WIRELESS
`HACKING
`
`
`
`
`
`Projects for Wi-Fi Enthusiasts
`Wherever You Go, There You Are!
`¢ Build, Deploy and Maintain a “Homebrew” Wi-Fi Network
`* Create a Low-Cost/High-Yield Development Roadmap for Wireless
`Enthusiasts, Households, Small Businesses and Community Groups
`* Customize Wireless Operating Systems,Install Antennas, Build
`Solar-Powered Access Points and More
`By the SoCalFreeNet.org Wireless Users Group
`Lee Barken with
`Eric Bermel, John Eder, Matthew Fanady
`Michael Mee, Marc Palumbo, Alan Koebrick
`
`
`
`
`
`
`
`SYN Gress°
`
`
`
`GUEST TEK EXHIBIT 1017
`Guest Tek v. Nomadix, IPR2019-01191
`
`GUEST TEK EXHIBIT 1017
`Guest Tek v. Nomadix, IPR2019-01191
`
`

`

`Register for Free Membership to
`s o l u t i o n s @ s y n g r e s s . c o m
`
`Over the last few years, Syngress has published many best-selling and
`critically acclaimed books, including Tom Shinder’s Configuring ISA
`Server 2000, Brian Caswell and Jay Beale’s Snort 2.0 Intrusion
`Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal
`Packet Sniffing. One of the reasons for the success of these books has
`been our unique solutions@syngress.com program. Through this
`site, we’ve been able to provide readers a real time extension to the
`printed book.
`
`As a registered owner of this book, you will qualify for free access to
`our members-only solutions@syngress.com program. Once you have
`registered, you will enjoy several benefits, including:
`I Four downloadable e-booklets on topics related to the book.
`Each booklet is approximately 20-30 pages in Adobe PDF
`format. They have been selected by our editors from other
`best-selling Syngress books as providing topic coverage that
`is directly related to the coverage in this book.
`I A comprehensive FAQ page that consolidates all of the key
`points of this book into an easy to search web page, pro-
`viding you with the concise, easy to access data you need to
`perform your job.
`I A “From the Author” Forum that allows the authors of this
`book to post timely updates links to related sites, or addi-
`tional topic coverage that may have been requested by
`readers.
`Just visit us at www.syngress.com/solutions and follow the simple
`registration process. You will need to have this book with you when
`you register.
`
`Thank you for giving us the opportunity to serve your needs. And be
`sure to let us know if there is anything else we can do to make your
`job easier.
`
`

`

`

`

`WIRELESS
`HACKING
`
`Projects for
`Wi-Fi Enthusiasts
`
`By the SoCalFreeNet.org Wireless Users Group
`Lee Barken with
`Eric Bermel, John Eder, Matthew Fanady
`Michael Mee, Marc Palumbo, Alan Koebrick
`
`

`

`Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively
`“Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.
`
`There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and
`WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.
`
`In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or conse-
`quential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of
`liability for consequential or incidental damages, the above limitation may not apply to you.
`
`You should always use reasonable care, including backup and other appropriate precautions, when working with computers,
`networks, data, and files.
`
`Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack
`Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Syngress:The Definition of a Serious Security Library”™,
`“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing,
`Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
`
`KEY
`001
`002
`003
`004
`005
`006
`007
`008
`009
`010
`
`SERIAL NUMBER
`HJCV184764
`PO5FGHJ887
`82JH26765V
`VBHF43299M
`C23NMVCXZ3
`VB5T883E4F
`HJJ3EBNBB6
`2987GMKKMM
`629JT5678N
`IMWT6T3456
`
`PUBLISHED BY
`Syngress Publishing, Inc.
`800 Hingham Street
`Rockland, MA 02370
`
`Wireless Hacking: Projects for Wi-Fi Enthusiasts
`
`Copyright © 2004 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as per-
`mitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any
`means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception
`that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for
`publication.
`
`Printed in the United States of America
`1 2 3 4 5 6 7 8 9 0
`ISBN: 1-931836-37-X
`
`Publisher: Andrew Williams
`Acquisitions Editor: Christine Kloiber
`Technical Editor: Lee Barken
`Cover Designer: Michael Kavish
`
`Page Layout and Art: Patricia Lupien
`Copy Editor: Mike McGee
`Indexer: Odessa&Cie
`
`Distributed by O’Reilly Media, Inc. in the United States and Canada.
`For information on rights and translations, contact Matt Pedersen, Director of Sales and Rights, at Syngress Publishing; email
`matt@syngress.com or fax to 781-681-3585.
`
`

`

`Acknowledgments
`
`Syngress would like to acknowledge the following people for their kindness and support in making this
`book possible.
`
`Syngress books are now distributed in the United States and Canada by O’Reilly Media, Inc.The
`enthusiasm and work ethic at O’Reilly is incredible and we would like to thank everyone there for
`their time and efforts to bring Syngress books to market:Tim O’Reilly, Laura Baldwin, Mark
`Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol
`Matsutaro, Steve Hazelwood, Mark Wilson, Rick Brown, Leslie Becker, Jill Lothrop,Tim Hinton, Kyle
`Hart, Sara Winge, C. J. Rayhill, Peter Pardo, Leslie Crandell, Valerie Dow, Regina Aggio, Pascal
`Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen,
`Betsy Waliszewski, Dawn Mann, Kathryn Barrett, John Chodacki, and Rob Bullington.
`
`The incredibly hard working team at Elsevier Science, including Jonathan Bunkell, Ian Seager, Duncan
`Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran,
`Emma Wyatt, Rosie Moss, Chris Hossack, Mark Hunt, and Krista Leppiko, for making certain that our
`vision remains worldwide in scope.
`
`David Buckland, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, Pang Ai Hua, and Joseph Chan
`of STP Distributors for the enthusiasm with which they receive our books.
`
`Kwon Sung June at Acorn Publishing for his support.
`
`David Scott,Tricia Wilden, Marilla Burgess, Annette Scott, Andrew Swaffer, Stephen O’Donoghue, Bec
`Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand,
`Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
`
`Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the
`Philippines.
`
`v
`
`

`

`

`

`Technical Editor & Contributor
`
`Lee Barken CISSP, CCNA, MCP, CPA, is the co-director of the Strategic
`Technologies And Research (STAR) Center at San Diego State University (SDSU)
`and the President and co-founder of SoCalFreeNet.org, a non-profit community
`group dedicated to building public wireless networks. Prior to SDSU, he worked as
`an IT consultant and network security specialist for Ernst & Young’s Information
`Technology Risk Management (ITRM) practice and KPMG’s Risk and Advisory
`Services (RAS) practice. Lee is the technical editor for Mobile Business Advisor
`Magazine, and writes and speaks on the topic of wireless LAN technology and
`security. He is the author of How Secure Is Your Wireless Network? Safeguarding Your
`Wi-Fi LAN (ISBN 0131402064) and co-author of Hardware Hacking: Have Fun
`While Voiding Your Warranty (ISBN 1932266836).
`
`Lee is the author of Chapter 1 “A Brief Overview of the Wireless World,” Chapter 2
`“SoCalFreeNet.org: An Example of Building Large Scale Community Wireless Networks,”
`Chapter 4 “Wireless Access Points,” Chapter 8 “Low-Cost Commercial Options,” and
`Appendix A “Wireless 802.11 Hacks.”
`
`“The most precious possession that ever comes to a man in this world is a woman’s heart.”
`
`—Josiah G. Holland
`
`To the love of my life, Stephanie:
`Thank you for your never-ending love and encouragement.
`
`vii
`
`

`

`Contributors
`
`Eric Bermel is an RF Engineer and Deployment Specialist. He has many years of
`experience working for companies such as Graviton, Western US, Breezecom,
`Alvarion, and PCSI. Eric has extensive experience developing and implementing
`RF site surveys, installation and optimization plans for indoor and outdoor ISM
`and U-NII band systems.
`
`Eric is the author of Chapter 10 “Antennas.”
`
`John Eder (CISSP, CCNA) is a security expert with Experian. He currently pro-
`vides strategic and technical consulting on security policy and implementation. His
`specialties involve: risk profiling, wireless security, network security, encryption
`technologies, metrics development and deployment, and risk analysis. John’s back-
`ground includes a position as a consultant in the Systems and Technology Services
`(STS) practice at Ernst & Young, LLP.
`John holds a bachelor’s degree from San Diego State University. He actively
`participates in the security community, making presentations and writing numerous
`articles on wireless security. John is a proud member of SoCalFreeNet.
`John enjoys the support of his loving wife Lynda, a caring family (Gabriel, Lyn,
`and Genevieve), and a great friendship with his director, Michael Kurihara.The
`security information in this book was made possible through the help of the
`m0n0wall team, the Soekris Engineering team, the West Sonoma County Internet
`Cooperative Corporation, and the many members of SoCalFreeNet.
`
`John is the author of Chapter 3 “Securing Our Wireless Community.”
`
`Matthew Fanady is a gear-head turned networking and computer enthusiast, and
`has been wrenching on cars and building computers since he was 16 years old. He
`is currently employed designing and constructing electric vehicles for a small
`startup company in San Diego, and spends his free time troubleshooting computers
`and exploring new ways to incorporate the latest communications technologies
`into everyday life. Matthew was one of the early pioneers of community wireless
`networks. In 2002, he began building a grass-roots community wireless network in
`his own neighborhood of Ocean Beach, where he was able to bring his passion for
`
`viii
`
`

`

`hacking together with his passion for wrenching. His efforts, along with those of
`others in San Diego, led to the inception of SoCalFreeNet which continues to
`build community-based wireless networks in San Diego.
`
`Matthew is the author of Chapter 11 “Building Outdoor Enclosures and Antenna
`Masts,” and Chapter 12 “Solar-Powered Access Points and Repeaters.”
`
`Alan Koebrick is the Vice President of Operations for SoCalFreeNet.org. He is
`also a Business Systems Analyst with a large telecommunications company in San
`Diego. Alan has a Bachelors degree in E-Business from the University of Phoenix.
`Prior to his current job, Alan spent 4 years with the United States Marine Corps
`where he performed tasks as a Network Administrator and Legal Administrative
`Clerk. Alan is also launching a new venture, North County Systems, a technology
`integrator for the Small Office / Home Office market.
`
`Alan is the author of Chapter 5 “Wireless Client Access Devices.”
`
`Michael Mee Michael started building his own computers after discovering the
`TRS-80 at Radio Shack years ago. He went on to work for a software startup,
`before dot coms made it fashionable.Then he had several great years at Microsoft,
`back when ‘the evil empire’ meant IBM.There he worked on database products
`like Access and Foxpro for Windows. Returning to his hacking roots, he’s now
`helping build high-speed community wireless for users everywhere, especially
`through SoCalFreeNet.org.
`
`Michael is the author of Chapter 6 “Wireless Operating Systems,” and Chapter 7
`“Monitoring Your Network.”
`
`Marc Palumbo (Society of Mechanical Engineers #4094314) is the Creative
`Director for the SoCalFreeNet.org. He is an Artist/Engineer and the owner of
`Apogee Arts, headquartered in San Diego, California. His company builds
`Community Networks, provisions Internet access for business and residential use,
`and designs and executes LANS purposed for specific vertical markets such as
`graphics, video editing, publishing, and FDA regulated manufacturing. He has built
`secure wireless surveillance systems deployed in Baghdad, Iraq, and for Homeland
`Security. Noteworthy wireless triage installations include the city of Telluride,
`
`ix
`
`

`

`Colorado, and Black Rock Desert, Nevada for Burning Man. Marc holds a bache-
`lors degree from the University of Maryland, received a National Endowment for
`the Arts stipend, and was a Fellow at the Center for Advanced Visual Studies, MIT.
`He began building his first computers in 1978 as part of his voice activated
`pyrotechnic interactive sculpture, “Clytemnestra.”The work won a once in 20-year
`honor for the Boston Arts Festival, 1985. He built his first RF device to light high
`voltage Neon works of art.
`Marc also helped deliver the first paint package for the PC, Splash! with
`Spinnaker Software and LCS Telegraphics. He created the first digital images for
`the PC, and his digital imagery has been published in Smithsonian Magazine,
`Volume 11, Number 9, Dec. 1980, pp. 128-137 and Macworld Magazine, October
`1988, pp. 96 through April 1989. One of the first Artists to use lasers for art, he has
`created large-scale images in the sky, mountains, and in the urban landscape. He has
`worked for and appeared on national television, including “Race for the High
`Ground”, Frontline News with Jessica Savitch (S.D.I. Demo of Star Wars Defense
`System, laser destroying satellite, W.G.B.H., Boston, MA, April 1983). He has also
`worked on production and on air talent crews for Discover Magazine’s TV show
`with James (Amazing) Randi, “A Skeptic’s Guide” March 1999.
`Working with Miami Springs High School and his corporate sponsor, Symbiosis,
`he created a team to build a robot to compete in Dean Kamen’s US First
`Competition, a program to encourage engineering careers for high school students.
`
`Marc is the author of Chapter 9 “Mesh Networking.”
`
`x
`
`

`

`Foreword Contributor
`
`Rob Flickenger has been hacking systems all of his life, and has been doing so
`professionally for over ten years. He is one of the inventors of NoCat, and is also an
`active member of FreeNetworks.org. Rob has written and edited a number of
`books for O’Reilly & Associates, including Wireless Hacks and Building Wireless
`Community Networks. He is currently a partner at Metrix Communication LLC in
`Seattle, WA (http://metrix.net/).
`
`xi
`
`

`

`

`

`Contents
`
`Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiii
`Part I Introduction to Wireless Hacking . . . . . . . . . . . . . . . .1
`Chapter 1 A Brief Overview of the Wireless World
` . . . . . . .3
`Introduction to Wi-Fi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
`The History and Basics of 802.11 . . . . . . . . . . . . . . . . . . . . . . .4
`IEEE Alphabet Soup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
`802.11b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
`802.11a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
`802.11g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
`Ad-Hoc and Infrastructure Modes . . . . . . . . . . . . . . . . . . . .9
`Connecting to an Access Point
` . . . . . . . . . . . . . . . . . . .10
`FCC Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
`FCC and IEEE Regulations . . . . . . . . . . . . . . . . . . . . .14
`Why Wi-Fi? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
`Benefits for Property Owners
` . . . . . . . . . . . . . . . . . . . . . .16
`Benefits for Volunteers . . . . . . . . . . . . . . . . . . . . . . . . . . .16
`Social Ramifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
`Security in a Community Wireless Network . . . . . . . . . . . .18
`Every Computer Needs to Be Protected . . . . . . . . . . . . .18
`Legal Liability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
`Defending the Neighborhood . . . . . . . . . . . . . . . . . . . .20
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
`Chapter 2 SoCalFreeNet.org: Building Large
`Scale Community Wireless Networks . . . . . . . . . . . . . . .23
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
`Wireless Distribution System (WDS) . . . . . . . . . . . . . . . . . . . .24
`5 GHz Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
`Working with Client Devices . . . . . . . . . . . . . . . . . . . . . . . . .26
`Competing with the Phone/Cable Companies . . . . . . . . . . . . .28
`
`xiii
`
`

`

`xiv
`
`Contents
`
`Outfitting Coffee Shops and Retail Locations . . . . . . . . . . . . . .29
`Getting the Neighborhood Involved . . . . . . . . . . . . . . . . . . . .30
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
`Chapter 3 Securing Our Wireless Community . . . . . . . . . .33
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
`The Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . .35
`Wiring the Network for Security . . . . . . . . . . . . . . . . . .36
`Choosing the Captive Portal Software and Hardware . . . .37
`Performing the Hack: Enabling Our Captive Portal . . . . . . .40
`Writing Our Terms of Service . . . . . . . . . . . . . . . . . . . .41
`Captive Portal Graphics
` . . . . . . . . . . . . . . . . . . . . . . . .42
`Building a PPTP VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . .45
`Performing the Hack: Enabling the VPN . . . . . . . . . . . . . . .45
`Configuring Our Community Users . . . . . . . . . . . . . . . . . .50
`Hacking the Mind of a Wireless User . . . . . . . . . . . . . . . . . . . .54
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . .54
`Performing the Hack:The Beginning and the End . . . . . . . .54
`Other Hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
`Part II Hacking Projects . . . . . . . . . . . . . . . . . . . . . . . . . . .57
`Chapter 4 Wireless Access Points
` . . . . . . . . . . . . . . . . . . .59
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
`Wi-Fi Meets Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
`Reflashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
`Linksys WRT54g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
`Sveasoft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
`NewBroadcom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
`HyperWRT
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
`eWRT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
`Wifi-box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
`Batbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
`OpenWRT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
`WRT54G Shortcomings . . . . . . . . . . . . . . . . . . . . . . . . . .75
`Soekris Single-Board Computers . . . . . . . . . . . . . . . . . . . . . . .75
`net4501 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
`
`

`

`Contents
`
`xv
`
`net4511 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
`net4521 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
`net4526 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
`net4801 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
`Soekris Accessories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
`Proxim 8571 802.11a Access Point . . . . . . . . . . . . . . . . . . . . . .81
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . .83
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
`Under the Hood: How the Hack Works . . . . . . . . . . . . . . .89
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
`Chapter 5 Wireless Client Access Devices . . . . . . . . . . . . .97
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
`Notebook Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
`PCMCIA Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
`Mini-PCI Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
`Desktop Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
`PCI Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
`USB Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
`Ethernet Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
`PDAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
`Compact Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
`Secure Digital IO Cards . . . . . . . . . . . . . . . . . . . . . . .105
`WarDriving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
`Why Are People WarDriving?
` . . . . . . . . . . . . . . . . . . . . .106
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .106
`Required Equipment . . . . . . . . . . . . . . . . . . . . . . . . .107
`WarDriving Software . . . . . . . . . . . . . . . . . . . . . . . . .107
`Optional Equipment . . . . . . . . . . . . . . . . . . . . . . . . . .108
`WarDriving Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
`Other Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
`Part III Software Projects . . . . . . . . . . . . . . . . . . . . . . . . .115
`Chapter 6 Wireless Operating Systems . . . . . . . . . . . . . .117
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
`m0n0wall—Powerful, Elegant, Simple . . . . . . . . . . . . . . . . . . .120
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .121
`
`

`

`xvi
`
`Contents
`
`m0n0wall on a Standard PC . . . . . . . . . . . . . . . . . . . .121
`m0n0wall on a Single Board Computer (SBC) . . . . . . . .121
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
`Downloading a Recent Version . . . . . . . . . . . . . . . . . .123
`Creating a CD-ROM from Windows . . . . . . . . . . . . . .123
`Creating a Compact Flash (CF) Card from Windows . . .125
`Starting Your Standard PC . . . . . . . . . . . . . . . . . . . . . .127
`Starting Your SBC . . . . . . . . . . . . . . . . . . . . . . . . . . .131
`Configuring m0n0wall . . . . . . . . . . . . . . . . . . . . . . . .134
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .148
`Pebble—Powerful, Raw, Complete . . . . . . . . . . . . . . . . . . . . .148
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .149
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
`Creating a Boot CD and Starting Knoppix . . . . . . . . . .150
`Configuring the Compact Flash Reader/Writer
` . . . . . .152
`Formatting the Compact Flash Card . . . . . . . . . . . . . . .154
`Downloading Pebble . . . . . . . . . . . . . . . . . . . . . . . . . .156
`Copying Pebble to the Compact Flash . . . . . . . . . . . . .156
`Booting Pebble . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
`Configuring Pebble . . . . . . . . . . . . . . . . . . . . . . . . . .158
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .160
`Chapter 7 Monitoring Your Network . . . . . . . . . . . . . . . .163
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
`Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .165
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .167
`Getif and SNMP Exploration for Microsoft Windows . . . . . . .168
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .168
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
`Retrieving Device Interface Information
` . . . . . . . . . . .169
`Exploring the SNMP OIDs . . . . . . . . . . . . . . . . . . . . .170
`Graphing the Data . . . . . . . . . . . . . . . . . . . . . . . . . . .172
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .173
`STG and SNMP Graphs for Microsoft Windows . . . . . . . . . . .173
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .174
`
`

`

`Contents
`
`xvii
`
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .177
`Cacti and Comprehensive Network Graphs . . . . . . . . . . . . . . .177
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .178
`Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
`PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
`Perl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
`RRDTool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
`MySQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
`Cacti . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
`Installing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
`Installing PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
`Installing Perl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
`Installing RRDTool . . . . . . . . . . . . . . . . . . . . . . . . . .185
`Installing MySQL . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
`Miscellaneous Settings . . . . . . . . . . . . . . . . . . . . . . . . .186
`Installing Cactid and Cacti . . . . . . . . . . . . . . . . . . . . . .187
`Graphing Data in Cacti . . . . . . . . . . . . . . . . . . . . . . . .192
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .197
`Additional References
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
`Chapter 8 Low-Cost Commercial Options . . . . . . . . . . . .199
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
`Sputnik . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
`Sputnik Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . .200
`Sputnik Control Center . . . . . . . . . . . . . . . . . . . . . . . . . .202
`Sputnik Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
`Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
`Pre-Paid Module . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
`A Sputnik Revolution . . . . . . . . . . . . . . . . . . . . . . . . . . .207
`Sveasoft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
`MikroTik . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
`
`

`

`xviii
`
`Contents
`
`Chapter 9 Mesh Networking . . . . . . . . . . . . . . . . . . . . .215
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
`Preparing the Hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
`The Basic Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . .218
`WDS (Wireless Distribution System) . . . . . . . . . . . . . .220
`Real World Example . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
`Example Two: LocustWorld Mesh Networks . . . . . . . . . . .222
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
`Additional Resouces on the Web . . . . . . . . . . . . . . . . . . .224
`Part IV Antennas and Outdoor Enclosure Projects . . . . . .225
`Chapter 10 Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . .227
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
`Before You Start: Basic Concepts and Definitions . . . . . . . . . . .228
`Federal Communications Commission . . . . . . . . . . . . . . .234
`Attenuation in Cables, Connectors, and Materials . . . . . .236
`System Grounding and Lightning Protection . . . . . . . . . . .238
`Building a Coffee Can Antenna . . . . . . . . . . . . . . . . . . . . . .240
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .240
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .243
`Troubleshooting Common Antenna Issues . . . . . . . . . . . . .244
`The Future of Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
`Chapter 11 Building Outdoor Enclosures and
`Antenna Masts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
`Building Outdoor Enclosures
` . . . . . . . . . . . . . . . . . . . . . . . .248
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .249
`Selecting a Raw Enclosure . . . . . . . . . . . . . . . . . . . . .249
`Hardware Selection . . . . . . . . . . . . . . . . . . . . . . . . . . .252
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .255
`Metal NEMA 3 Enclosures . . . . . . . . . . . . . . . . . . . . .255
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .263
`Building Antenna Masts . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .264
`
`

`

`Contents
`
`xix
`
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .265
`The Free-Standing Antenna Mast . . . . . . . . . . . . . . . . .265
`Direct Mount Antenna Masts . . . . . . . . . . . . . . . . . . . .269
`Lightning Protection . . . . . . . . . . . . . . . . . . . . . . . . . .272
`Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
`Chapter 12 Solar-Powered Access Points
`and Repeaters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276
`Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .276
`Calculating Power Requirements . . . . . . . . . . . . . . . . .276
`Battery Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
`Selecting a Solar Panel . . . . . . . . . . . . . . . . . . . . . . . .281
`Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
`Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
`Solar Panel
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
`Electrical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
`Electronics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
`Under the Hood: How the Hack Works . . . . . . . . . . . . . .295
`The Batteries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
`The Solar Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
`Appendix A Wireless 802.11 Hacks . . . . . . . . . . . . . . . . .299
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300
`Wireless NIC/PCMCIA Card Modifications: Adding an
`External Antenna Connector . . . . . . . . . . . . . . . . . . . . . .