aircrack-ng.tcz broken

[aanarchyy]

When I try to use aircrack-ng it keeps telling me
"mon0 is on channel -1, but the AP uses channel #"

Not sure if it makes any difference but I'm running this
installed on a DT166
hxxp://www.dtresearch.com/product/dt166/spec.htm#content
Using a Netgear N150 usb card.

[tinypoodle]

The title of this thread is an unfounded claim, as aircrack-ng (as a command per se) would not care about the presence of a wireless interface in the least...

Please consult documentation and wiki of aircrack-ng

[Rich]

Hi aanarchyy
As tinypoodle pointed out, you have not demonstrated that aircrack is broken. Please change the subject line
of your first post to something more appropriate. If you post the commands that you entered and the resulting
messages, someone may be able to help you.

[aanarchyy]

Here is why i say it is 'broken':

$ airmon-ng start wlan0   <-exits successfully, enables monitor mode on mon0
$ aireplay -9 mon0  <-  also exits successfully, reports "Injection is working!" and finds my AP
$ aireplay -1 60 -a XX:XX:XX:XX:XX:XX mon0 <- this is where i get the error previously stated
"mon0 is on channel -1, but the AP uses channel #"

I have replicated this error on three separate machines with two different cards on both core
plus and tinycore in both liveboot and hd installed environments.
Seeing as the package does not function as designed by the aircrack-ng team, i see it as broken.
By definition if something does not work as intended, it is broken.
But thanks for your... er... helpful reply tinypoodle. 
I have six of these units, all of which i intended to install tinycore on due to space restriction,
clearly I won't be getting much support from the forum so I guess I'll have to figure this one out
on my own.  Looks more to be a driver issue to me than an actual problem with aircrack-ng, but
until I've verified a fix, the subject remains.

I'll keep you updated if you want.

[Rich]

Hi aanarchyy

clearly I won't be getting much support from the forum

Your original post stated you got an error message, did not specify what led up to that message, and you
declared the program as being broken. I'm truly surprised no one was able to solve your problem.
Maybe this how-to is of some help:
http://ubuntuforums.org/showthread.php?t=528276
I notice they run the commands with root privileges.

[aanarchyy]

I apologize for not listing every single command I used to bring me to this issue,
but i am far from a linux newbie.  Normally I don't post to forums with issues I
have because i rarely if ever get help.  I can usually fix it myself or find a solution
somewhere, but seeing as i couldn't on this one yet, I posted in case someone else
had the same issue.  Clearly this is not the case.  Perhaps I am alone in this problem.

Anyway, I am in the process of rebuilding a few modules with some custom
patches I've found and a few tweaks of my own ;-)  This is specifically pertaining to
the "ath9k" portion.  Once I fix this, ill explain what i did and figure out how to submit
a fix to the project, even if im the first here i probably wont be the last.

[Rich]

Hi aanarchyy
If a forum member uses aircrack and has some information that may help you, they will post it.
I don't post answers based on a persons familiarity with Linux, rather, I try to write them so that all may benefit.
Even if the how-to I linked to does not help you, it may help someone who is new to aircrack that finds this thread.

[Rich]

Hi aanarchyy
If you use the   --ignore-negative-one   parameter as indicated here:
http://www.lokisec.com/?p=168
does the error go away?

[bmarkus]

@aanarchyy

Did you ask it on upsteram's and WLAN hackers forum? Would be better place than this one.

[tinypoodle]

Here is why i say it is 'broken':

$ airmon-ng start wlan0   <-exits successfully, enables monitor mode on mon0
$ aireplay -9 mon0  <-  also exits successfully, reports "Injection is working!" and finds my AP
$ aireplay -1 60 -a XX:XX:XX:XX:XX:XX mon0 <- this is where i get the error previously stated
"mon0 is on channel -1, but the AP uses channel #"

I have replicated this error on three separate machines with two different cards on both core
plus and tinycore in both liveboot and hd installed environments.
Seeing as the package does not function as designed by the aircrack-ng team, i see it as broken.
By definition if something does not work as intended, it is broken.

Upper error message does not look unexpectable in the least so far.
You appear to configure your radio to hopping monitor mode and then attempt authentication with
an AP...
In order to use 'aireplay-ng -1' you need to configure your radio to broadcast on the same channel
as the AP by stating channel in  'airmon-ng'.
What leaves me a bit puzzled is that you appear to run airmon-ng and aireplay-ng as non-privileged
user [$] which I would not expect to work...

Regarding drivers please use airdriver-ng.

[aanarchyy]

According to the airgrack-ng main webpage:
"If you are receiving an error message talking about channel -1, you either have to patch your driver like explained in the wiki or get the latest version of Aircrack-ng from our subversion repository and use the option --ignore-negative-one. You can find an installation guide also in the wiki."

So either the drivers need to get patched, or the package needs to be updated, the one in the tce repository doesn't have the --ignore-negative-one flag.  So the package isn't broken, merely out of date.

[bmarkus]

So the package isn't broken, merely out of date.

It is the current stable release, 1.1 in the repo. It is not outdated. As soon as a new stable release will be available it will be updated in TC repo.

[djca]

I have the same very strange problem airodump shows

fixed channel wlan0: -1

So if I try to use aireplay it is not working.

Also it seems that the program do not captures the stations packets.
I have tested aircrack on other linux live cd and it is working normally. Unforunatelly I am not sure where the problem is. Is it in the driver firmware or aircrack package itself.

Best Regards

[tinypoodle]

Compare the versions of airodump-ng and of the drivers in use (using "lsmod" and "modinfo").

[djca]

Ok this is the info I collected (first is tiny core):

Kernel:

Linux box 3.0.21-tinycore #3021 SMP Sat Feb 18 11:54:11 EET 2012 i686 GNU/Linux

Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux

modinfo zd1211rw

filename:       kernel.tclocal/drivers/net/wireless/zd1211rw/zd1211rw.ko.gz
description:    USB driver for devices with the ZD1211 chip.
author:         Daniel Drake
license:        GPL
vermagic:       3.0.21-tinycore SMP mod_unload 486
firmware:       zd1211/zd1211_uphr
firmware:       zd1211/zd1211_ub
firmware:       zd1211/zd1211_ur
depends:        mac80211,cfg80211

filename:       /lib/modules/3.2.6/kernel/drivers/net/wireless/zd1211rw/zd1211rw.ko
firmware:       zd1211/zd1211_uphr
firmware:       zd1211/zd1211b_uphr
firmware:       zd1211/zd1211_ub
firmware:       zd1211/zd1211b_ub
firmware:       zd1211/zd1211_ur
firmware:       zd1211/zd1211b_ur
version:        1.0
author:         Daniel Drake
author:         Ulrich Kunitz
description:    USB driver for devices with the ZD1211 chip.
license:        GPL
srcversion:     FE4511159B544FB37DA123F
depends:        mac80211,cfg80211
intree:         Y
vermagic:       3.2.6 SMP mod_unload CORE2

modinfo mac80211

filename:       kernel.tclocal/net/mac80211/mac80211.ko.gz
description:    IEEE 802.11 subsystem
license:        GPL
vermagic:       3.0.21-tinycore SMP mod_unload 486
parm:           probe_wait_ms:Maximum time(ms) to wait for probe response before disconnecting (reason 4).
parm:           max_probe_tries:Maximum probe tries before disconnecting (reason 4).
parm:           max_nullfunc_tries:Maximum nullfunc tx tries before disconnecting (reason 4).
parm:           ieee80211_default_rc_algo:Default rate control algorithm for mac80211 to use
depends:        cfg80211

filename:       /lib/modules/3.2.6/kernel/net/mac80211/mac80211.ko
license:        GPL
description:    IEEE 802.11 subsystem
srcversion:     2ED5CFAE03F0DD59BFC7C9E
depends:        cfg80211
intree:         Y
vermagic:       3.2.6 SMP mod_unload CORE2
parm:           ieee80211_default_rc_algo:Default rate control algorithm for mac80211 to use (charp)
parm:           max_nullfunc_tries:Maximum nullfunc tx tries before disconnecting (reason 4). (int)
parm:           max_probe_tries:Maximum probe tries before disconnecting (reason 4). (int)
parm:           probe_wait_ms:Maximum time(ms) to wait for probe response before disconnecting (reason 4). (int)

modinfo cfg80211

filename:       kernel.tclocal/net/wireless/cfg80211.ko.gz
description:    wireless configuration support
author:         Johannes Berg
license:        GPL
vermagic:       3.0.21-tinycore SMP mod_unload 486
parm:           cfg80211_disable_40mhz_24ghz:Disable 40MHz support in the 2.4GHz band
parm:           ieee80211_regdom:IEEE 802.11 regulatory domain code
depends:       

filename:       /lib/modules/3.2.6/kernel/net/wireless/cfg80211.ko
description:    wireless configuration support
license:        GPL
author:         Johannes Berg
srcversion:     C5E26F4D65CB61414E30045
depends:       
intree:         Y
vermagic:       3.2.6 SMP mod_unload CORE2
parm:           ieee80211_regdom:IEEE 802.11 regulatory domain code (charp)
parm:           cfg80211_disable_40mhz_24ghz:Disable 40MHz support in the 2.4GHz band (bool)

Aircrack version

  Airodump-ng 1.1 - (C) 2006-2010 Thomas d'Otreppe
  Original work: Christophe Devine
  http://www.aircrack-ng.org

  Airodump-ng 1.1 r2178 - (C) 2006-2010 Thomas d'Otreppe
  Original work: Christophe Devine
  http://www.aircrack-ng.org

Wireless tools

iwconfig  Wireless-Tools version 29
          Compatible with Wireless Extension v11 to v22.

Kernel    Currently compiled with Wireless Extension v22.

wlan0     Recommend Wireless Extension v21 or later,
          Currently compiled with Wireless Extension v22.

iwconfig  Wireless-Tools version 30
          Compatible with Wireless Extension v11 to v22.

Kernel    Currently compiled with Wireless Extension v22.

wlan0     Recommend Wireless Extension v21 or later,
          Currently compiled with Wireless Extension v22.


From what I see there is diference in the kernel and wireless tools versions.

Best Regards