPOFFER(br-lan) 192.168.0.219 00:09:6b:d0:9a:35
Jan  1 00:01:04: DHCPREQUEST(br-lan) 192.168.0.219 00:09:6b:d0:9a:35
Jan  1 00:01:04: DHCPACK(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 exp-t6100
Jan  1 00:10:54: DHCPACK(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 exp-t6100
Jan  1 00:10:58: DHCPACK(br-lan) 192.168.0.219 00:09:6b:d0:9a:35 exp-t6100
Jan  1 00:11:24: Adding the following ssid to the list ["OpenWrt"]
Jan  1 00:12:32: Node [00:19:4f:d5:6a:57] associating to ssid ["linksys"]
Jan  1 00:12:36: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57
Jan  1 00:12:36: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57
Jan  1 00:12:36: DHCPDISCOVER(br-lan) 00:19:4f:d5:6a:57
Jan  1 00:12:36: DHCPOFFER(br-lan) 192.168.0.216 00:19:4f:d5:6a:57
Jan  1 00:12:36: DHCPREQUEST(br-lan) 192.168.0.216 00:19:4f:d5:6a:57
Jan  1 00:12:36: DHCPACK(br-lan) 192.168.0.216 00:19:4f:d5:6a:57 Nokia-N800-23-14
Jan 01 00:12:39: Echo script, echoing....
MAC address=00:19:4f:d5:6a:57
SSID=192.168.0.216
Echo done
root@OpenWrt:~# ls /karma/etc/rc.dhcp -l
lrwxrwxrwx    1 root     root           25 Dec  5  2008 S01portscan -> ../../scripts/portscan.rb
lrwxrwxrwx    1 root     root           21 Dec  5  2008 S02echo -> ../../scripts/echo.rb
root@OpenWrt:~# ls /karma/scripts -l
-rwxr-xr-x    1 root     root          565 Jan  1 00:05 echo.rb
-rwxr-xr-x    1 root     root         1572 Jan  1  2000 portscan.rb
root@OpenWrt:~#

10.100.3.91 was the IP address the ethernet port on my laptop had a few minutes previously, when it was plugged in to my LAN.

It looks like a connection was established with my laptop (exp-t6100). Then I opened the web interface and added "OpenWrt" to the list of forbidden SSIDs, turned Karma on, and told my Nokia=N800 to associate with "linksys", which it did, getting the IP address 192.168.0.216.

I don't understand why the DHCP transactions used "br-lan" - I thought that was the wired ethernet port!

At this point the "echo" script seems to have run, but not the "portscan" script. I waited a full 5 minutes before going on.

Here also are directory listings of the two script directories.

I'm not looking for a free ride here, just some advice as to how to diagnose and cure this issue, at the level of a Linux amateur but fairly advanced in Windows and Networking.

TIA

Walt

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...