- OpenWebRX -for listening to On-Line SDRs using a web browser. It is a web based server and interface for remotely accessing RTL-SDRs and SDRPlay's. Another link: Open Source SDR Web App for Everyone
- NYC Mesh - community-owned network for fast, affordable and fair access to the Internet - Most of the devices we use, such as a LiteBeam or NanoStation, are self-contained so they have an antenna, radio and ethernet router all in one.
Monday, January 20. 2020
SDR - Software Defined Radio
Tuesday, October 15. 2019
wpa supplicant collection
To build a wpa_supplicant configuration file:
# wpa_passphrase testap >> /etc/wpa_supplicant/testap.conf a_password # cat /etc/wpa_supplicant/testap.conf # reading passphrase from stdin network={ ssid="testap" #psk="a_password" psk=1b97a5c02076ac80739263fb33db49c7c50d3199202872e06097e7baf305f35e }
Additional info at How to connect to a WPA/WPA2 WiFi network using Linux command line.
Sunday, December 31. 2017
WiFi Analyzers
For Android:
wifianalyzer for Android, shows what station IDs are on what channels, handles 2.4g and 5G connections, etc. Doesn't provide mapping, just shows "from where I am right know, what channels have which stations as what strengths?"
Nanobeam:
NanoBeam® AC is a directional antenna/radio integrated unit and is intended as a point to point or point-to-multipoint WISP client radio. The one feature you can get from it very cheaply is a directional, 2x2 MIMO 5.x GHz band spectrum analyzer that sees things *which are not 802.11 or wifi based. sample images
Highly useful for tracking down a specific source of non-wifi 5 GHz band interference. There's all sorts of random consumer grade things people can buy and introduce into an environment which do not broadcast MAC addresses or SSIDs, and do not show up on purely 802.11(abgn/ac) based tools.
It will of course also see hidden SSIDs and standard+non-standard 802.11abgn(ac) emitters.
There are also 2.4 GHz versions of similar products which will let you find non-802.11 emitters in the 2300 to 2500 MHz band. At $79 a lot less expensive than a "real" spectrum analyzer.
You can get DC PoE injectors for them which will connect to a Makita drill battery if you want to make it portable and wander around with a laptop.
Wednesday, September 6. 2017
WAN Wireless
mimosa: Mimosa Networks is a leading provider of 5G Fixed wireless solutions that enable service providers to connect dense urban and hard-to-reach rural homes at a fraction of the cost of fiber-to-the-premises solutions.
The WiFi Pineapple® NANO and TETRA are the 6th generation auditing platforms from Hak5. Thoughtfully developed for mobile and persistent deployments, they build on over 8 years of WiFi penetration testing expertise.
Saturday, June 17. 2017
Additional Linux Based Wireless Info
ArchLinux has a reference page on a software access point. At the bottom, it references that a non-00 country code is required along with the installation of CRDA (Central Regulatory Domain Agent) for wireless networks is required to run in the 5g range, due to the fact that radars and such need to be detected and non-interfered with. That page also describes a mechanism for a wifi device to be both a client and access-point.
- WiFi hostapd configuration for 802.11ac networks
- Debian WiFi
- Intel Wireless WiFi Link, Wireless-N, Advanced-N, Ultimate-N devices for debian
- RTL8192CU and RTL8188CUS in Station and AP mode at the same time
- Debian access point with Hostapd and RTL8188CUS/RTL8192CU
- Raspberry Pi Into a WiFi Hotspot with Edimax Nano USB EW-7811Un (RTL8188CUS chipset)
- List of Wi-Fi Device IDs in Linux
- aircrack-ng
- Beginners guide to a custom 802.11ac setup: lots of good tricks using "COMPEX WLE900V5-23 miniPCIe module, AR9880, 802.11ac, 3*3MIMO"
- About hostapd
- Turn any computer into a wireless access point with Hostapd
- hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
- command: iw list - to show capabilities of hardware
- command: iw wlan0 info
- command: iw wlan0 link
- command: iw wlan0 station dump
- command: iw reg set {00|BM|US|CA} - set appropriate country code for operating mode
- command: iw get get - to see results
- command: lsusb - to show usb devices
command: lspci: - to show pci devices - command: lspci -vv -s 6e:00.0 - show particular pci device (change the id)
- command: nmcli - network manager command line more info
- command: cat /proc/net/wireless
- command: iwevent
- command: iwgetid
- command: iwconfig - ancient tool
- FreeWTP -- An Open Source CAPWAP WTP : not sure what it does
- wifi access point on same chip by "linux is wonderful"
- ath9k and hostapd hoot: for an older kernel version, but still workable, with a note about making it work with 802.11n.
- strong wifi encryption with hostapd, written by ibm, and discusses "pre-shared key by mac address"
Tuesday, May 30. 2017
Windows Clients on hostapd.conf
Windows 7,8,9,10 are different animals. I was able to get Android, Mac, Linux and various cameras to associate using WPA2 encryption. Windows needs a particular wpa settings, otherwise things won't work. Troubleshooting Windows is next to impossible with its typical cryptic hex code patterns or this: "couldn't connect'. Windows is the most unhelpful operating system. Back in the early days it was helpful. But now, even for the technically inclined, Windows is a nightmare for troubleshooting corner cases.
Any way, here is a hostapd.conf file working with Windows 10 and the latest drivers (I tested with a couple different Atheros cards). It came down to using particular combinations of WPA parameters, specifically: TKIP and CCMP.
logger_syslog=-1 logger_syslog_level=2 #logger_stdout=-1 #logger_stdout_level=2 #sets the wifi interface to use, is wlan0 in most cases driver=nl80211 #ieee80211n=1 #ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] #ieee80211ac=1 #ieee80211d=1 #ieee80211h=1 #wmm_enabled=0 #wme_enabled=1 #country_code=CA country_code=0 #sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Setting to g ensures backward compatiblity. hw_mode=g #sets the channel for your wifi channel=0 #macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list" macaddr_acl=0 #setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid ignore_broadcast_ssid=0 interface=wlp4s0 #sets the ssid of the virtual wifi access point ssid=yourssid bssid=02:00:00:00:10:01 #Sets authentication algorithm #1 - only open system authentication #2 - both open system authentication and shared key authentication auth_algs=1 #####Sets WPA and WPA2 authentication##### #wpa option sets which wpa implementation to use #1 - wpa only #2 - wpa2 only #3 - both wpa=3 #sets wpa passphrase required by the clients to authenticate themselves on the network #sets wpa key management #wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256 wpa_passphrase=yourpassphrase wpa_key_mgmt=WPA-PSK #sets encryption used by WPA wpa_pairwise=TKIP CCMP #sets encryption used by WPA2 rsn_pairwise=CCMP
hostapd docs make mention that camp might need to be removed in order to function with certain windows computers.
Saturday, May 27. 2017
Using Quilt to Patch a Debian Package - hostapd
It took a little while to determine the root cause, but, ...
I am rebuilding an old windows workstation into a Linux based router/firewall/access-point using hostapd to provide wireless interfaces. Normally, this is a straight-forward configuration. The twist in this case is that I am using Open vSwitch to handle layer 2 functions. The box has an existing Atheros AR5B22 based PCIe 1 card with two antenna connections on the rear face. Which translates into a Qualcomm Atheros AR9462 chipset.
I added the wireless interface to OVS on vlan 10 with a command like:
ovs-vsctl add-port ovsbr0 wlp4s0 tag=10
I used a simple hosted configuration file like:
# cat /etc/hostapd/hostapd.conf interface=wlp4s0 driver=nl80211 ssid=test auth_algs=1 wpa=1 #wpa_psk_file=/etc/hostapd/hostapd.psk wpa_passphrase=testtest wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP
When running in debug mode:
hostapd -d -K -t /etc/hostapd/hostapd.conf
I was seeing EAPoL (Extensible Authentication Protocol over LAN) based retries. It took some research to come across the interaction about openvswitch and hostapd. Bottom line, is that hostapd uses a control channel to control the wireless device. EAPoL is a packet based function. AS such, hostapd needs to monitor the packets to pick out the EAPoL packets. A mechanism is built in for working with regular Linux bridged networking. That code does not work with Open vSwitch. Someone created a patch to work around the issue.
This patch isn't found in mainline hostapd, nor as a patch in the Debian repository. So... I need to apply it manually. I used the documentation found at Debian Building Tutorial as a starting point. The divergence is that the documentation uses a non-functional, deprecated tool called dpatch. I used quilt to handle patching.
As a sidebar, this server I am building uses LXC containers to segregate functionality, compartmentalise security, and to make it easier to keep the main install minimal. As patching and rebuilding the package requires a bunch of build tools, the tools can be easily installed, and then the whole build environment deleted when complete.
The annotated series of steps. I have a number of commented-out entries which I plan to play with later, once I understand more the nuances. One thing, there appears to be a lock out of 5gig frequencies when acting as a host.
apt update apt install build-essential fakeroot devscripts # install tools apt-get source hostapd #obtain source # review the source directory, then apt-get build-dep wpa # install the build dependencies cd wpa-2.4/ debuild -b -uc -us # build with existing source dpkg -i ../hostapd_2.4-1_amd64.deb # install the package as a test apt install quilt # install patch manager quilt top # inspect the current latest patch ls -alt debian/patches/ # most patches kept here ls -alt patches/ # some are here as well quilt new rpb_hostapd_openvswitch # create a new patch # in the following edit, I removed the content, and pasted the source from # https://github.com/helmut-jacob/hostapd/blob/master/src/drivers/linux_ioctl.c quilt edit src/drivers/linux_ioctl.c # source file to change, leave function linux_master_get in place quilt refresh # refresh quilt top # my new patch is at the top cat debian/patches/rpb_hostapd_openvswitch |less # this is my patch quilt diff # show the diff colorized quilt push # add the patch to the list of patches dch -n # update the changelog and version debuild -b -uc -us # build with the new patch # the patch can then be applied and tested (direct from the lxc container): dpkg -i /var/lib/lxc/apd/rootfs/usr/src/hostapd_2.4-1.1_amd64.deb
With the patch, clients can now successfully associate and authenticate with hostapd when the wireless port is connected to an Open vSwitch bridge.
hostapd sample configurations:
- Hostapd: from a Gentoo perspective, with an intro to multiple AP and some references to 802.11ac with DFS
- CRDA Regulatory Code - getting hostapd to run in the 5g bands
- Edison AP mode in 5GHz - putting two and two together
- w1.fi hostapd.conf example
- hostapd docs which include some 802.1x suggestions and for running with segregated plans. freeradius is also needed when running 802.1x style configurations as the radius protocol is used for communicating the configurations to end devices.
- simple hostapd/radius config
- openwrt / openvswitch: background information on the hostapd / openvswitch issue
- OpenFlow Isolation: use openflow / openvswitch to isolate wifi networks and users, which is an improvement on the psk per user and 802.1x per user vlan. with ovs-ofctl examples
- MAC address spoofing, and since the pre-shared key in a previous step might be MAC based, here is a way to get around the limitation.
- hostapd and dhcp: simple wifi config
- SDN: Establishing a Session Database for SDN Using 802.1X and Multiple Authentication Resources -- interesting presentation on open flow, 802.1x, sdn, radius, ...
- Ath9k Chipsets
2018/09/16 Other configs (for 5ghz):
- My Wi-Fi access point revisited
- ArchLinux - [AR9390][ath9k][hostapd] No SSID in the air
- Hostapd much slower than expected
2020/08/21 From the mailing list:
For "normal" wifi you can't simply bridge the wlan interface of the client. You can bridge it on the AP. This is, because in wifi you don't have a source-MAC and a destination-MAC, but also a transmitter-MAC and a receiver-MAC. As an optimisation, in ap2sta direction the destination and the receiver are a single field. In sta2ap direction, the source and the transmitter are a single fieldTake a look at 4addr mode which solves the issue by having actually all 4 fields. This is a linux specific implementation and may not be available on all types of cards.
An alternative would be to have a routed connection between the two devices and bridge your ovs-instances via GRETAP.
2020/12/09 - some additional settings and notes - on Debian hostapd gets installed with out a configuration file. Once the configuration file is in place, run the following to auto-start hostapd:
- sudo systemctl unmask hostapd
- sudo systemctl enable hostapd
- sudo systemctl start hostapd
The commands are from: Failed to start hostapd.service: Unit hostapd.service is masked. #1018
Another note: many/most/all Intel adapters are designed for client side operations. Use an ath5k/ath9k/ath10k adapters for server/host side operations. The key aspect here is that the channel=0 entry in the configuration file will result in errors and exit of hostapd as it cannot find survey data when mapping the channels. The channel parameter needs to be set to 1, 7, or 11 (non overlapping channels). For example:
ACS: Unable to collect survey data ACS: All study options have failed Interface initialization failed
Some interesting points from Intel Wireless 7260 as an access point:
- First, the card is said “dual-band” but you can only uses one band at a time because there is only one radio. Almost all wireless cards have this limitation. If you want to use both the 2.4 GHz band and the less crowded 5 GHz band, two cards are usually needed.