Straightforward out-of-the-box solution for extending WiFi range

Could you talk a little more about how this is problematic? For example, do
you only run into problems when administering two or more units, and if so,
isn't there an easy way to differentiate one unit from another so you always
know which unit you're accessing? I haven't played with any ubnt equipment
but I'm very impressed by what I've read.

 

In the last episode of <>,

The issue is more that when a mobile device jumps from one access point
to another (with the same SSID), it'll attempt to re-use it's existing
IP and ARP the default gateway. If the default gateway has the expected
MAC address it's assumed to be the same network and the device can
proceed as though nothing changed.

If the APR test succeeds, the total network interruption time is that of
one ARP lookup, which is probably on the order of 100ms-200ms, which is
barely noticed by the user. Small networks will be even faster,
obviously.

If the ARP fails, or returns a different MAC address, the device will
silently drop it's IP and start a new DHCP request. This is fine, but it
will cause a momentary interruption in traffic from the user's
perspective, possibly lasting long enough to generate application level
errors. In this case, using a different SSID is better because a smart
device may track past DHCP allocations and use the quick-start process
described above when returning to a SSID it recognizes, within it's
original DHCP lifespan.

 

I'm not sure what version of software people here are talking about but
one of the local churches uses Unify access points. They installed the
software on one of their file servers since they are powered on 7/24.

The controlling software let them import a drawings of the building
which is multi-story and comprises approximately 60 rooms. Icons of the
devices were placed on the drawings by the program/user showing where
each AP was installed. Now they just click on the icon in question and
are able to control just the device they need to when problems turn up
or they want to update an individual AP wireless password.

They use the logging features to check on the younger crowd to verify
that the network is not being used to visit or download stuff that the
church elders are against. Mostly they just check for accidental visits
or redirects to porn sites which they then block using other parts of
the software.

I believe they also use the software to schedule "outages" on the
network in areas of the building that have regularly scheduled sermons.
I guess they don't want the competition from the wireless sites while
they preach to the masses...

It's also nice that the devices they choose to use all look like round
fire alarms so they tend to blend in with the rest of the stuff on the
ceilings and walls.

For those who just want to set up a device or two the software makes
configuring the devices quite easy from what I've seen. Once you set
things up you can actually power off the controlling software and the
devices will continue to function just fine using the configuration
stored in each device, just like any other AP. One does not need to use
the "management" parts of the software if you have no need or reason to
keep watch on things. Just power it up when changes are needed and
power it back off when it's not needed.

 

Thanks, GBM. That certainly seems to be straightforward. I've got to get
some of this stuff and play with it when I get a chance. I don't have any
current problems to solve, but it's nice to have tools in the toollbox for
times when they're needed.

 

Most linux OSs have a gui so as to avoid the iws type commands. KDE for
sure. I haven't run gnome in a long time.

We've been through this before on the forum, and it is monitor mode. I
already forgot the difference with promiscuous mode.

If you are going to connect to the access point, there is no need to be
stealthy. Well presuming you aren't hacking.

The deal with Kismet is you fire it up and let it log for a long time.
Some people turn off their routers routinely. Or they turn off their
router if leaving town for a while. Site surveys in theory should be
something you do in 5 minutes, though in 5 minutes you can often spot a
lot of problems.

Obviously the kismet logging is more useful when mobile, especially with
the GPS daemon running.

Once you have run kismet, netstumbler will seem kind of silly. To my
recollection, netstumbler doesn't even see wifi probing, unless it has
been modified. The probe is a way of alerting you that there are wifi
clients within range, even if not connected to an access point. The vast
majority of the public just leaves wifi enabled all the time, so as soon
as they turn on a notebook or phone, they start to look for previous
access points. I've been tempted to set up my notebook to look like a
starbucks SSID, park by a busy but not too fast road (or any urban
highway during rush hour) and see how many phones will try to connect to
me. I'm sure this had been done already.

I suspect there is a DoD version of Kismet just to find illegal wifi on
base. Supposedly no DoD network can have wifi, though there are
exceptions. Some bases have an wifi scheme where aircraft mechanics can
request parts via wifi. And of course the BX/PX can have wifi. But that
5.8GHz wifi is just too close to UAV frequencies. If you search of WIPS
versus WISP, you can see the detection toys. (Wireless intrusion
protection system)

 

Most devices that you put on the main these days have offline switchers.
They just square up the voltage on the mains (which could be PG&E or
your inverter). But the flat pulses out of the inverter stress
components more than the clean sine wave. So you might fry the power
supply. You will find people who swear this isn't a problem, and you
will find people that have fried gear with a cheap inverter. It is a
matter of running into a device that can't take the strain. [Not
everybody gets a breaded rat in their KFC, but it does happen.]

If you have a old isolation transformer, which were common in the days
of analog TV, you can run the cheap ass inverter into the isolation
transformer. It will buzz a bit, and the output is just less ugly, not
really a sine wave.

I finally got to the point where I bought a good pure sine inverter so
if I need to use an expensive instrument in the field, I have suitable
power. The so called 12V market is kind of limited in selection.

There are inverter generators that are pretty quiet. Yahama and Honda
make them. They have true sine inverters on them. I really wish some
forward thinking SUV and/or truck manufacturer would just put one in the
engine compartment. Kind of like a APU in a tractor-trailer rig.

 

Nagios is the one that comes on most linux distributions. The number of
plugins is extensive, and more entertaining are the functions. For
instance, some can detect if one of your employees has plugged in a game
server. Back in the day, putting Doom on the company network was
standard procedure in the valley.

 

Somewhere buried on the Google Code website is a program that converts
kismet log geocoordinates to KML.

 

<http://airsnort.shmoo.com/faq.html#Q3>
Basically, you do NOT need to connect to an AP in order to sniff
traffic in monitor mode. In promiscuous mode, you need to be
connected. More:
<http://en.wikipedia.org/wiki/Monitor_mode>

DD-WRT and Kismet Drone:
<http://www.dd-wrt.com/wiki/index.php/Kismet_Server/Drone>
<http://www.supertechguy.com/help/security/kismet-drone>
<https://www.sans.org/reading-room/w...nexpensive-wireless-ids-kismet-openwrt-33103>

 

<http://code.google.com/p/pykismetkml/wiki/pykismetkml>

 

Of course...pykismetkml...a name at the tip of my tongue!

On usb, the gpsd daemon is pretty good. It was kind of ugly in the
serial port days.

Lots of interesting SSIDs out there.
FBISURVEILLANCEVAN
all sorts of names with virus in them
names not to be used in polite company
star trek themes galore, but Klingon based names are the most popular
and of course
CLICKHEREMOM

I gave a demo of Kismet at 4th street Peets in Berkeley. You would be
amazed at how fast people put away a computer when you say "I see a
Macbook just signed on." You can also sniff the wifi on the AC Transit
buses.

Wireless security could be an oxymoron. I work at putting out a crappy
signal. Put the router as low as possible. Adjust the timing to make
long distance reception difficult. While we don't have basements around
here, there is no shortage of pimple faced kids with all summer to hack
you.

 

Maybe PyKismetKML sounds better.

You left out the most popular default SSID's. linksys, dlink,
change me, Free Public Wifi, hpsetup, default, wireless, etc.

This should be fun to install at the local coffee shop. It's running
DriftNet or EtherPEG:
<http://freegeekvancouver.blogspot.com/2011/06/another-hack-wiretap-picture-frame.html>
<http://www.ex-parrot.com/~chris/driftnet/>

Finally, something we can agree on. The very concept of a pre-shared
key reeks of security problems.

I'm old skool and prefer wiretap (ethertap), social engineering, and
physical security hacks. For the holidays, I bought myself a lock
pick set, but either I misplaced it or someone stole it before I had a
chance to try it. Sigh.

 

In the last episode of <>,

I've wondered if there's any access point out there that can handle a
larger number of SSIDs mapped to a single VLAN (along with 1-2 others
that are mapped to their own VLAN)?

Ideally I'd have one secured internal, one mixed internal-guest, and one
honeypot with a bunch of SSIDs on it, all the public ones I can think
of.

Unfortunately the gear I can find only handles 4-8 SSIDs, which isn't
quite enough for all the defaults I can think of plus whatever others I
discover (linksys, dlink, Free Public Wifi, default, Apple Store,
shawopen, guest, plus whatever Tim Hortons and McDonalds use)

Why? For giggles But I'll be nice and provide a bit of free
connectivity on these SSIDs.

 

Driftnet sounds like a winner. You'd probably have to use it at a coffee
house near a college or high school to actually catch anything. I've
sent the occasion hot chick in the coffee shop photo to a friend, but
I'm on BIS, which makes me sniff proof.

BTW, rather than using things like puppy linux, which kind of dead ends,
Suse made JEOS. It is also on Opensuse, the free Suse. JEOS stands for
"just enough operating system." I've used it on Arm. Since Redhat ended
up being the defacto server platform, Suse ended up in cash registers
and other embedded products. As a money machine, Redhat looks
unbeatable. Suse is about a quarter the size.

Is there a universal way to get wifi cam video?

 

Is 16 radios, 2 bands, and about 1000 users enough?
<http://www.xirrus.com/Products/Wireless-Arrays/Product-Comparison>
VLAN support can be per user, which allows for some load balancing
(useful for sports events, auditoriums, events, etc). You can put
priority users on a fast VLAN, and dump visitors on a slow VLAN.
However, normally there's each SSID is mapped to a separate VLAN. I
think (not sure) that each VLAN will support either 2 or 4 SSID's, but
I'm too lazy to dig for the specifics.

You don't want to know the price. (Old price list):

Yep, that's exactly what it does.

Sigh. I've created a monster.

I think that is called the start of a "man in the middle" exploit. Has
some my evil intentions and diabolical schemes rubbed off on you?

 

You mean like a standard? Fat chance. I have to monitor a few
security cameras at mountain top radio sites. I haven't seen anything
that looks like a usable standard. To screw things up, quite a few
security camera servers use some kind of Microsoft API that requires
installing an Active X control and Internet Exploder to view. Retch.
Of the more sane protocols, Motion JPG and AVI seem to be the most
popular among the security cameras. For HDTV, there's various
mutations of MPEG-4. For every video CODEC, there's a camera server
vendor that will try to stream it.

As an added bonus, most video CODEC's are rate adaptive in that they
will adjust their frame rate or compression level to accomodate
variations in channel bandwidth. What that really means is that no
matter what the available bandwidth, the video server will try to take
it all.

So, what are you trying to accomplish?

 

Accomplish? Just look at unencrypted wifi video in the aether.

I got a wifi cam at a local surplus shop. [Buried in a closest someplace
else I would tell you the make and model.] It required active X and IE,
and was a pain in the ass to get going on win7. I didn't even attempt
wine. $5 was nice, but what I really liked is you could screw in any
c-mount lens.

 

In the last episode of <>,

And that's why I won't be buying one... *sigh*

I'll likely just live with 3 SSIDs, one for the internal network, one
for guests that can manage to enter a password correctly, and one that's
insecure and only allows time-limited connectivity unless I approve the
MAC address (mostly for the kids' visitors and other short-term visits)

We live on a large property and I'll eventually end up putting in some
outdoor gear to cover the driveway down to the road as that dip has no
mobile coverage and it's a pain to be unable to pull up a map or driving
directions during the first 45 seconds of a trip.

Naa, this isn't a new dream. But the hardware is cost prohibitive for
giggles.

The worst I'd do would be the old "flip images using a transparent
proxy" trick, I have no real evil intentions beyond that. However, we do
have a pullout from a major road that gets frequently used for phone
calls, I'm actually already in talks with our cable company to put in
wifi coverage down there, if that falls through, I might do it myself to
be neighbourly (and yes, I understand the risks of running open wifi)

 

Also, you seem to have missed my last message on SNMP.
<https://groups.google.com/forum/message/raw?msg=alt.internet.wireless/fMLTzEHlzE8/B_-qhgqAXGcJ>
You can't do much with the free version of PRTG, but it's an easy
start. If not, go find another MIB browser.
<http://www.ireasoning.com/mibbrowser.shtml>
or SNMP graphing program.
<http://oss.oetiker.ch/mrtg/>
If you have a web server handy, use RRDTool and a template for Cacti
such as:
<http://docs.cacti.net/usertemplate:host:scgrab:ubiquiti>
<http://community.ubnt.com/t5/airMax...acti-Host-template-for-AirOS-5-5/td-p/331019>
Note that the Ubiquiti supplied MIB for the various models is rather
limited, but does work for most common things. The rest will need to
be scraped from various configuration web page until Ubiquiti decides
to update the MIBs.

Or, you can have someone else do the monitoring for you:
<http://www.odmon.com>
Useless for troubleshooting a broken internet link because the data
goes over the internet.

With SNMP, I don't believe that he needs your admin password. The
SNMP read and write community name acts as a password.

Most WISP's use SNMP in some form for remote management and
monitoring. You might ask him what software (probably Nagios) he's
using.

 

BTW, Fry's is stocking Engenius if you want the "pro" stuff. Personally
if it doesn't have open source firmware, I have no interest in the product.

The Engenius products are on the end of an isle, which usually but not
always means the manufacturer is paying the store to carry the product.
Remember the Fry's brothers know grocery store marketing techniques.
Stuff like the impulse buy isle.