Introduction
This is my page on wireless Lan. I have been using wireless
lan for a couple of years now. It has changed a lot over time
and has become far more inexpensive. Of course in making it
less expensive the designers have made trade offs. Wireless
lan today is actually not as good as it was.
Wireless Lan has made great strides in the area useability
but it still has a ways to go. If you have the time and
patience it can work well for you, but don't think this is a
a plug and play world.
b/s Vs B/s
By the way in case you are unaware the nomenclature is b/s
is bits per second Vs. B/s which is Bytes per second. The
translation is b/s divided by 8 = B/s.
What is wireless lan
With wireless lan (well designed) you can have connectivity
coverage around your house, in your yard, on your deck, wherever
you want. This includes internet access, access to network printers
file shares (gated of course by the speed of your wireless Lan)
and the like! It can be amazing.
Security or Lack there of
Ok let's get this out of the way first. Wireless Lan is
not secure. There are plenty of tools out there to crack
pretty much any kind of default add ons to wireless lan.
For the first little while it was believed that the various
parameters that make up your wireless lan connection including
SSID, and the like would provide some basic security. Ehhh wrong.
There are plenty of tools that can sniff these and tell you
them all. Windows XP has made great strides in useability of
wireless lan and one of the areas it has done is that it has
a snoop feature that goes out and detects any wireless connections
that might be available. By the way if you do not see a selection
for "View Available wireless networks" then the driver you have
for your wireless lan card is probably not designed for XP. This
seems to show up ONLY when the driver s explicitly coded for XP.
WEP is not a solution either
Some people believed that the solution to wireless security
problems is WEP. Ehhhhh wrong again. There are plenty of tools
out there on the net that will listen in and "decode" the
encryption being used by WEP. WEP is a deterrent and will exclude
all but hackers, but none the less it will not fix your problems.
By the way this include 40 bit, 64 bit and 128 bit WEP.
Since it's free you might as well use it but don't be lured into
a false sense of security. By the way there are occasions when
turning on WEP will have a dramatic impact (decrease) on the
bandwidth of the wireless connection. It has to do with the
power of the access point you are using and whether it can keep
up with the demands of WEP.
WEP Inter operability issues
While companies advertise inter operability (the ability to work with
other companies products) they are not motivated to do so.
They would rather you bought two of there cards. WEP works
on either a key, or a password called a pass phrase. Problem is
the translation between Pass phrase and key is specific to a vendor.
So each company does it a little different. So if you are going
to use devices from different companies you must be able to enter
a key rather than a pass phrase. If all you can enter is a
pass phrase then all devices better come from the same company.
By the way, be aware that the pass phrase and sometimes the key
is stored in the registry unencrypted for hacking programs to
help themselves to, furthering the point that WEP security is
pathetic.
Range
Some people think oh well you can't really receive my signals unless
you are close to my home. Ehhh wrong again, there are high
gain antennas that can pick it up miles away.
There must be a solution?
Indeed there is. The only real solution is to encrypt the packets
before they ever touch the wireless lan and the easiest way
to do this is to use VPN (Virtual Private Networking). VPN
will secure your network if you do it right. You need to
make sure that the use of the VPN tunnel is mandatory not
optional. If it is optional, well the hackers may choose to
not use it. (Hmmmm what a surprise these nasty hackers).
You can read more about VPN.
Concerns about security
There are really two different sides of security you need to worry
about. First is snooping or listening in on your network. With
snooping the hacker can get access to your passwords and the like.
This means that your security is completely compromised. Of course
this depends on the program you are using and whether it does
some encryption on it's own. Programs like mail, ftp, telnet all
pass the password in unencrypted form.
Second side of security to be worried about is using your lan
connection. This would include use of your internet connection
for things like hacking on other sites, denial or service attacks
and the like.
Different types of Wireless Lan
There are currently three generations of wireless lan cards
on the market today with some inter operability. Assume
your cards of different vintage will not work together and you
may be surprised. The three vintages are:
- 802.11 2Mb/s. Realistically you can get about 150KB/s.
- 802.11 B 11 Mb/s. Realistically you can get about 500KB/s.
- 802.11 A 54 Mb/s. Re
Be aware that wireless lan cards are half duplex meaning that
you are either transmitting or receiving, not both.
How to connect your Wireless Lan
Ok now that we have the paranoia out of the way it's time to
address how to connect with your wireless device. Now this picture
changes depending on if you have both Wired and Wireless networks.
In this situation you obviously are going to want to be able to get
at the devices on both networks without thinking about which
network they are on. This is possible. If all you have is wireless
then life is a little more simple.
My network (for reference)
- I have a cable modem
- One machine acts as the gateway to the rest of the network
using Win2k Server using Internet Connection Services
(Internet Sharing). So this machine has has two network
interface cards in it. One 10Mb connected to the cable modem
and one 100Mb connected to my wired network. This assumes
an IP (by ICS) as 192.168.0.1
- all clients connect to my network using DHCP obtaining
a 192.168.0.x address from my ICS box.
- I use TCPIP only
- I have VPN server on my Lan that also has a connection to
the cable modem. It also has a second
network interface card on fixed IP at 192.168.0.254.
This machine dispenses IP address in the range
192.168.1.x. I then have a route from the ICS server to the
VPN server using the following command
<![CDATA[
route add 192.168.1.0 mask 255.255.255.0 192.168.0.254 -p
]]>
This command is executed on the ICS machine once. I previously
had the VPN server dispensing IP addresses in the 192.168.0.x range
but the ICS server saw this as a conflict and shutdown the DHCP server
in ICS.
You can connect your wired and wireless worlds in a number of
different ways. Each of these has there costs, benefits and
limitations. First of all you can choose to spend money on
a dedicated device to bridge these two networks. Otherwise
you can use a PC to bridge the networks.
You can use a PC to act as a router forwarding IP traffic
between the two networks. As a point worth mentioning
if you have NETBEUI enabled these packets will not be passed.
NT 4.0
You can easily enable IP forwarding by:
- Start, Control Panel, Network
- Click Protocols Tab
- Click TCPIP and select properties
- Select Routing Tag
- Click enable IP Forwarding
Win2k Pro
In Windows 2000 Pro they have chosen to remove the ability to
enable IP forwarding (or really to hide it). You can easily enable
it by:
- Start regedit.exe.
- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
- Double-click IPEnableRouter.
- Set the value to 1. Click OK.
- Close regedit.
- Reboot the machine.
Courtesy of NTFAQ.
Win 2k Server
- Start, Control Panel, Administrative Tools
- Routing and Remote Services
- Start the configure Wizard and select Network Router
Be aware that Win2k is rather single minded about life.
The net of this is that your router can not also be your VPN
server and can not also be your Internet Connection Sharing machine.
Win2k tends to prefer you have one machine per purpose (with some exceptions).
In all of the above the machine will act as a routing passing IP
packets between your wired and wireless networks. I do not find
that DHCP packets get passed properly. So you solve this I put the
wireless device on fixed IP such as 10.0.0.x. Your wired
network assuming it's on private IP will be on 192.168.0.x.
I recommend you put the wired adapter in the router on fixed IP.
So let's say 192.168.0.254.
Last thing you need to do is create a path from your ICS
machine (192.168.0.1) and the new wireless network
10.0.0.x. This is pretty simple.
<![CDATA[
route add 10.0.0.0 mask 255.255.255.0 192.168.0.254 -p
]]>
The -p says make it a persistent route which means it will stick
between reboots. In my network the name server does not properly pass
requests. Probably to do with the "light" nature of the DNS in
ICS. So I get around this by using LMHOSTS. If you are not aware
this allows you to make a fixed translation between a
IP address and a name. This file is located in directory
<![CDATA[
C:\WINNT\system32\drivers\etc
]]>
for NT and 2000. Copy lmhosts.sam to lmhosts. and manually
enter the Ip addresses you want translated. This will work for
both TCPIP and network shares.
Windows XP
Windows XP has added a very nice feature called network bridging.
This works better than simple IP forwarding and will properly
pass DHCP requests (removing the need for fixed IP) and DNS
(removing the need for LMHOSTS).
Access point
Now for the simpler more elegant solutions. You can buy a device
called an Access point. This device will completely pass all
DHCP, DNS and packets between the wired and the wireless lan.
These devices make the line between wired/wireless invisible.
They work well. You can have multiple Access points as needed
to give you the coverage you need.
As an example of an access point check out Linksys WAP-11.
One of the better features of this Access point is that it
allows for an external antenna to give better range. A better antenna
is a lot cheaper than another access point.
Wireless Lan router
You can also buy one router that will serve both your
wired and wireless networks from your cable modem or ADSL.
As an example of this checkout Linksys BEFW11P1.
Once again this device allows for an external antenna. However I
strongly recommend you skip these devices. You will need to
place your wireless Access point carefully to get the best coverage.
This likely will not be a place where a connection to your
cable modem and wired network is available. As such I personally
recommend an access point.
Different types of wireless lan cards
You can get a variety of different wireless Lan cards. These can
be things like
- Desktop Cards
- Laptop Cards
PDA/Organizer
- Compact Flash
In case you are not aware:
- PCMCIA/Cardbus is like comparing ISA to PCI, however given
the slow data rate of wireless lan cards, don't bother spending
extra money on Card bus. Also Pentium based machines are not
likely to be compatible with card bus
- there are adapters between PCMCIA and Compact flash so
if you think you may be buying a PDA in the future you may want
to consider a Compact flash card and an adapter to PCMCIA rather
than buy two cards.
Range
As price has decreased range has too. Trade offs are being made.
The 2Mb cards generally had a little better range than the 11Mb and
from what I have read 54Mb will be even worse. because the range
is limited you will need to play with placement of your access point
in different places in your location to get the coverage you are
looking for. You can also buy external high gain antennas that can
dramatically increase range even to the point of miles. One of the
things that will attenuate your signal is water. This includes
things like aquarium, wood, etc.
Wireless Modem
Using a program called NPCOMM
you can use your TCPIP connection from your wireless LAN to share
out a modem and thus get a wireless modem added to your network.
This program is a little difficult to get working and I have not
been able to get the server to work on Windows 2000.
Other Devices can interfere with your Wireless LAN cards
Wireless Lan cards (802.11 and 802.11B) work on 2.4GHZ. Anything
that uses this frequency will interfere with them. This can include
your Microwave oven, some cordless phones, some wireless security
cameras and the like.
Other links
Practically Networks article on Range Problems.
More on Range at Practically networked
A list of wireless lan products at ProVantage.
External Antenna at HDCOM.
No Wirenets.com
Connecting two Wap-11's 1 Km away
My page on 802.11G
There is also a news group alt.internet.wireless that I have found useful.
Tools
Wireless Lan Expert tool.
Access point sniffer
Net Stumbler
Wardriving
WAP-11 Power ouput hack