3Segment Network How to Orinoco Drivers

home

about

resources

overview

Network Status

HOW TO orinoco drivers

Linux Orinoco RFMON HOWTO

dragorn@kismetwireless.net

v1.0.2

April 01 2005

1. Introduction

There are several different Orinoco drivers circulating which act differently,

require different patches, and have different features.

Raw monitor mode/rfmon is a sniffing mode which allows the card to report

drivers from the 802.11 layer. Without this mode, sniffing is only possible

on the data layer of the associated network. Utilities like Kismet and

Airsnort require rfmon support for data capture and will not work without it.

2. Who this is for

This HOWTO is for anyone running Orinoco HermesI based cards in Linux, who

wants to use raw monitor mode sniffing (for example, with Kismet, Ethereal,

TCPDump, etc). If you're only interested in using your card for normal

mode, you don't need this.

3. What drivers (and patches) are there?

There is a plethora of different drivers, both standalone packages which build

driver modules outside of the kernel tree, and kernel mainline drivers which

are part of the kernel source itself.

3.1 Orinoco 0.13 standalone drivers

Type: Standalone

Kernel: 2.4.x

Site: http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13e.tar.gz

Patches: http://www.kismetwireless.net/download.shtml#orinoco

For 2.4 kernels, the 0.13e standalone driver release is the typical choice.

The 0.13 drivers don't support monitor mode natively, but patches are

available. The official 0.13 standalone release will NOT work with 2.6

kernels.

The patches add monitor support (Snax of the Shmoo group) and fix certian

broken behavior in the driver which leads to stuttering sound, serial data

corruption, and overall system lag during channel hopping (Dragorn)

3.2 Orinoco 0.13-26 standalone drivers

Type: Standalone

Kernel: 2.6.x

Site: http://www.kismetwireless.net/download.shtml#orinoco1326

Patches: Not required

An unofficial release for 2.6 kernels, the 0.13-26 package contains the

0.13e drivers with Linux 2.6.x compatability and the rfmon+fix patches

already applied. This is not a release by the Orinoco driver developers

nor do they support it.

Users who cannot or do not want to patch their 2.6 kernel sources can

use these standalone drivers.

3.3 Linux Kernel 2.6 < 2.6.9 builtin drivers

Type: In kernel source

Kernel: 2.6.x before 2.6.9

Site: n/a

Patches: http://www.kismetwireless.net/download.shtml#orinoco

The 2.6 kernel tree began to include the Orinoco 0.13e driver. Releases

earlier than 2.6.9 (ie, up to 2.6.8.1) include the same code as the

standalone 0.13 driver package, and use the same patches. Instructions

for applying the 0.13 patches available at:

http://www.kismetwireless.net/HOWTO-26_Orinoco_Rfmon.txt

Vendors often backport newer drivers into older kernel versions, if you

use a vendor customized kernel you may not have the drivers that match

this kernel version.

3.4 Linux Kernel 2.6.9 and 2.6.10

Type: In kernel source

Kernel: 2.6.9 - 2.6.10

Site: n/a

Patches: http://www.kismetwireless.net/download.shtml#orinoco269

As of kernel 2.6.9, the in-kernel Orinoco drivers are beginning to shift

towards the new codebase. Headers were changed, structures redefined or

moved, and other code shifts make the 0.13 standard driver patches

incompatible.

The 2.6.9 kernel patches apply to the base of the kernel source tree.

3.5 Linux Kernel 2.6.11

Type: In kernel source

Kernel: 2.6.11

Site: n/a

Patches: http://www.kismetwireless.net/download.shtml#orinoco2611

2.6.11 subtly changes the orinoco drivers, again.

The 2.6.11 kernel patches apply to the base of the kernel source tree.

3.6 Orinoco 0.15 standalone drivers

Type: Standalone

Kernel: 2.6.x

>Site: http://ozlabs.org/people/dgibson/dldwd/orinoco-0.15rc2.tar.gz

Patches: http://www.kismetwireless.net/download.shtml#orinoco15

The next generation of Orinoco drivers are the 0.15 source branch.

Destined to eventually become the mainstream kernel drivers, the 0.15

branch is a major rewrite which includes a modified monitor mode

without patching.

Unfortunately, the new monitor code subtly changes how packet data is

formatted, making it unusable with existing applications that expect

the previous format. The new driver structure also lacks per-packet

statistics for signal and noise. Because of monitor mode unreliability

on some firmware versions, the 0.15 drivers completely disable monitor

mode on newer firmwares.

The patches available on the kismetwireless.net site restore this

missing functionality.

3.7 WLAGS/Greenblaze drivers

Type: Patchset to pcmcia-cs

Kernel: 2.4.x

Site: http://www.agere.com/mobility/wireless_lan_drivers.html

Patches: None available

The wlags drivers from Proxim work with HermesI and more recent HermesII

cards. They compile only under 2.4 kernels, and do not include monitor mode

support. The wlags drivers use a volatile firmware load to initialize the

card and support adhoc and access point modes.

The wlags drivers are the only option for HermesII based cards.

4. Applying the patches

For drivers which need them, patch files are available as standard ``diff''

files. To apply these, use the ``patch'' command. When applying a patch,

it's a good idea to use the ``--dry-run'' option to patch. This applies the

patch without modifying any files. If there is a problem, you will not have

damaged the original files.

If the patches do not specify how to patch them, a typically safe test would

be to apply them at the top of the source tree with:

``patch -p1 --dry-run < /path/to/patch''

To apply a patch to the head of the kernel tree, go to your current kernel

source (typically /usr/src/linux-version) and use ``patch -p1''. Using

--dry-run is always recommended to test.

The patch WILL NOT be applied until you remove ``--dry-run'' from the command.

As always, see the man page on patch for more information about the command.

5. Installing

If you are installing a standalone driver package, first go into your modules

directory (typically /lib/modules/linux-version/) and remove all the kernel

versions of the module you're installing. Having two copies of the same

module will lead to significant confusion. Be sure to use ``lsmod'' and

``rmmod'' to remove any running versions of the modules. ``make install''

will install the modules from the standalone package. Reinitialize your card

if it is PCMCIA, or reload the modules with ``modprobe'' if it is PCI.

If you are reinstalling kernel modules, ``make modules modules_install'' will

compile the changed modules and install them. Use ``lsmod'' and ``rmmod'' to

remove running versions, and reinitialze your card (PCMCIA) or reload the

modules with ``modprobe'' (pci).

6. Picking a driver

Currently, the 0.13 driver chain seems to be the most stable and useful choice

for HermesI based cards. The 0.15 drivers have shown some instability in

monitor mode and don't work at all with many firmware versions.

The Orinoco drivers attempt to support Prism2 cards as well, but much better

functionality is available from HostAP (http://hostap.epitest.fi) and USB

support is available with WLAN-NG (http://linux-wlan.com). Prism2 specific

drivers should always be used for prism2 cards.

7. But I did all this, and it doesn't work

If you've applied all the patches and tools like Kismet still say unable to

enter monitor mode, or if ``iwpriv ethX'' doesn't show 'monitor' on the

0.13 drivers: You did it wrong.

Either you did not apply the patch, or you aren't running the drivers you

think you're running. Find all the old driver components in your

/lib/modules// directory:

orinoco.[k]o

hermes.[k]o

orinoco_cs.[k]o

orinoco_pci.[k]o

orinoco_plx.[k]o

orinoco_tmd.[k]o

2.6.x kernels use the extension '.ko' for modules. 2.4 kernels use the

extension '.o'. Make sure that no old copies of the modules are in diffrent

directories that might be loaded before the patched drivers.

Make sure you have removed the current running drivers using ``rmmod''.

Support . Contact 3Segment . Network . Site Map . Policies