ATTENTION: I'm not actively maintaining the patch or docs anymore for a various set of reasons (the cards are old, less common now, and trying to maintain a patch for every point-release and distro-modified kernel ceased to make sense. The docs are left here as pointers for the curious. http://www.projectiwear.org/~plasmahh/orinoco.html is an alternate set of patches which may be more up to date. Linux Orinoco RFMON HOWTO dragorn@kismetwireless.net v2.0 July 25 2006 1. Introduction There are several different Orinoco drivers circulating which act differently, require different patches, and have different features. Raw monitor mode/rfmon is a sniffing mode which allows the card to report drivers from the 802.11 layer. Without this mode, sniffing is only possible on the data layer of the associated network. Utilities like Kismet and Airsnort require rfmon support for data capture and will not work without it. 2. Who this is for This HOWTO is for anyone running Orinoco HermesI based cards in Linux, who wants to use raw monitor mode sniffing (for example, with Kismet, Ethereal, TCPDump, etc). If you're only interested in using your card for normal mode, you don't need this. 3. What drivers (and patches) are there? There is a plethora of different drivers, both standalone packages which build driver modules outside of the kernel tree, and kernel mainline drivers which are part of the kernel source itself. 3.1 Orinoco 0.13 standalone drivers Type: Standalone Kernel: 2.4.x Site: http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13e.tar.gz Patches: http://www.kismetwireless.net/download.shtml#orinoco For 2.4 kernels, the 0.13e standalone driver release is the typical choice. The 0.13 drivers don't support monitor mode natively, but patches are available. The official 0.13 standalone release will NOT work with 2.6 kernels. The patches add monitor support (Snax of the Shmoo group) and fix certian broken behavior in the driver which leads to stuttering sound, serial data corruption, and overall system lag during channel hopping (Dragorn) 3.2 Orinoco 0.13-26 standalone drivers Type: Standalone Kernel: 2.6.17+ Site: http://www.kismetwireless.net/download.shtml Patches: Not required An unofficial up-port of the 0.13e legacy drivers to modern kernels. 3.3 WLAGS/Greenblaze drivers Type: Patchset to pcmcia-cs Kernel: 2.4.x Site: http://www.agere.com/mobility/wireless_lan_drivers.html Patches: None available The wlags drivers from Proxim work with HermesI and more recent HermesII cards. They compile only under 2.4 kernels, and do not include monitor mode support. The wlags drivers use a volatile firmware load to initialize the card and support adhoc and access point modes. The wlags drivers are the only option for HermesII based cards. 4. Applying the patches For drivers which need them, patch files are available as standard ``diff'' files. To apply these, use the ``patch'' command. When applying a patch, it's a good idea to use the ``--dry-run'' option to patch. This applies the patch without modifying any files. If there is a problem, you will not have damaged the original files. If the patches do not specify how to patch them, a typically safe test would be to apply them at the top of the source tree with: ``patch -p1 --dry-run < /path/to/patch'' To apply a patch to the head of the kernel tree, go to your current kernel source (typically /usr/src/linux-version) and use ``patch -p1''. Using --dry-run is always recommended to test. The patch WILL NOT be applied until you remove ``--dry-run'' from the command. As always, see the man page on patch for more information about the command. 5. Installing If you are installing a standalone driver package, first go into your modules directory (typically /lib/modules/linux-version/) and remove all the kernel versions of the module you're installing. Having two copies of the same module will lead to significant confusion. Be sure to use ``lsmod'' and ``rmmod'' to remove any running versions of the modules. ``make install'' will install the modules from the standalone package. Reinitialize your card if it is PCMCIA, or reload the modules with ``modprobe'' if it is PCI. If you are reinstalling kernel modules, ``make modules modules_install'' will compile the changed modules and install them. Use ``lsmod'' and ``rmmod'' to remove running versions, and reinitialze your card (PCMCIA) or reload the modules with ``modprobe'' (pci). 6. Picking a driver Currently, the 0.13 driver chain seems to be the most stable and useful choice for HermesI based cards. The 0.15 drivers have shown some instability in monitor mode and don't work at all with many firmware versions. The Orinoco drivers attempt to support Prism2 cards as well, but much better functionality is available from HostAP (http://hostap.epitest.fi) and USB support is available with WLAN-NG (http://linux-wlan.com). Prism2 specific drivers should always be used for prism2 cards. 7. But I did all this, and it doesn't work If you've applied all the patches and tools like Kismet still say unable to enter monitor mode, or if ``iwpriv ethX'' doesn't show 'monitor' on the 0.13 drivers: You did it wrong. Either you did not apply the patch, or you aren't running the drivers you think you're running. Find all the old driver components in your /lib/modules// directory: orinoco.[k]o hermes.[k]o orinoco_cs.[k]o orinoco_pci.[k]o orinoco_plx.[k]o orinoco_tmd.[k]o 2.6.x kernels use the extension '.ko' for modules. 2.4 kernels use the extension '.o'. Make sure that no old copies of the modules are in diffrent directories that might be loaded before the patched drivers. Make sure you have removed the current running drivers using ``rmmod''.