book

Wireless Hacks, 2nd Edition

by Rob Flickenger, Roger Weeks

November 2005

Intermediate to advanced

466 pages

12h 40m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Wireless Hacks, 2nd Edition
Foreword
Credits
About the AuthorsContributorsAcknowledgmentsRobRoger
Preface
Why Wireless Hacks?How to Use This BookHow This Book Is OrganizedConventions Used in This BookUsing Code ExamplesHow to Contact UsSafari Books OnlineGot a Hack?
1. Bluetooth, Mobile Phones, and GPS
1.1. Hacks 1–22: Introduction1. Set Up Bluetooth on Linux2. Set Up Bluetooth on Windows XP1.3.1. Installing Bluetooth1.3.2. Securing Your Bluetooth Connection1.3.3. Networking with Bluetooth1.3.4. See Also3. Connect Mac OS X with a Bluetooth Phone1.4.1. Requirements1.4.2. Adding a Device1.4.3. Connection Setup4. Connect Linux with a Bluetooth Phone1.5.1. Pairing Your Phone1.5.2. Configuring PPP Networking1.5.3. Hacking the Hack5. Connect Windows XP with a Bluetooth Phone6. Use Your Treo as a Modem1.7.1. Treo 650 Bluetooth DUN1.7.2. PdaNet7. Send SMS from a PowerBook8. Remote Control Mac OS X with Bluetooth Phones and PDAs1.9.1. Installing Clicker1.9.2. Connecting to Clicker1.9.3. Hacking the Hack9. Remote Control Linux with a Bluetooth Phone10. Control XMMS with Bluetooth11. Liven Up Parties with a Participatory Slideshow1.12.1. The Slideshow1.12.2. The Code12. Send SMS from Linux13. Remote Control Windows with Bluetooth Phones and PDAs1.14.1. Requirements1.14.2. Installing PuppetMaster1.14.3. Controlling Your PC1.14.4. Hacking the Hack14. Control Your Bluetooth Phone with FMA1.15.1. Requirements1.15.2. Setup1.15.3. FMA15. Control Your Computer from Your Palm1.16.1. Set up VNC on Your Desktop1.16.1.1. Setting up OSXvnc on a Mac.1.16.1.2. Securing the connection.1.16.1.3. Setting up VPN.1.16.1.4. Setting up VPN on Windows XP.1.16.2. Set up PalmVNC16. Control Your Home Theater from Your Palm1.17.1. Hardware1.17.2. Detailed Instructions1.17.2.1. Using NoviiRemote.1.17.2.2. Using OmniRemote.17. Choose a Cellular Data Plan1.18.1. Flavors of Cellular Data1.18.2. Figure Out What You’ll Need1.18.3. Compare the Plans18. Blog from Your Mobile Phone1.19.1. SMS Moblogging1.19.2. Email Moblogging1.19.3. Photo Moblogging to Any Blog Service1.19.3.1. Smart client for Flickr.1.19.4. Hacking the Hack1.19.4.1. Setting up WordPress.1.19.4.2. Email posting with WordPress.1.19.4.3. Setting up email automatic polling.19. Get Google Maps on Your Mobile Phone20. Share Your GPS1.21.1. Connecting the GPS1.21.2. See Also21. Broadcast Your GPS Position1.22.1. See Also22. Map Wi-Fi Networks with Kismet and GPSd1.23.1. See Also
2. Network Discovery and Monitoring
2.1. Hacks 23–39: Introduction23. Find All Available Wireless Networks2.2.1. Windows XP2.2.2. Mac OS X2.2.3. Linux24. Discover Networks with NetStumbler2.3.1. Options2.3.2. Network Discovery2.3.3. Caveats25. Detect Networks with Handheld PCs2.4.1. MiniStumbler2.4.2. WiFiFoFum2.4.3. Other Handhelds26. Find and Join Wireless Networks with AP Radar2.5.1. Prerequisites2.5.2. Building and Using AP Radar2.5.3. Final Thoughts27. Detect Networks on Mac OS X2.6.1. MacStumbler2.6.2. iStumbler2.6.3. Final Thoughts28. Scan Passively with KisMAC29. Detect Networks with Kismet2.8.1. Installation2.8.2. Running Kismet2.8.3. Cleaning Up2.8.4. See Also30. Monitor Wireless Links in Linux with Wavemon31. Analyze Traffic with Ethereal32. Track 802.11 Frames in Ethereal33. Watch Network Traffic34. grep Your Network2.13.1. The Code2.13.2. Running the Hack35. Check Wi-Fi Network Performance with Qcheck36. Estimate Network Performance37. Get Real-Time Network Stats38. Graph Your Wireless Performance39. Find Radio Manufacturers by MAC2.18.1. The Code2.18.2. Running the Hack
3. Wireless Security
3.1. Hacks 40–51: Introduction40. Stop Moochers from Stealing Your Wi-Fi Bandwidth3.2.1. Hacking the Hack41. Visualize a Network3.3.1. EtherPEG3.3.2. DriftNet42. Secure Your Linux Network with WPA3.4.1. Requirements3.4.1.1. Drivers.3.4.1.2. WPA types.3.4.2. Installing wpa_supplicant3.4.2.1. Ubuntu package.3.4.2.2. Fedora Core 3 compile.3.4.3. Configuration3.4.4. Testing and Usage3.4.5. Running wpa_cli43. Control Wireless Access by MAC3.5.1. FreeRADIUS Configuration3.5.2. Access Point Configuration44. Authenticate Wireless Users3.6.1. FreeRADIUS Configuration3.6.2. Access Point Configuration45. Forward Ports over SSH3.7.1. See Also46. Proxy Web Traffic over SSH47. Securely Connect Two Networks3.9.1. vtun Setup3.9.2. vtun with SSH3.9.3. Tips and Tricks48. Generate a Tunnel Configuration Automatically3.10.1. The Code49. Poll Wireless Clients50. Interrogate the Network51. Track Wireless Users
4. Hardware Hacks
4.1. Hacks 52–62: Introduction52. Add an External Antenna4.2.1. Patch Antennas4.2.2. Popsicle Omni Antennas4.2.3. Rubber Ducky Antennas53. Do-It-Yourself Access Point Hardware54. Boot from a Compact Flash Hard Drive55. Increase the Range of a PowerBook56. Send Power over Your Ethernet4.6.1. Step by Step4.6.2. Resistance Is Futile57. The NoCat Night Light58. Upgrade the Linksys WET114.8.1. Add an Antenna4.8.2. Upgrade the Radio4.8.3. Use a Battery Pack59. Scan for Wireless Networks Automatically4.9.1. Requirements4.9.2. Construction4.9.3. Software4.9.4. Hacking the Hack60. Backlight Your Zipit4.10.1. Getting It Open4.10.2. Removing the Mainboard4.10.3. Opening the LCD4.10.4. Removing the LCD Reflector4.10.5. Preparing and Installing the EL Panel4.10.6. Wiring4.10.7. The Driver Board4.10.8. Hacking the Hack61. Unwire Your Pistol Mouse4.11.1. Requirements4.11.2. Disassembly4.11.3. Wiring4.11.4. Testing and Debugging4.11.5. Cutting4.11.6. Reassembly4.11.7. Use62. Mobilize Your WRT54G with the WiFiCar4.12.1. The Software4.12.2. The Hardware
5. Software Hacks
5.1. Hacks 63–82: Introduction63. Build Your Own Access Point with Linux5.2.1. Hardware Choices5.2.2. Radio Cards and Antennas5.2.3. Software Requirements5.2.4. HostAP5.2.4.1. Ubuntu package install.5.2.4.2. Compiling from source.5.2.5. Madwifi5.2.5.1. Ubuntu package install.5.2.5.2. Compiling from source.5.2.6. Configuring Your AP5.2.7. Hacking the Hack64. Bridge Your Linux AP5.3.1. Bridge Setup5.3.2. Caveats5.3.3. See Also65. Protect Your Bridge with a Firewall66. Filter MAC with HostAP and Madwifi67. Upgrade Your Wireless Router5.6.1. Sveasoft Firmware5.6.2. OpenWRT5.6.3. Hacking the Hack68. Set Up an OLSR Mesh Network5.7.1. Getting the Firmware5.7.2. Uploading the Firmware5.7.3. Getting Meshed Up5.7.4. Rinse and Repeat5.7.5. Meshing Made Easy5.7.6. Troubleshooting the Firmware Upload5.7.7. See Also69. Extend Your Wireless Network with WDS5.8.1. WDS Requirements5.8.2. Linksys Alchemy Setup5.8.3. HostAP Setup5.8.4. Hacking the Hack70. Pebble71. Wall Off Your Wireless5.10.1. Installation5.10.2. Configuration5.10.3. Using m0n0wall72. Run Your Mac as an Access Point73. Run Linux on the Zipit Wireless Messenger5.12.1. Flashing the Zipit5.12.1.1. Becoming the man in the middle.5.12.1.2. Setting up the DNS.5.12.1.3. Setting up the web server.5.12.2. zflash OpenZipit over NFS5.12.2.1. NFS setup.5.12.2.2. zflash.5.12.3. Customizing Your Image5.12.3.1. Modify the default settings.5.12.3.2. Add useful scripts.5.12.3.3. Get some tunes going.5.12.4. Hacking the Hack5.12.5. See Also74. Capture Wireless Users with NoCatAuth75. Capture Wireless Users on a Small Scale76. Build an Online Community in Your Offline Neighborhood5.15.1. PlaceSite5.15.2. The Core Components.5.15.2.1. The server.5.15.2.2. The node.5.15.3. PlaceSite in Action5.15.4. Setting Up Your Own PlaceSite5.15.5. Running the Hack5.15.6. Troubleshooting the Hack5.15.7. Hacking the Hack77. Manage Multiple AirPort Base Stations5.16.1. A Power Tool for Configuration Management5.16.2. Tweaking Placement of Base Stations78. Advertise Bonjour Services in Linux5.17.1. Background5.17.2. Using Howl79. Advertise Any Service with Bonjour in Mac OS X5.18.1. Network Beacon5.18.2. mod_bonjour80. Redirect “Brought to you by” Bonjour Ads81. Use a Windows-Only Wireless Card in Linux5.20.1. WLAN DriverLoader5.20.2. NdisWrapper5.20.3. Final Thoughts82. Use Your Orinoco Card with Hermes AP
6. Do-It-Yourself Antennas
6.1. Hacks 83–93: Introduction83. Make a Deep Dish Cylindrical Parabolic Reflector84. Spider Omni Antenna85. Pringles Can Waveguide6.4.1. Front Collector Construction6.4.2. Preparing the Can6.4.3. Element Construction86. Pirouette Can Waveguide6.5.1. See Also87. Primestar Dish with Waveguide Feed6.6.1. Construction6.6.2. Other Considerations6.6.3. Hacking in 802.11a88. Primestar Dish with Biquad Feed6.7.1. Construction of the Biquad6.7.2. Biquad Antenna for PCS Cellular Radio89. Cut a Cable Omni Antenna6.8.1. Cutting the Pieces6.8.2. Building a Jig90. Build a Slotted Waveguide Antenna6.9.1. How a Waveguide Antenna Works6.9.2. Unidirectional Waveguide Antennas6.9.3. Omnidirectional Slotted Waveguide Antennas6.9.4. Highly Directional Slotted Waveguide Antennas6.9.5. Construction Details for the 8-Slot Unidirectional Antenna6.9.6. Coupling the Signal into the Waveguide6.9.7. 8+8 Slot Omnidirectional Antenna6.9.8. 8-Slot Unidirectional Antenna6.9.9. Construction Details for 16- and 16+16-Slot Design91. The Passive Repeater6.10.1. Why a Passive Repeater Won’t Work6.10.2. An Example that Almost Works6.10.3. A Working Example92. Determine Your Antenna Gain93. Build Cheap, Effective Roof Mounts

7. Wireless Network Design
7.1. Hacks 94–100: Introduction94. Analyze Elevation Profiles for Better Long-Range Wireless Networking7.2.1. NoCat Maps7.2.2. Installing Your Own Profile Analyzer7.2.3. Getting the Elevation Data7.2.4. Setting Up the Application7.2.5. Starting Your Elevation Profiler for the First Time7.2.6. The Caveats95. Build a Wireless Network for the Large House7.3.1. Two Antennas Are Better Than One7.3.2. Plugging Into Wireless7.3.3. Hacking the Hack96. Establish Line of Sight7.4.1. Using a GPS to Log Prospective LAT/LONG/ALT7.4.2. Plotting the Points on a 3D Map97. Calculate the Link Budget98. Align Antennas at Long Distances99. Slow Down to Speed Up100. Take Advantage of Antenna Polarization
A. Wireless Standards
A.1. 802.11: The Mother of All IEEE Wireless EthernetA.1.1. ProsA.1.2. ConsA.1.3. RecommendationA.2. 802.11a: The Betamax of the 802.11 FamilyA.2.1. ProsA.2.2. ConsA.2.3. RecommendationA.3. 802.11b: The De Facto StandardA.3.1. ProsA.3.2. ConsA.3.3. RecommendationA.4. 802.11g: Like 802.11b, only FasterA.4.1. ProsA.4.2. ConsA.4.3. RecommendationA.5. 802.16: WiMAX Long Distance Wireless InfrastructureA.5.1. ProsA.5.2. ConsA.5.3. RecommendationA.6. Bluetooth: Cable Replacement for DevicesA.6.1. ProsA.6.2. ConsA.6.3. RecommendationA.7. 900 MHz: Low Speed, Better CoverageA.7.1. ProsA.7.2. ConsA.7.3. RecommendationA.8. CDPD, 1xRTT, and GPRS: Cellular Data NetworksA.8.1. CDPD on TDMAA.8.2. 1xRTT on CDMAA.8.3. GPRS on GSMA.9. FRS and GMRS: Super Walkie-TalkiesA.9.1. FRSA.9.2. GMRSA.9.3. Extending RangeA.10. 802.1x: Port Security for Network CommunicationsA.11. WPA & 802.11iA.11.1. ProsA.11.2. ConsA.11.3. RecommendationA.12. BSS Versus IBSS
B. Wireless Hardware Guide
B.1. Microwave CablingB.2. Microwave Connector ReferenceB.3. Antenna GuideB.3.1. OmniB.3.2. Sector (or Sectoral)B.3.3. YagiB.3.4. Waveguides and “Cantennas”B.3.5. Parabolic DishesB.3.6. Putting It All TogetherB.4. PigtailsB.5. 802.11 Hardware Suppliers
Index
About the Authors
Colophon
Copyright

Content preview from Wireless Hacks, 2nd Edition

Chapter 3. Wireless Security

Hacks 40–51: Introduction

When it comes to wireless networking, there is no such thing as physical security. You might be able to lock down the physical network infrastructure of a business or other facility, but radio waves pass through walls, carrying your network data with them. Don’t delude yourself by thinking that a low-powered access point (AP) won’t reach much further than your parking lot. Remember that although you might not see your network while using a laptop outside your building, someone with a large enough antenna can likely read your network traffic from a mile or more away.

I have personally seen a simple 24 dBi dish detect hundreds of wireless networks from the top of Queen Anne hill in Seattle. These were networks with SSIDs like Linksys and default, which obviously were coming from low-end, consumer-grade access points without any external antennas. I certainly couldn’t have made a reliable network link to them, but I could have passively logged their traffic from miles away quite easily. Short of wrapping your entire building with a metal screen to build an effective Faraday cage, you should expect the signal of your APs to leak out well beyond your immediate vicinity.

This chapter is devoted to workable methods for controlling access to your wireless network. A control mechanism could be something as simple as a WPA key, or as complex as a captive web portal with a RADIUS backend. We will also look at several ways you can protect ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596101449Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Wireless Hacks, 2nd Edition

by Rob Flickenger, Roger Weeks

Chapter 3. Wireless Security

Hacks 40–51: Introduction

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.