[NCLUG] Re: orinoco monitor mode problems: ksoftirqd_CPU0 CPU consumption & kernel: eth0: Error -5 writing packet to BAP

[Anthony Earl]

In answer to my own question:

After finding the kismet forums at 
http://www.kismetwireless.net/forum.php that Google doesn't seem to 
find, there were a few short discussions there.  The one that worked for 
me was a note to say ensure DHCP is not used by the network card before 
you switch to monitor mode.  So I turned off pump (plus a number of 
other servers but I doubt they made the difference) and am now not 
seeing those BAP messages.

Ant.


Anthony Earl wrote:

> Hi,
>    I've searched Google and tried various things that I'll explain 
> below but I've reached a point where I can't find an answer.  My basic 
> problem is that I find the following happens when I enter monitor mode 
> (via iwpriv or airsnort):
>
> ksoftirqd_CPU0 starts to consume over 90% of the CPU usage and syslog 
> says:
>
> Jul 20 10:54:11 zoopia kernel: device eth0 entered promiscuous mode
> Jul 20 10:54:16 zoopia kernel: eth0: Error -5 writing packet to BAP
> Jul 20 10:54:47 zoopia last message repeated 22000 times
> Jul 20 10:55:48 zoopia last message repeated 43918 times
> Jul 20 10:56:49 zoopia last message repeated 43872 times
> Jul 20 10:57:50 zoopia last message repeated 43877 times
> Jul 20 10:58:51 zoopia last message repeated 42768 times
> etc.
>
> I'm presuming these symptoms are not a good thing.  I also guess (a 
> complete guess since I've not used it before) that is why airsnort 
> will collect several hundred thousand packets but then Segmentation 
> fault. 
> Any suggestions for what to try next would really be appreciated.
>
> I'm running Debian Testing with a 2.4.21 kernel on an HP Omnibook500 
> with a Lucent Orinico Gold card.  I have my chosen set of kernel 
> configs but the only patch upon the standard Debian kernel source is 
> the orinoco-0.13b-patched.diff 
> <http://airsnort.shmoo.com/orinoco-0.13b-patched.diff>.  I recently 
> made a set of config changes to support iptables but I'm not running 
> those explicitly during these activities.
>
> The Gold card was using the 7.28 firmware so I upgraded to the 7.52 
> having read the 9/25/02 update at 
> http://airsnort.shmoo.com/orinocoinfo.html. 
> Output from dmesg for loading the driver is:
> hermes.c: 4 Dec 2002 David Gibson <hermes at gibson.dropbear.id.au>
> orinoco.c 0.13b (David Gibson <hermes at gibson.dropbear.id.au> and others)
> orinoco_cs.c 0.13b (David Gibson <hermes at gibson.dropbear.id.au> and 
> others)
> eth0: Station identity 001f:0001:0007:0034
> eth0: Looks like a Lucent/Agere firmware version 7.52
> eth0: Ad-hoc demo mode supported
> eth0: IEEE standard IBSS ad-hoc mode supported
> eth0: WEP supported, 104-bit key
> eth0: MAC address 00:02:2D:52:8A:70
> eth0: Station name "HERMES I"
> eth0: ready
> eth0: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
> eth0: New link status: Connected (0001)
>
> Output from sudo iwpriv eth0 is:
> eth0      Available private ioctl :
>          force_reset      (8BE0) : set   0       & get   0     
>          card_reset       (8BE1) : set   0       & get   0     
>          set_port3        (8BE2) : set   1 int   & get   0     
>          get_port3        (8BE3) : set   0       & get   1 int 
>          set_preamble     (8BE4) : set   1 int   & get   0     
>          get_preamble     (8BE5) : set   0       & get   1 int 
>          set_ibssport     (8BE6) : set   1 int   & get   0     
>          get_ibssport     (8BE7) : set   0       & get   1 int 
>          monitor          (8BE8) : set   2 int   & get   0     
>          dump_recs        (8BFF) : set   0       & get   0 
> Thanks for your time,
>    Anthony.