Re: frame writing with linksys wpc11

From: Jouni Malinen (
Date: 2002-09-09 18:13:19 UTC

On Thu, Sep 05, 2002 at 01:56:29PM -0500, wrote:

> > > wlan0: TXEXC - fid=0x03ac - status=0x0001 ([RetryErr]) tx_control=002e
> > >
> > > retry_count=0 tx_rate=0 fc=0x0800 (Mgmt::0)

> I am trying to inject frames by using the inject which is provided with the
> code, the
> addr1=00:07:0e:b9:1f:4d add2=00:23:45:67:89:ab addr3=00:40:96:5a:a1:a1
> i have a wireless card with mac address as addr1, and a access point with addr3.
> they are in the same BSSID. does addr1 have to equal addr3? i also tried to
> send the frame to the access point, which means addr1=addr3, but i got the same
> error. do i have to make the addr2 the same as my linksys wpc11 card, the one i
> am using right now is faked.

No wonder you are getting RetryErrs if you use a faked src address. ACKs are sent to the source address and the sending device does not see the ACKs here, and hence the retry limit is reached.

In addition, I do not understand what you are trying to do with that frame. It is a association request from a station to another, but this kind of frame is never sent between stations when using an access point.. The stations associate with the AP and the only understandable assoc req message would thus have addr1=addr3.

> another problems i have now is that i was able to get the error message by
> using 4-19 version to do the injecting, when i switch to 5-04 version, i got
> nother from dmesg . why that ?

Who knows.. Those are ancient versions and I really do not remember what has changed in them.

> i also saw somebody talking about using wlan0ap to inject frames, how can i do
> it in that way

Get the latest CVS snapshot version from and compile it with PRISM2_HOSTAPD define in hostap_config.h. After this you should get a driver that registers both wlan0 and wlan0ap devices. wlan0ap includes IEEE 802.11 headers and there is example code using it in hostapd directory.

Jouni Malinen                                            PGP id EFC895FA

This archive was generated by hypermail 2.1.4.