Packetwatch.net
Home Contact Research Papers Guides Pen-Testing Resources Site Map

Wireless in FreeBSD



Last modified: Jun. 13, 2009

Contents
1 - Summary
2 - Kernel options
3 - Plug in wireless card
4 - Wireless commands
5 - WEP network configuration
6 - WPA2-Personal (WPA-PSK) network configuration


1 - Summary

This guide will show how to get wireless working in FreeBSD. For this guide to
work you will need to have your wireless network card installed. The card I
have is a Cisco Aironet CardBus card (CB21AG). This has been tested in FreeBSD
7.0 and 7.1.


2 - Kernel options

You will need to have the following options in your kernel.
  device          wlan                    # 802.11 support
  device          wlan_wep                # 802.11 WEP support
  device          wlan_ccmp               # 802.11 CCMP support
  device          wlan_tkip               # 802.11 TKIP support
  device          wlan_amrr               # AMRR transmit rate control algorithm
  device          wlan_scan_ap            # 802.11 AP mode scanning
  device          wlan_scan_sta           # 802.11 STA mode scanning
  device          ath                     # Atheros pci/cardbus NIC's
  device          ath_hal                 # Atheros HAL (Hardware Access Layer)
  device          ath_rate_sample         # SampleRate tx rate control for ath
If you didn't already have them in your kernel you will need to reboot before
using the wireless card.


3 - Plug in wireless card

Log in with the normal user account. Plug in the wireless card into the
computer and check to make sure it was detected properly.
# dmesg | tail -n 5
ath0: Atheros 5212 mem 0xf6010000-0xf601ffff irq 16 at device 0.0 on cardbus0
ath0: [ITHREAD]
ath0: WARNING: using obsoleted if_watchdog interface
ath0: Ethernet address: 00:40:96:af:20:70
ath0: mac 5.9 phy 4.3 radio 3.6


4 - Wireless commands

You can display the capabilities of your wireless card by typing the
following.
# ifconfig ath0 list caps
ath0=6783ed4f WEP,TKIP,AES,AES_CCM,FF,IBSS,HOSTAP,AHDEMO,TXPMGT,SHSLOT,
SHPREAMBLE,MONITOR,TKIPMIC,WPA1,WPA2,BURST,WME,BGSCAN,TXFRAG

You can search for wireless access points by typing the following.
# sudo ifconfig ath0 up
Password:
# ifconfig ath0 list scan
SSID            BSSID              CHAN RATE   S:N     INT CAPS
*               00:19:a9:a5:37:c0    1   54M -74:-96  100 EPS  WME
********        00:1c:10:0b:fc:69    6   54M -87:-90  100 EP   WPA
*****           00:1b:11:eb:6f:3f    6   54M -87:-88  100 EP   ATH
*********       00:14:bf:38:e9:43   11   54M -78:-85  100 EP   WPA
****            00:11:50:71:bb:34   11   54M -74:-86  100 EPS  ATH
*********       00:11:95:2c:6e:c0   11   54M -74:-85  100 EP
********        00:15:e9:d3:ee:0a   11   54M -76:-85  100 EPS
********        00:1a:c4:c4:1d:e9    2   54M -83:-87  100 EPS
*****           00:12:17:a6:b6:06    6   54M -88:-89  100 EPS  WME
********        00:14:6c:92:0d:d2   11   54M -78:-85  100 EP
******* *****   00:1b:2f:d6:83:60    9   54M -81:-83  100 EPS  WPA RSN WME
*********       00:17:3f:82:d1:1a    4   54M -87:-88  100 EP   WPA
*******         00:14:6c:f4:bb:82   11   54M -86:-87  100 EP   WPA


5 - WEP network configuration

You can connect to a WEP network by doing the following. This command will
associate your machine to the access point with the following: an open
authorization mode, a specified bssid (MAC address of the AP), a specified
key with hexidecimal value, and a specified ssid.

# sudo ifconfig ath0 authmode open bssid 00:19:A9:A5:37:C0 deftxkey 1 \
ssid *********** wepmode on wepkey 1:0x000...
Password:

You can now get an IP address via DHCP.
# sudo dhclient ath0
Password:
DHCPREQUEST on ath0 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 192.168.1.8
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.8
bound to 192.168.1.16 -- renewal in 43200 seconds.

Check the status of your ath0 device.
# ifconfig ath0
ath0: flags=8843 metric 0 mtu 1500
        ether 00:40:96:af:20:70
        inet 192.168.1.16 netmask 0xffffff00 broadcast 192.168.1.255
        media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
        status: associated
        ssid *********** channel 1 (2412 Mhz 11g) bssid 00:19:a9:a5:37:c0
        authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpower 31.5
        bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250
        roam:rssi11g 7 roam:rate11g 5 protmode CTS burst

You can set your machine to connect to this access point at startup by doing
the following.
  ifconfig_ath0="authmode open bssid 00:19:A9:A5:37:C0 deftxkey 1 \
  ssid *********** wepmode on wepkey 1:0x000... DHCP"
# sudo vi /etc/rc.conf
Password:


6 - WPA2-Personal (WPA-PSK) network configuration

You can connect to a WPA2-Personal (WPA-PSK) network by doing the following.
This command will generate a pre-shared WPA key from an ASCII passphrase and
a specified ssid. The output will need to be added to network block in the
/etc/wpa_supplicant.conf file.
# sudo wpa_passphrase ssid passphrase >> /etc/wpa_supplicant.conf
Password:

Add the following to /etc/wpa_supplicant.conf. This network block specifies the
following: a specified ssid, scan enabled for ssid that isn't broadcast, a
specified bssid (MAC address of the AP), a specified wireless protocol, a
specified key management protocol, a specified pairwise cipher, a specified
group cipher, and a specified WPA pre-shared key.
  ctrl_interface=/var/run/wpa_supplicant
  ctrl_interface_group=wheel
  eapol_version=1
  ap_scan=1
  fast_reauth=1
  network={
          ssid="***********"
          scan_ssid=1
          bssid=00:13:10:da:df:04
          priority=0
          proto=RSN
          key_mgmt=WPA-PSK
          pairwise=CCMP
          group=CCMP
          psk=****************************************************************
  }
# sudo vi /etc/wpa_supplicant.conf
Password:

This command will associate your machine to the access point.
# sudo wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf
Password:
Trying to associate with 00:13:10:da:df:04 (SSID='***********' freq=2437 MHz)
Associated with 00:13:10:da:df:04
WPA: Key negotiation completed with 00:13:10:da:df:04 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:13:10:da:df:04 completed (auth)

You can now get an IP address via DHCP.
# sudo dhclient ath0
Password:
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
bound to 192.168.1.10 -- renewal in 43200 seconds.

Check the status of your ath0 device.
# ifconfig ath0
ath0: flags=8843 metric 0 mtu 1500
        ether 00:40:96:af:20:70
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
        status: associated
        ssid *********** channel 6 (2437 Mhz 11g) bssid 00:13:10:da:df:04
        authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit
        txpower 31.5 bmiss 7 scanvalid 60 bgscan bgscanintvl 300
        bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode CTS burst
        roaming MANUAL

You can set your machine to connect to this access point at startup by doing
the following.
  ifconfig_ath0="WPA DHCP"
# sudo vi /etc/rc.conf
Password:

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2024.