Wireless Hacks | O'Reilly Media

Content preview·Buy reprint rights for this chapter

The mad rush to bring wireless products to market has left a slew of similar sounding yet often completely incompatible acronyms in its wake. 802.11b is the sequel to 802.11a, right? (Wrong.) If I just buy Wi-Fi, then everything will work together, right? (Unfortunately, no.) What is the difference between 802.11 a/b/g, 802.16, and 802.1x? How about GSM, GPRS, GMRS, and GPS? Where does Bluetooth fit into the picture?

Before we can jump into the more advanced hackery that is possible with wireless communications, it is important to understand what we have to work with. Remember that no technology is inherently "better" than any other; which one you should use depends on what you want to accomplish and the resources you have to work with. The goal of this chapter is to familiarize you with many of the popular wireless technologies available today, and to give you an idea of their relative strengths and weaknesses.

While definitely showing its age, the original 802.11 gear still has its uses.

The first wireless standard to be defined in the 802 wireless family was 802.11. It was approved by the IEEE in 1997, and defines three possible physical layers: Frequency Hopping Spread Spectrum (FHSS) at 2.4 GHz, Direct Sequence Spread Spectrum (DSSS) at 2.4 GHz, or Infrared. 802.11 could achieve data rates of 1 or 2 Mbps. 802.11 radios that use DSSS are interoperable with 802.11b and 802.11g radios at those speeds, while FHSS radios and Infrared obviously are not.

The original 802.11 devices are increasingly hard to come by, but can still be useful for point-to-point links with low bandwidth requirements.

Very inexpensive (a few dollars or even free) when you can find them.
DSSS cards are compatible with 802.11b/g.
Infrared 802.11 cards (while rare) can offer interference-free wireless connections, particularly in noisy RF environments.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The mad rush to bring wireless products to market has left a slew of similar sounding yet often completely incompatible acronyms in its wake. 802.11b is the sequel to 802.11a, right? (Wrong.) If I just buy Wi-Fi, then everything will work together, right? (Unfortunately, no.) What is the difference between 802.11 a/b/g, 802.16, and 802.1x? How about GSM, GPRS, GMRS, and GPS? Where does Bluetooth fit into the picture?

Before we can jump into the more advanced hackery that is possible with wireless communications, it is important to understand what we have to work with. Remember that no technology is inherently "better" than any other; which one you should use depends on what you want to accomplish and the resources you have to work with. The goal of this chapter is to familiarize you with many of the popular wireless technologies available today, and to give you an idea of their relative strengths and weaknesses.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

While definitely showing its age, the original 802.11 gear still has its uses.

The first wireless standard to be defined in the 802 wireless family was 802.11. It was approved by the IEEE in 1997, and defines three possible physical layers: Frequency Hopping Spread Spectrum (FHSS) at 2.4 GHz, Direct Sequence Spread Spectrum (DSSS) at 2.4 GHz, or Infrared. 802.11 could achieve data rates of 1 or 2 Mbps. 802.11 radios that use DSSS are interoperable with 802.11b and 802.11g radios at those speeds, while FHSS radios and Infrared obviously are not.

The original 802.11 devices are increasingly hard to come by, but can still be useful for point-to-point links with low bandwidth requirements.

Very inexpensive (a few dollars or even free) when you can find them.
DSSS cards are compatible with 802.11b/g.
Infrared 802.11 cards (while rare) can offer interference-free wireless connections, particularly in noisy RF environments.
Infrared also offers increased security due to significantly shorter range.

No longer manufactured.
Low data rate of 1 or 2 Mbps.
FHSS radios are incompatible with everything else.

802.11 devices can still be useful, particularly if you find that you already have a few on hand. But the ever falling price of 802.11b and 802.11g gear makes the old 802.11 equipment less attractive each day. The FHSS and Infrared cards talk only to cards of the same era, so don't expect them to work outside of your own projects. Infrared requires an absolutely clean line of sight between devices and offers limited range, but it operates well away from the popular ISM and UNII bands. This means that it won't interfere with (or see interference from) other networking devices, which can be a huge advantage in some situations.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

802.11a offers more channels, higher speed, and less interference than other protocols, but it still just isn't popular.

According to the specifications available from the IEEE (at http://standards.ieee.org/getieee802/), both 802.11a and 802.11b were ratified on September 16, 1999. Early on, 802.11a was widely touted as the "802.11b killer," as it not only provides significantly faster data rates (up to 54 Mbps raw, or about 27 Mbps actual data), but also operates in a completely different spectrum—the 5 GHz UNII band. It uses an encoding technique called Orthogonal Frequency Division Multiplexing (OFDM).

While the promises of higher speeds and freedom from interference with 2.4 GHz devices made 802.11a sound promising, it came to market much later than 802.11b. It also suffers from range problems: at the same power and gain, signals at 5 GHz appear to travel only half as far as signals at 2.4 GHz, presenting a real technical hurdle for designers and implementers. The rapid adoption of 802.11b only made matters worse, since users of 802.11b gear didn't have a clear upgrade path to 802.11a (as the two are not compatible). As a result, 802.11a still isn't nearly as ubiquitous or inexpensive as 802.11b, although client cards and dual-band access points (which essentially incorporate two radios, or a single radio with a dual-band chipset) are coming down in price.

Very fast data rates: up to 54 Mbps (raw radio rate), with some vendors providing 72 Mbps or faster with proprietary extensions.
Uses the much less cluttered (for now, in the U.S.) UNII band, at 5.8 GHz.

As of this writing, 802.11a equipment is still more expensive on average than 802.11b or 802.11g.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Many people continue to use 802.11b, the protocol of the Wi-Fi revolution.

Throughout this book, I mainly discuss 802.11b (also known as Wi-Fi, but then, so is 802.11a). It is the de facto wireless networking standard of the last few years, and for good reason. It offers excellent range and respectable throughput. (While the radio can send frames at up to 11 Mbps, protocol overhead puts the data rate at 5 to 6 Mbps, which is about on par with 10baseT-wired Ethernet.) It operates using DSSS at 2.4 GHz, and automatically selects the best data rate (either 1, 2, 5.5 or 11 Mbps), depending on available signal strength. Its greatest advantage at this point is its ubiquity: millions of 802.11b devices have shipped, and the cost of client and access point gear is not only phenomenally low, but also ships embedded in many laptop and handheld devices. Since it can move data at rates much faster than the average Internet connection, it is widely regarded as "good enough" for general use.

Near universal ubiquity in standard consumer devices, add-on cards, and APs.
Extreme popularity and pressure from 802.11a/g has led to massively discounted hardware. Cards less than $40 and APs less than $100 are common as of this writing.
802.11b "hot spots" are available at many coffee shops, restaurants, public parks, libraries, and airports, further increasing its popularity.
With many people using and experimenting with it, 802.11b is arguably the most hackable (and customizable) wireless protocol on the planet.

The 11 Mbps data rate of 802.11b will never get any faster, and is already surpassed by 802.11a and 802.11g.
802.11b's channel scheme allows only for three nonoverlapping channels, making for considerable contention in the 2.4 GHz ISM band.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Turbo charge your wireless network without leaving your 802.11b users in the cold.

At the time of this writing, the 802.11g specification has just been ratified by the IEEE. 802.11g uses the OFDM encoding of 802.11a in the 2.4 GHz band, and also falls back to DSSS to maintain backwards compatibility with 802.11b radios. This means that raw speeds of 54 Mbps (20 to 25 Mbps data) are achievable in the 2.4 GHz band, all while keeping backwards compatibility with existing 802.11b gear. This is a very promising technology—so promising, in fact, that the lack of ratification didn't stop some manufacturers from shipping gear that used the draft standard, even before it was ratified.

Very high data rates of up to 54 Mbps.
Backwards compatibility with the phenomenally popular 802.11b offers a simple upgrade path for existing users.
802.11g uses the same band as 802.11b, so existing antennas and feed lines can be reused.

Slightly more expensive than 802.11b, but prices are expected to fall as more equipment ships.
As it uses the 2.4 GHz ISM band, 802.11g will have to contend with many other devices, leading to more interference in crowded areas.

If you are building a network from scratch, strongly consider the benefits of 802.11g. It allows existing 802.11b users to continue to use the network, while providing a significant speed boost for 802.11g users. While it is a very new technology, reports from early adopters look very good. Apple has already decided to use 802.11g as its high speed standard in their new "AirPort Extreme" line of wireless gear. Note that the WECA hasn't referred to 802.11g as "Wi-Fi" yet, but just give them time.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The long awaited Municipal Area Network protocol is on the way, but isn't here just yet.

Approved on December 6, 2001, 802.16 promises to be the answer to all of the shortcomings of long distance applications that people have encountered using 802.11 protocols. It should be pointed out that the 802.11 family was never intended to provide long distance, metropolitan-area coverage (although I'll show you some examples of people doing exactly that). The 802.16 specification is specifically designed for providing wireless infrastructure that will cover entire cities, with typical ranges measured in kilometers. It will use frequencies from 10 to 66 GHz to provide commercial quality services to stationary locations (i.e., buildings). In January 2003, a new extension (802.16a) was ratified, which will operate in the 2 to 11 GHz range. This should help significantly with line-of-sight requirements of the extremely short waves of 10 to 66 GHz. Realistically, actual equipment that implements 802.16 is just now coming to market, and will likely be priced well above the consumer-grade equipment of the 802.11 family.

802.16 is designed for long-range networking, likely providing ranges of 20 to 30 kilometers.
Very high speed for fixed wireless, probably about 70 Mbps.

Shorter wavelengths of 10 to 66 GHz are more susceptible to signal fade due to environmental conditions (such as rain).
Many bands used by 802.16 and 802.16a are licensed spectrum.
It's just not available yet.

It will be interesting to see the 802.16 MAN story as it evolves, but it's too early to tell how this technology will fare. Fujitsu is currently developing an 802.16a chipset that it expects to have ready sometime in 2004, and is currently targeting a price tag of about $300. 802.16 will certainly be a welcome technology for long distance point-to-multipoint applications, which are difficult to implement effectively using 802.11. But unfortunately, the hardware isn't available to play with yet.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Bluetooth eliminates the need for cables that tether your tiny devices.

While the 802.11 protocols were designed to replace the ubiquitous CAT5 networking cable, Bluetooth aims to replace all of the other cables connected to your computer (with the sad exception of the power cable). Operating as a frequency hopper in the 2.4 GHz ISM band, it shares the same spectrum as 802.11b/g and many other devices. It is designed to create a so-called "Personal Area Network" for devices like cell phones, digital cameras, PDAs, headsets, keyboards and mice, and of course, computers. While it is possible to use Bluetooth for an actual Internet connection, it seems to be better suited for low bandwidth data and voice applications.

Very low power requirements, making it ideal for small battery-powered devices such as handhelds, phones, and headsets.
Simple interface and security model.
Exceptional interoperability between devices.
Built-in support for simultaneous data and voice traffic.

Relatively low data throughput (about 720 Kbps maximum).
Shares the 2.4 GHz band with many other devices, including 802.11b/g.
Very limited range, by design.

Bluetooth uses an aggressive full duplex frequency-hopping scheme (changing channels up to 1,600 times per second) to attempt to avoid noise in the 2.4 GHz band. While this may be good for Bluetooth, high power frequency-hopping devices can cause considerable interference for other devices using the band. Fortunately, most Bluetooth products operate only at 1mW, keeping most interference limited to a very small area. Even when using Bluetooth alongside an 802.11b connection, the perceived interference turns out to be minimal, and most people don't even notice the difference with normal usage. If you are using 802.11a in the presence of Bluetooth devices, the two will not interfere with each other at all.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Ubiquity is sometimes more important than speed. If you absolutely need to make a link that isn't possible with 802.11, then this older gear might be for you.

In the days before 802.11, a number of FCC Part 15 wireless networking products were competing in the marketplace. For example, Aironet, Inc. (before it was bought by Cisco) produced the Arlan networking series. The Arlan APs and bridges use 10baseT Ethernet, operate at 900 MHz, and have a data rate of 215 Kbps or 860 Kbps. They also made a number of complementary PCMCIA radio cards (the 655-900, 690-900, and PC1000, for example). These devices put out up to a whopping 1 Watt at 900 MHz. NCR had the WaveLAN 900 MHz line that included an ISA and PCMCIA card that would push 2 Mbps at 250mW. While the data rate can't compare to modern wireless networking gear, the higher power and lower frequency of this equipment offers significant advantages.

As the frequency of a signal increases, the apparent range it can cover at the same power and gain decreases. For example, a 100mW signal at 5.8 GHz appears to travel less than half the distance of a 100mW signal at 2.4 GHz, which appears to travel less than half that of a 100mW signal at 900 MHz. There is no limit to how far a signal can actually go, but its ability to rise above the background noise and be detected at a usable level is bounded by its power, frequency, and antenna gain. So to put it simply, all other variables being equal, lower frequency signals travel further than higher frequency signals. You can make higher frequency signals appear to travel further, but to do so you need to increase the power, antenna gain, or both.

Another curious property of radio is that the requirement of having line of sight between the devices becomes more important at higher frequencies, but is less critical at lower frequencies. Higher frequencies don't fare so well when there are obstacles between the ends of the radio link (particularly in urban and indoor settings). This property, combined with the advantage of greater range, means that 900 MHz equipment can be used in a variety of situations where 802.11b/g or 802.11a don't fare as well. It can penetrate foliage, buildings, and other obstacles better than its 802.11 counterparts. Of course, the big trade-off is throughput.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

If you can't roll your own wireless, you might try one of these mobile phone carrier networks.

When it comes to data rates, most people are in agreement that faster is better. But current communications technology always involves a trade-off between speed, power, and range. 54 Mbps may be great if you can get it, but on a large scale, this can be difficult to maintain. The 802.11 protocols compensate for increased range by scaling back the data rate, but these devices simply aren't designed to serve hundreds of people scattered over many miles.

There are times when any data to the Internet is better than none at all, no matter how slow it might be. For example, you might need to log in to a remote machine or send a quick email while traveling, when Wi-Fi or even wired network access just isn't available. Or maybe you want to have an alternate communications channel into a wireless node in a remote place (say, on a mountaintop or deep in the woods) where telephone lines aren't even available. For these situations, you might consider exploiting the biggest advantage of the commercial mobile data networks: their ubiquity.

Mobile networks maybe be slow and relatively expensive, but you can't beat their coverage compared to current Wi-Fi networks. They can give you an IP address just about anywhere, but be warned that most mobile data services are not cheap. Most charge by the byte, and all charge for airtime while you are using it.

The type of data service you can use depends on the underlying wireless technology. Obviously, before choosing a technology, determine the coverage area of the mobile network in the place you intend to use it. The three leading mobile data services are described next, in decreasing order of availability in the U.S.

CDPD stands for Cellular Digital Packet Data. It works over the enormously popular Time Division Multiple Access (TDMA) mobile network, which is easily the most widely deployed mobile network in the U.S. CDPD "modems" typically use a serial port or PCMCIA slot and offer speeds of up to 19.2 Kbps (real world is typically closer to 9,600 bps).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Use these high powered radios in places where mobile phones just don't cut it.

In the last couple of years, a number of manufacturers have come out with "high power" radios for general use, marketed as family or recreational communication devices and sold as impulse buy items at department stores. They claim a couple of miles range, operate on a chargeable battery pack or AA batteries, and most are surprisingly rugged and simple to use.

The two technologies behind these popular radios are FRS and GMRS. While sold in similar packaging and frequently sitting on shelves right next to each other, these two types of radios are quite different in capabilities and operating rules.

FRS stands for Family Radio Service , and was approved by the FCC for unlicensed use in 1996. It operates around 462 and 467 MHz, and is sometimes referred to as " UHF Citizens Band." It is not a Part 15 device like 802.11 radios, but is governed by FCC Part 95, Personal Radio Services . FRS radios share some channels with GMRS radios but are restricted to 500mW maximum power. Manufacturers typically claim two miles as the maximum range of FRS radios. FRS radios come with fixed antennas, and cannot be legally modified to accommodate antennas or amplifiers.

FRS channels 1 through 7 overlap with GMRS and can be used to communicate with GMRS radios. If you need to talk only to other FRS radios, use channels 8 through 14 to avoid possible interference with low band GMRS users. See Table 1-1 for the full list of FRS and GMRS frequencies.

GMRS stands for General Mobile Radio Service, and is also known as "Class A Citizens Band." Its use is also covered by FCC Part 95, but requires a license to operate. As of this writing, a personal license costs $75 and can be obtained online at http://wireless.fcc.gov/uls/.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Secure access to virtually any network port (wired or wireless) with 802.1x.

The 802.1x protocol is actually not a wireless protocol at all. It describes a method for port authentication that can be applied to nearly any network connection, whether wired or wireless.

Just when you thought you knew every IEEE spec relating to wireless, suddenly 802.1x appeared on the scene. The full title of 802.1x is "802.1x: Port Based Network Access Control." Interestingly enough, 802.1x wasn't originally designed for use in wireless networks; it is a generic solution to the problem of port security. Imagine a college campus with thousands of Ethernet jacks scattered throughout libraries, classrooms, and computer labs. At any time, someone could bring their laptop on campus, sit down at an unoccupied jack, plug in, and instantly gain unlimited access to the campus network. If network abuse by the general public were common, it might be desirable to enforce a policy of port access control that permitted only students and faculty to use the network.

This is where 802.1x fits in. Before any network access (to Layer 2 or above) is permitted, the client (the supplicant, in 802.1x parlance) must authenticate itself. When first connected, the supplicant can only exchange data with a component called the authenticator. This in turn checks credentials with a central data source (the Authentication Server), typically a RADIUS server or other existing user database. If all goes well, the authenticator notifies the supplicant that access is granted (along with some other optional data) and the client can go about its merry way. The various encryption methods employed are not defined in particular, but an extensible framework for encryption is provided—the Extensible Authentication Protocol , or EAP.

802.1x is widely regarded by the popular press as "the fix" for the problems of authentication in wireless networks. For example, the "other data" that is sent back to the supplicant could contain WEP keys that are dynamically assigned per session and are automatically renewed every so often, making most data collection attacks against WEP futile. Unfortunately, 802.1x has been found to be susceptible to certain session hijacking, denial of service, and man-in-the-middle attacks when used with wireless networks, making the use of 802.1x as the "ultimate" security tool a questionable proposition.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

These nontraditional networking protocols can save you a ton of effort.

While not wireless networking protocols per se, both HPNA and Powerline Ethernet are finding their way into many people's network scheme. Like wireless, they both provide network functionality without requiring the installation of CAT5 cable. But rather than use wireless, they use other common media for their physical connection.

HPNA stands for Home Phone Networking Alliance . It provides networking capabilities over existing CAT3 cable, and can share the same wire as a standard telephone line (even if you are using DSL on the same line). HPNA can reach about 1,000 feet over CAT3. The original HPNA 1.0 products can communicate at about 1.3 Mbps, while the newer HPNA 2.0 standard allows for speeds of up to 32 Mbps (although devices operating at 10 Mbps are more common). Some consumer grade routers, such as 2Wire HomePortal 100W, incorporate Ethernet, HPNA, and 802.11b in one unit.

Instant networking in any building with existing telephone wiring.
Very simple installation; just plug it in and you're done.
Fairly inexpensive.

HPNA isn't nearly as popular as Ethernet or Wireless, so it can sometimes be hard to find in retail stores.
HPNA 1.0 is much slower than wireless, but HPNA 2.0 approaches speeds of 802.11b.
Every HPNA device uses the telephone line as a shared medium, making it less efficient than a network switch as more devices are added.

HPNA can be ideal for adding access points to additional locations in a house or building that doesn't have CAT5 Ethernet laid to each room. Dedicated Ethernet is better for speed and reliability, but HPNA can make your job much easier. If you need to add additional access points to a building for greater coverage, or you want to shoot "through" a building by adding a device with external antennas on opposite walls, then HPNA can save a great deal of effort when tying it all together.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

BSS/Master/AP/Infrastructure/IBSS/Ad-Hoc/Peer-to-Peer: these all refer to 802.11b operating modes, but what does it all mean?

802.11b (see [Hack #3] ) defines two possible (and mutually exclusive) radio modes that stations can use to intercommunicate. Those modes are BSS and IBSS.

BSS stands for Basic Service Set. In this operating mode, one station (the BSS master , usually a piece of hardware called an access point ) acts as a gateway between the wireless and a wired (likely Ethernet) backbone. Before gaining access to the wired network, wireless clients (also called BSS clients) must first establish communications with an access point within range. Once the AP has authenticated the wireless client, it allows packets to flow between the client and the attached wired network, either routing traffic at Layer 3, or acting as a true Layer 2 bridge. A related term, Extended Service Set (ESS), refers to a physical subnet that contains more than one access point (AP). In this sort of arrangement, the APs can communicate with each other to allow authenticated clients to "roam" between them, handing off IP information as the clients move about. Note that (as of this writing) there are no APs that allow roaming across networks separated by a router.

IBSS (Independent Basic Service Set) is frequently referred to as Ad-Hoc or Peer-to-Peer mode. In this mode, no hardware AP is required. Any network node that is within range of any other can communicate if both nodes agree on a few basic parameters. If one of those peers also has a wired connection to another network, it can provide access to that network.

Note that an 802.11b radio must be set to work in either BSS or IBSS mode, but cannot work in both simultaneously. Also, BSS Masters (that is, APs) cannot speak to each other over the air without using WDS or some other tricky mechanism. Both BSS and IBSS support shared-key WEP encryption, for what it's worth (see [Hack #87] and the rest of Chapter 7).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

There is much talk in the communications industry of providing "last mile" connectivity. Think of Bluetooth as providing connectivity for the last 10 feet. Bluetooth excels as a handy cable replacement technology, helping to eliminate the need for cumbersome wires that you might find on headsets, remote controls, PDAs, and other small devices. Bluetooth aims to end the days of needing to carry a three-foot piece of cable with obscure connectors on either end everywhere you go, just to interface to your laptop. You can use Bluetooth-enabled devices to talk to a laptop or a desktop, or even have them talk to each other to exchange data almost effortlessly. There are also a number of Bluetooth-enabled input devices on the market, such as mice and keyboards. While it does increase one's dependency on batteries, Bluetooth can go a long way toward cutting down on the rat's nest of cables that comes with personal computing. This chapter demonstrates some nifty directions people are taking with Bluetooth.

Also presented in this chapter are a couple of hacks about how to interface with mobile data networks [Hack #8]. These networks are particularly handy to use when Wi-Fi or other connectivity just isn't available. Devices that combine Bluetooth, mobile data networks, on-board storage, audio capability, and even video cameras are just coming to market. These advanced devices are just the beginning of the inevitable convergence of consumer products with general purpose computers and the Internet, creating an unprecedented level of connectivity for the average user. Here are some hacks that push this concept of hyperconnectivity quite far.

Use your phone as a remote control for presentations or iTunes, or for about anything you can script with AppleScript.

The Salling Clicker is one of the niftiest applications for Bluetooth that I've seen. It effectively turns a Sony Ericsson mobile phone into a full color, programmable remote for OS X. You can launch apps, control presentations, and even use it as a general purpose mouse. It works with many Sony Ericsson phones, including the T39m, R520m, T68, T68i, and T610. It is available online on VersionTracker, or directly from

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

There is much talk in the communications industry of providing "last mile" connectivity. Think of Bluetooth as providing connectivity for the last 10 feet. Bluetooth excels as a handy cable replacement technology, helping to eliminate the need for cumbersome wires that you might find on headsets, remote controls, PDAs, and other small devices. Bluetooth aims to end the days of needing to carry a three-foot piece of cable with obscure connectors on either end everywhere you go, just to interface to your laptop. You can use Bluetooth-enabled devices to talk to a laptop or a desktop, or even have them talk to each other to exchange data almost effortlessly. There are also a number of Bluetooth-enabled input devices on the market, such as mice and keyboards. While it does increase one's dependency on batteries, Bluetooth can go a long way toward cutting down on the rat's nest of cables that comes with personal computing. This chapter demonstrates some nifty directions people are taking with Bluetooth.

Also presented in this chapter are a couple of hacks about how to interface with mobile data networks [Hack #8]. These networks are particularly handy to use when Wi-Fi or other connectivity just isn't available. Devices that combine Bluetooth, mobile data networks, on-board storage, audio capability, and even video cameras are just coming to market. These advanced devices are just the beginning of the inevitable convergence of consumer products with general purpose computers and the Internet, creating an unprecedented level of connectivity for the average user. Here are some hacks that push this concept of hyperconnectivity quite far.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Use your phone as a remote control for presentations or iTunes, or for about anything you can script with AppleScript.

The Salling Clicker is one of the niftiest applications for Bluetooth that I've seen. It effectively turns a Sony Ericsson mobile phone into a full color, programmable remote for OS X. You can launch apps, control presentations, and even use it as a general purpose mouse. It works with many Sony Ericsson phones, including the T39m, R520m, T68, T68i, and T610. It is available online on VersionTracker, or directly from http://homepage.mac.com/jonassalling/Shareware/Clicker/.

The app will install itself as a new control panel and automatically launch. Click on the tiny phone in the menu bar (Figure 2-1), select Open Salling Clicker Preferences...and click Select Device. Make sure Bluetooth is enabled in OS X and that your phone is on and somewhere near your computer.

Figure 2-1: The Clicker's menu bar icon.

Select your phone from the list and save the changes. You can now use your phone to steer OS X as well as to publish custom menus to the phone itself. Under the Phone Menu tab, you can create custom menus of whatever you like and publish them to your phone. Control OS X by navigating these menus on the phone and selecting what you want to do, such as launch an app or skip to the next track in iTunes. Some phones (like T68/T68i) will even allow you to use the phone as a mouse, making it possible to control any application. Just select System → Mouse mode, and you can use the tiny stick on the phone as a pointer.

Since Bluetooth's range is limited to 30 feet or less, it is possible to signal Clicker to take action when your phone moves in and out of range. You can control this functionality by looking under the Proximity Sensor tab (Figure 2-2). For example, you might want Clicker to pause iTunes and turn on the screensaver whenever you leave your machine. The interface is very simple: just drag the actions you want it to perform into the relevant boxes, and away you go.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Stop fiddling around with your phone's keypad and use your laptop for text messaging.

Short Message Service (SMS) is better known as text messaging for mobile devices. It has proven to be surprisingly popular in many parts of the world (particularly Japan, the Philippines, and much of Europe), but for one reason or another has been less than enthusiastically received in the U.S. Part of the barrier to entry for many people is the sometimes painful text entry interface on most mobile phones. The demand for tiny phones has squeezed out virtually all hope of a usable integrated keyboard. While predictive text technologies like T9 have helped make typing require fewer keystrokes, the interface is still far from intuitive. Many people find themselves obsessively hitting number keys in a feeble effort to express themselves, most times mistyping one or two letters along the way. And entering punctuation marks and symbols is so inconvenient that most people don't bother.

If you have a Bluetooth-enabled phone, there is hope. OS X provides some very good integration with these devices and SMS. In order to get started, be sure that Bluetooth is enabled and that your phone is paired with your laptop as you normally would. When you launch the Address Book with Bluetooth enabled, you will notice an extra Bluetooth button at the top left corner of the window (Figure 2-4). Click this button to enable Bluetooth integration in the Address Book.

Figure 2-4: Click the Bluetooth button in the Address Book to enable the phone book's Bluetooth integration.

Having Bluetooth enabled turns on a number of useful features. In addition to being able to simply dial the number directly from an Address Book entry, you can also send an SMS message. Click the label to the left of the number you want to message (Figure 2-5) and select

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Instantly publish your photos from the road, without even logging in.

To me, digital photography is something of a mixed blessing. The instant gratification of being able to view your photos immediately is many times offset by two small details: you need to have your camera with you and it has to be charged. My camera is much too large and fragile to carry with me all of the time, and I'd hate to have yet another device to keep track of and plug in at night. This means that I end up with lots of "event-style" photos, but relatively few impromptu snapshots of daily life. All too often, by the time I run to grab the camera, the moment has passed, and the perfect photo is gone forever.

A number of manufacturers have realized that there is a device that people habitually carry with them and nearly always keep well charged: their cell phones. Nokia has managed to merge a whole slew of nifty technologies into their 3650 phone, including Bluetooth, GPRS, GSM, and of course, a digital camera. This leads to all sorts of fascinating possibilities. Not only is it simple to upload photos to a laptop using Bluetooth, but the interface for sending photos via email is also dead simple. As if IM spam weren't bad enough, mankind is now developing the ability to spam each other with video.

Rather than throw photo bits at your friends and relatives, it is much more efficient to publish your photo album to a web page, and IM your friends and family the link to it. With a little bit of scripting fu, it is straightforward to have a script that will accept an email and publish it to a web page.

First, you need to have your script accept email. This is easily done with a procmail recipe. Add this to your .procmailrc on your mail server:

:0 
* ^TO yoursecretaddress@yourdomain.com
| /home/username/bin/phonecam.sh

Of course, change yoursecretaddress@yourdomain.com to the email address that your photo server will use, and fix the path to the following script to point to a real directory. Keep this address private, because any images sent to it will automatically be published! If you're not running procmail on your mail server, consult your friendly neighborhood sysadmin for assistance.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Get Bluetooth up and running quickly under Linux 2.4.

As you might expect, getting Bluetooth to work under Linux takes a little more work than other operating systems. First, it should be noted that there are actually three distinct Bluetooth protocol stacks for Linux: Affix, OpenBT, and BlueZ, each with varying support for different Bluetooth adapters, and each with somewhat distinct means of configuration. Since BlueZ has been crowned as the "official" Linux Bluetooth stack, that's the one we'll focus on here.

First, make sure you have a supported Bluetooth adapter. You can find a reasonably current list of BlueZ-supported hardware at http://www.holtmann.org/linux/bluetooth/devices.html.

Next, you'll need to make sure that your kernel has Bluetooth support enabled. Kernels shipped with both the Red Hat 9.0 and Debian "Sarge" distributions already include Bluetooth support. You can test your kernel for Bluetooth supports by running modprobe rfcomm as root. If the modprobe fails, you'll need to rebuild your kernel.

In the event of a failure, build and install a fresh copy of the Linux kernel at Version 2.4.21 or better (or 2.4.20 with the -mh6 patch). When you configure the kernel, select all of the options under "Bluetooth support" to be built as separate modules. However, be sure that the "USB Bluetooth support" option under "USB support" is disabled—this compiles in UART support the OpenBT protocol stack, which will interfere with the BlueZ stack. Newer versions of the kernel disable this last option for you automatically, if BlueZ is selected.

One additional note: if you are running a newer Toshiba or Sony laptop and want to use the built-in Bluetooth adapter, you will need to enable the Toshiba- or Sony-specific kernel options under the "Processor type and features" and "Character devices" sections. You will also need special userspace utilities to enable the Bluetooth adapters on these laptops; these utilities are beyond the scope of this book, but more information about them can be found on the BlueZ-supported device listing referred to earlier in this section.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Use your Bluetooth phone as a modem when Wi-Fi isn't available.

No doubt the novelty of being able to scan for nearby Bluetooth devices from your Linux machine will wear off all too soon, and you'll be wanting to actually do things with your shiny new Bluetooth connection. Being able to use your cell phone as a modem from all those places you can't pull in a Wi-Fi signal would be pretty cool, wouldn't it?

Bluetooth supports a number of "profiles," which define the way that Bluetooth devices can communicate with each other. In this case, we want to make use of the Dial-up Networking (DUN) profile, which relies on a protocol called RFCOMM to emulate a serial link between two devices. You can use RFCOMM to connect your Linux box to your phone, and then run pppd over the link to get access to the Internet. This works using GPRS, or even an ordinary Internet dial-up.

Assuming you've got Bluetooth working [Hack #16], you should be able to bring your phone within range of your computer and scan for it using hcitool. We'll presume that you've done this, and that hcitool reports a BD address for your phone of 00:11:22:33:44:55.

You can also use sdptool to verify that there's a device in range that supports the DUN profile:

$ sdptool search DUN
Inquiring ...
Searching for DUN on 00:11:22:33:44:55 ...
Service Name: Dial-up Networking
Service RecHandle: 0x10001
Service Class ID List:
  "Dialup Networking" (0x1103)
  "Generic Networking" (0x1201)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 1

Note this channel number, because you'll need it later. As you can see, hcitool and sdptool offer a lot of other useful Bluetooth diagnostic functions, which you can read more about on their respective manpages.

Before you can actually connect to the phone, however, you may need to set up what's referred to as device pairing between your Linux box and your phone, so that your phone knows to allow your computer access to its services, and possibly vice versa. Your computer's PIN can be found in

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Exchange data freely between your Bluetooth device and your Linux box.

Getting on the Net [Hack #17] from anywhere your cell phone works is pretty darn cool, but your phone probably has other features. Maybe someone messaged you a photo from their family barbecue that you want to copy over to your laptop. Or maybe you just want to install some applications on your shiny new phone.

The heart of file transfer over Bluetooth is called the Object Exchange , or OBEX, protocol, a binary file transfer protocol run over not merely Bluetooth, but also Infrared and even generic TCP/IP. The OpenOBEX project at http://openobex.sf.net/ offers the most ubiquitous open source implementation of the protocol. You can get packages for libopenobex and openobex-apps from the sid distribution, and Red Hat packages for openobex can be had from the SourceForge site or on rpmfind.net. Bluetooth actually supports two different OBEX profiles for transferring files: OBEX Push, which is primarily used for dumping individual files to a Bluetooth device, and OBEX File Transfer, which supports a richer set of file exchange operations.

Unfortunately, the present state of the art in Bluetooth file transfer using Linux is still in considerable flux. The openobex-apps package contains an obex_test application, which offers one very rudimentary way of sending files to your Bluetooth devices. First, you need to figure out which Bluetooth channel your phone or other device uses for OBEX File Transfer; to do this, type:

# sdptool search FTRN
Inquiring ...
Searching for FTRN on 00:11:22:33:44:55 ...
Service Name: OBEX File Transfer
Service RecHandle: 0x10003
Service Class ID List:
  "OBEX File Transfer" (0x1106)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 10
  "OBEX" (0x0008)

Now you can try connecting to the device with obex_test, using the -b option (for Bluetooth), the BD address of the device, and the FTRN channel number:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Use your Bluetooth device to control your music remotely under Linux.

If you have a mobile Bluetooth device that you'd like to use to control XMMS in Linux, you may be in luck. There are actually a couple of applications out there that use a WAP-like serial interface to Ericsson's T-series phones (including the T68i and the T39m) to configure them for use as XMMS remote controls.

The first of the two is a standalone Ruby-based application called bluexmms , which is available from http://linuxbrit.co.uk/bluexmms/. Make sure your phone is paired ([Hack #16]) with the Bluetooth interface on your computer. Install bluexmms, and then use rfcomm to bind an RFCOMM device to channel 2 on the T68i, which is (oddly) the T68's "generic telephony" service.

Next, run bluexmms /dev/rfcomm1 on your device, substituting the name of the RFCOMM device you just created. You should now be able to go to Accessories/XMMS Remote on your phone's menu, and voila!

A second, but very similar approach, involves an XMMS plugin called btexmms, which can be downloaded from http://www.lyola.com/bte/. Build and install the plugin, and create an RFCOMM device on channel 2, as just described. Then, go into the XMMS preferences menu, and under Effects → General Plugins, enable and configure the BTE Control plugin. Set the device to whatever RFCOMM device you created for this purpose, and save your changes. Now you should be able to access the remote control from Accessories/XMMS Remote, as described above.

If you don't have an Ericsson T-series phone, you might try Bemused, which runs on SymbianOS devices, like the Nokia 3650/7650 and the Ericsson P800. Unlike the T68 apps just listed, which rely on the computer to establish a connection to the phone, Bemused instead uses a client that initiates the connection from your phone to a server running on your computer.

You can get the Bemused server and client from

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Perhaps the most difficult task in wireless networking is trying to visualize what is really going on. Radio waves are invisible and undetectable to humans without the aid of sophisticated tools, such as a spectrum analyzer. Such devices aren't cheap, ranging from several hundreds to tens of thousands of dollars, depending on its capabilities. Obviously, such devices are well beyond the reach of the average networking aficionado. And even if they weren't, a spectrum only gives you a visualization of what is going on at the physical radio layer, and doesn't give you any indication of what is happening with the actual network data.

Fortunately, every radio networking device can not only transmit data, but can listen as well. Combined with sophisticated (and generally free) software, this can turn an average laptop or handheld into a powerful monitoring tool. In this chapter, I'll show you how to use standard hardware to detect wireless networks and clients, generate statistics on their usage, and gather valuable insight into how your network is being used by sifting through the deluge of available radio information. Using these tools can help you coordinate networking efforts with people in your local vicinity to make the most efficient possible use of the available radio spectrum.

Locate all wireless networks in range without installing any additional software.

So, you've got a laptop. You've got a wireless card. The card might even be built into your laptop. You know there are wireless networks in your area. How do you find them? You might even have an external antenna connected to your wireless card, hoping to establish a longer distance connection. How do you find that network a half-mile away?

If you are connected to a wireless network already, you could download a tool like NetStumbler [Hack #21], but this requires a network connection and you don't have one yet.

All of the major operating systems have integrated software that allows you to discover wireless networks and obtain some status information about the currently connected network.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Perhaps the most difficult task in wireless networking is trying to visualize what is really going on. Radio waves are invisible and undetectable to humans without the aid of sophisticated tools, such as a spectrum analyzer. Such devices aren't cheap, ranging from several hundreds to tens of thousands of dollars, depending on its capabilities. Obviously, such devices are well beyond the reach of the average networking aficionado. And even if they weren't, a spectrum only gives you a visualization of what is going on at the physical radio layer, and doesn't give you any indication of what is happening with the actual network data.

Fortunately, every radio networking device can not only transmit data, but can listen as well. Combined with sophisticated (and generally free) software, this can turn an average laptop or handheld into a powerful monitoring tool. In this chapter, I'll show you how to use standard hardware to detect wireless networks and clients, generate statistics on their usage, and gather valuable insight into how your network is being used by sifting through the deluge of available radio information. Using these tools can help you coordinate networking efforts with people in your local vicinity to make the most efficient possible use of the available radio spectrum.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Locate all wireless networks in range without installing any additional software.

So, you've got a laptop. You've got a wireless card. The card might even be built into your laptop. You know there are wireless networks in your area. How do you find them? You might even have an external antenna connected to your wireless card, hoping to establish a longer distance connection. How do you find that network a half-mile away?

If you are connected to a wireless network already, you could download a tool like NetStumbler [Hack #21], but this requires a network connection and you don't have one yet.

All of the major operating systems have integrated software that allows you to discover wireless networks and obtain some status information about the currently connected network.

If a wireless access point is in range of your wireless card, Windows XP by default will attempt to automatically connect to the access point. It will inform you using a pop up above the task bar, which says, "One or more wireless connections are available."

Clicking on the network icon opens a window titled "Wireless Network Connection," as shown in Figure 3-1.

Figure 3-1: Available networks under Windows XP.

This window lists any wireless networks that are in range of your wireless card. In this example, there are three within range. The window also shows you that the selected wireless network requires the use of a WEP key [Hack #86] in order to join the network.

In order to join this network, you would need to type in the WEP key and then confirm the key by retyping. Once done, you would click on Connect. The window will close, and the network icon in the task bar should say "Wireless Network Connection (network name)". The icon also displays the wireless network speed and signal strength.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Find all available wireless networks with this infamous monitoring tool.

Once you've tried using the wireless client software included with any of the major operating systems, you'll quickly realize the major shortcomings of these utilities. Most tools don't give a detailed measurement of signal strength and won't even indicate when multiple networks are using the same channel.

NetStumbler (http://www.stumbler.net/) is an excellent (and free) utility that will give you a great deal of detail about all of the wireless networks in range, including their ESSID, whether they use WEP, the channels they use, and more. As of this writing, the current version is 0.30, and the author is working on Version 0.4. Installation is easy and quick, and for everything that NetStumbler does, the software package is remarkably small.

NetStumbler does not support all wireless network cards. You'll want to check the README before installing to make sure you've got a compatible wireless card. Supported cards include all cards using the Hermes chipset (Lucent/Orinoco/Avaya/Agere/Proxim cards). As of Version 0.30, the software also supports native NDIS 5.1 drivers in Windows XP, allowing it to support Cisco Aironet and some Prism-based cards.

When you launch NetStumbler for the first time, you're going to want to set some options. Click on View and select Options. You'll see the Options dialog as shown in Figure 3-9.

Figure 3-9: NetStumbler Options.

There are a couple of very important options here that you must select to get the best performance out of NetStumbler. You will probably want to set the scan speed to Fast. You'll get more frequent and more accurate updates of wireless networks with this setting. Also, if you are using Windows 2000 or Windows XP, you should definitely check the "Reconfigure card automatically" option. If you don't check this, NetStumbler will find whatever wireless network your card is currently associated with, but no other networks.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Table of Contents