I'm investigating an issue with an iPhone controllable hardware, which operates in IBSS / Ad Hoc mode. Since the hardware generation of iPhone6 & Co the iDevices can't connect to the hardware anymore, which creates the wifi network with a deprecated Microchip 802.11 b listening only to 1 / 2 Mbit / s.
I've narrowed down the problem with wireshark (see screenshots):
1.) The Microchip wifi Beacon announces the network, I assume the BSSID is randomly assigned in IBSS / Ad Hoc mode.
2.a) The iPhone5 sends a probe request to destination broadcast and receives the probe response announcing that the Microchip can only listen on 1 / 2 Mbit / s. Further conversation works just fine.
2.b) The iPhone6 sends a probe request to the randomly assigned BSSID and never receives a probe response, therefore not knowing that the Microchip can only listen on 1 / 2 Mbit / s and starts talking at 12 Mbit / s in further conversation, which obviously doesn't work.
The question now is which of the two wifi firmwares behaves not according to the 802.11-2012 standard?
Either iPhone6 Broadcom WiFi firmware, that sends the Probe Request to the BSSID of the Ad Hoc network (instead of the MAC of the Microchip WiFi chip or the Microchip firmware, that doesn't answer the Probe Request when sent to the BSSID of the Ad Hoc network it created initially?
I haven't found anything in the 802.11-2012 standard, yet, what the appropriate destination address of a probe request in an 802.11 Ad Hoc network would be (broadcast or the BSSID of the beacon). Is there an expert out there, who can give some insights and probably references to the standard where that is defined?
Thanks.
Edit:
I've attached the captured packets:
The Microchip WiFi chip is 00:1e:c0:08:32:1b,
the iPhone6 is 74:1b:b2:81:7d:69,
the iPhone5 is 00:88:65:8c:33:AA
These are some relevant packets in the iPhone6 capture:
-
186 Probe Requests from iPhone6 to unknown MAC 7a:7b:01:79:c4:b5 regarding SSID=Anova at 1Mbit (I assume randomly assigned MAC for Ad Hoc / IBSS)
No Probe Response, cause there is no device with that MAC… -
203… Null Function from iPhone6 to Anova at 6Mbit
-
210 first Beacon from iPhone6 with SSID=Anova at 1Mbit
-
294 … WEP join? from iPhone6 via IPv6mcast_16/_fb/_02 at 12Mbit (as the Microchip chip understands 1 / 2Mbit only this ends in nothing
The iPhone5 addresses the Microchip WiFi chip with it's MAC address correctly, not with the randomly assigned BSSID.
Best Answer
To some degree, this is true. For clarity, from IEEE-802.11-2012 section 10.1.4.1:
So, the first STA to start in the IBSS should generate the BSSID, however further STA's that join the IBSS should adopt this value.
I will start by noting that there isn't a single probe response in this capture. This leads me to believe that there is some sort of problem with how this capture was obtained. As such, there is no way to determine if the Microchip device has responded with a probe response or not.
However, we can assume that a probe response has been sent and recevied at some point because it appears your iPhone6 has joined the IBSS. Take a look at the beacon frames at 19.85 seconds into the capture. You now see both the Microchip and the iPhone6 sending beacon frames for "Anova 1" with the same BSSID. Since they have synchronized the BSSID, this would indicate they have both become part of the same IBSS.
Based on the evidence at hand, and technically speaking, they both appear to be adhering to the standard. We would need a better capture to make any further determinations.
It looks like the IBSS is established. You need to start looking at why the two are not actually communicating.