This is some quite good information, thank you very much!
We need to set up some 5GHz-Links, and therefore I would like to test if the link partners reliably find each other again after a radar detection.
Ralph.
From: address@hidden [mailto:address@hidden On Behalf Of Jawad Seddar
Sent: Friday, 08 January, 2016 23:24
To: GNURadio Discussion List
Subject: Re: [Discuss-gnuradio] Trigger 5GHz-WLAN radar detection?
I managed to find an old document that details the output from the driver and the pulses I generated.
I tried it with 2 different pulse characteristics :
- Pulse width of 15 μs and PRF equal to 1000 Hz
- Pulse width of 15 μs and PRF equal to 3000 Hz
Image below details the second signal (PRF = 3kHz).
This is some log when detecting the first signal
This is some log when detecting the second signal
You can see the driver recognizes the PRF quite well.
I hope this helps a bit,
Jawad
2016-01-08 23:13 GMT+01:00 Jawad Seddar <address@hidden>:
Hi Ralph,
I did this 2 and half years ago and I basically followed the directions in pages 60-61 of the ETSI document linked by Marcus to generate the signals.
By watching the channel on which the WiFi card was operating, I generated the signal at the right frequency and I could see the card changing frequencies. I could then access some log files that detailed why the frequency change happened (In this case it was saying that it had detected a radar with a given Pulse Repetition Frequency and gave some details about the detected signal).
I believe I was using the ath5k drivers (see madwifi-project).
Regards,
Jawad
2016-01-08 22:56 GMT+01:00 Marcus Müller <address@hidden>:
Hi Ralph,
hm; depends, I think.
So, there's two things:
If you're referring to a channel switch announcement, that can be part
of a management frame [1]. But I think it can also be part of a beacon
frame. Or a probe response frame.
Luckily, 802.11 is not confusing the least.
Blind guess is that you should look into airprobe-ng's "aireplay"
program and see whether it can synthesize such a frame. Basically, you
should be able to forge at least beacon frames, which might be helpful
as soon as you deauthenticated a station; a very common attack.
More likely, even, is that you're talking about mimicking a fake radar.
I guess the appropriate way to do that is probably sending something
that looks sufficiently close enough to a chirp to the OFDM demod, I think.
I'm too lazy to read this myself :D, so go and read 5.3.8.1 and
following of ETSI EN 301 893 [2], and refer to a trustworthy free and
open WiFi card driver (hint hint: atheros 9k, dfs_pattern_detector.c).
Best regards,
Marcus
[1]
https://mentor.ieee.org/802.11/dcn/10/11-10-0097-06-00ae-management-frame-analysis.xls
[2]
https://www.etsi.org/deliver/etsi_en/301800_301899/301893/01.05.01_60/en_301893v010501p.pdf
On 08.01.2016 21:47, Ralph A. Schmid, dk5ras wrote:
> Hi,
>
> Does anybody know how a signal must look to trigger a 5 GHz WLAN for a
> frequency change? I intend testing this feature by transmitting a radar-like
> signal with gnuradio, but for this I should know how this detection works,
> how such a signal does look :)
>
> Ralph.
>
>
> _______________________________________________
> Discuss-gnuradio mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
_______________________________________________
Discuss-gnuradio mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/discuss-gnuradio