148 60 11MB
English Pages 555 Year 2004
The
2
W re Wireless StarterKit
SecondEdition
ThepracticalguidetoWi-FinetworksforWindowsandMacintosh
AdamEngst and GlennFleishman
By
PeachpitPress
TheWirelessNetworkingStarterKit SecondEdition
ThepracticalguidetoWi-FinetworksforWindowsandMacintosh ByAdamEngstandGlennFleishman PeachpitPress 1249EighthStreet Berkeley,CA94710 510/524-2178 800/283-9444 510/524-2221(fax) FindusontheWorldWideWebat:www.peachpit.com Findthebook’sWebsiteat:www.wireless-starter-kit.com Toreporterrors,pleasesendanoteto[email protected] PeachpitPressisadivisionofPearsonEducation Copyright©2004byAdamEngstandGlennFleishman Editor:NancyDavis ProductionCoordinator:LupeEdgar Copyeditor:TonyaEngst Proofreaders:TedWaittandJasonSilvis Indexer:CarolineParks Coverillustrationanddesign:JeffTolbert Interiorillustrations:JeffTolbert Interiordesign:DavidBlatnerandJeffTolbert
NoticeofRights Allrightsreserved.Nopartofthisbookmaybereproducedortransmittedinanyformbyanymeans,electronic, mechanical,photocopying,recording,orotherwise,withoutthepriorwrittenpermissionofthepublisher.For informationongettingpermissionforreprintsandexcerpts,contact[email protected].
NoticeofLiability Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhas beentakeninthepreparationofthebook,neithertheauthorsnorPeachpitPress,shallhaveanyliabilityto anypersonorentitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlyby theinstructionscontainedinthisbookorbythecomputersoftwareandhardwareproductsdescribedinit.
Trademarks Alltrademarksarethepropertyoftheirrespectiveowners.Manyofthedesignationsusedbymanufacturers andsellerstodistinguishtheirproductsareclaimedastrademarks.Wherethosedesignationsappearinthis book,andPeachpitPresswasawareofatrademarkclaim,thedesignationsappearasrequestedbytheowner ofthetrademark.Allotherproductsnamesandservicesidentifiedthroughoutthisbookareusedineditorial fashiononlyandtothebenefitofthetrademarkownerwithnointentionofinfringementofthetrademark.No suchuse,ortheuseofanytradename,isintendedtoconveyendorsementorotheraffiliationwiththisbook. ISBN0-321-22468-X 987654321 PrintedandboundintheUnitedStatesofAmerica
Acknowledgements Eventhoughournamesappearonthecover,wecouldn’thavewrittenand producedabookaboutasubjectasfar-reachingaswirelessnetworkingonour own.Westandonthebacksofgiants,andweofferourheartfeltthankstothe manygenerousindividualswhoselflesslysharetheirknowledge. Inparticular,we’dliketothankRobFlickengerandTimPozar,whosesitesand emailhavebeenguidepostsformanyofusinthewirelessnetworkingworld. OurdiscussionswithAndyShiekhaboutlong-rangewirelessconnections werealsoextremelyhelpful. We’dalsoliketothankthepeoplewhohelpedproducethebook:TonyaEngst, whosecopyeditingremainsspotonandJeffTolbert,whosecoverandinterior illustrationswereexactlywhatwehadinmind.We’realsoindebtedtothe remarkablepeopleatPeachpitPress,includingNancyDavis,whosepublishing instinctsremainunmatched;KimLombardi,whosepromotionofthebook wasinvaluable;publisherNancyRuenzel;andalsoScottCowlin,JimBruce, andLupeEdgaratPeachpitPress. Adam:“Writingabookishardwork,butpartneringwithsomeoneofGlenn’s knowledge,enthusiasm,andskillmadeitnotonlyeasier,butalsofarmore enjoyable.Icouldn’t,andwouldn’t,havedoneitwithouthim.Myundying appreciationalsotomywife,Tonya,whocopyeditedthebookandhelpedme findthetimeIneededtowriteandeditinthefinalfewweeks.” Glenn:“Adamisthehardestworkingmanincomputation,andagreatcoauthor.Ienjoyedthebicoastal(himontheEastCoast,meontheWestCoast) experienceofwritingwithhimimmensely.Thanksareduetomyofficemates, colleagues,andfriendsfortheircontinualsupport,andaboveall,I’dliketo thankmywife,Lynn,forherconstantencouragement.”
vi
TheWirelessNetworkingStarterKit
PhotographandIllustrationCredits PhotosoftheAirPortBaseStationarecourtesyofAppleComputer. PhotosofLinksysgatewaysandbridgesarecourtesyofLinksys. TheWi-Filogo(Figure2.1)isusedwithpermissionofTheWi-FiAlliance. PhotoofSonyEricssonT608phone(Figure4.2)courtesyofSonyEricsson. PhotosofLinksysgateways,bridges,cameras(Figure18.3),printservers(Figure18.5), mediaplayers(18.9),andothergeararecourtesyofLinksys. ThephotooftheNikonD2HProcamera(Figure18.1)iscourtesyofNikon. PhotosofD-Linkcameras(Figure18.2)arecourtesyofD-LinkSystems. ThephotooftheIQinvisionIQeye3camera(Figure18.4)iscourtesyofIQinvision. PhotosoftheNomadprinter(Figure18.6)areusedwithpermissionofMobileCommand Systems. ThephotooftheSmartIDWFS-1Wi-Fidetector(Figure18.7)isusedwithpermission ofSmartIDTechnology. PhotosoftheWiFiSensehandbag(Figure18.8)areusedwithpermssionofWiFiSense. ThephotooftheViewSonicAirpanelV150pwirelessmonitor(Figure18.10)iscourtesy ofViewSonic. ThephotooftheVoceraCommunicationsBadge(Figure18.11)isusedwithpermission ofVocera. ThephotoofanProximOrinocoPCCard(Figure21.1)iscourtesyofProxim. KisMACnetworkscan(Figure25.6)iscourtesyofthedevelopers. Warchalkingcartoon(Figure25-8)©2003GeekCulture,andisusedwithpermission. ThephotooftheSierraWirelessAirCard555(Figure30.9)isusedwithpermissionof SierraWireless. Thephotoofawarchalkingsymbol(Figure32.1)iscopyright©2002BenHammersley andisusedwithpermission. ThephotoofaPringlescanyagiantenna(Figure34.8)iscopyright©2001RobFlickenger andisusedwithpermission.
Contents
Section
I
WirelessBasics................................ 1
1
HowWirelessWorks.............................. 3
2
PassingSignalsThroughWalls................................... 4 AddingDatatoRadioWaves ..................................... 6
WirelessStandards................................ 9
3
802.11b:TheReigningKing.................................... 12 802.11a:HigherFrequencies,LessInterference.................... 13 802.11g:FasterandCompatible................................. 15
WirelessHardware................................ 19
4
AccessPoints..................................................20 WirelessNetworkAdapters..................................... 23 Antennas..................................................... 32
OtherWirelessStandards ........................ 35 Bluetooth ..................................................... 35 CellularDataNetworks........................................ 38 MeettheFamily:802.11Relatives............................... 42 WiMax:802.16andtheLongHaul..............................46
viii TheWirelessNetworkingStarterKit
5
Wirelessofthe(Near)Future...................49
Section
MeshNetworking............................................. 49 UltraWideband(UWB) ........................................ 52 AirborneWirelessBroadband ................................... 54
II
ConnectingYourComputer ............57
6
ConnectingYourWindowsPC..................59
7
InstallingHardware........................................... 59 ConfiguringWindowsXP ......................................60 ConfiguringBroadcomSoftware................................ 67 ConfiguringLinksysSoftware.................................. 69 ConfiguringOrinocoSoftware .................................. 76 ConfiguringOtherWirelessClientSoftware...................... 78
ConfiguringYourCentrinoLaptop............. 81
8
ManagingConnections........................................ 82 UsingProfiles................................................. 83 Troubleshooting ............................................... 85
ConnectingYourMacintosh......................89
9 10
SimpleConnection............................................ 89 IntermediateConnection....................................... 91 ConfiguringOtherClientSoftware .............................. 96
ConnectingwithLinuxandFreeBSD........... 99 Linux,FreeBSD,andWi-Fi.....................................99
ConnectingYourHandheld .................... 103
11
PalmOS.....................................................104 WindowsMobile2003........................................108
ConnectingviaBluetooth...................... 115 Pairing......................................................115 PracticalBluetooth...........................................125
TableofContents ix
12
CreatinganAdHocWirelessNetwork....... 137
13
CreatinganAdHocNetworkinWindowsXP....................138 CreatinganAdHocNetworkinMacOS8.6/9.x ..................139 CreatinganAdHocNetworkinMacOSX....................... 141
SharingFilesandPrinters...................... 143
14
WindowsXP ................................................. 143 MacOS9 ....................................................146 MacOSX...................................................150 SharingPrinters ..............................................153
TroubleshootingYourConnection............ 155
Section
Problem:Can’tSeeWirelessNetwork...........................156 Problem:NoWirelessConnectivity.............................159 Problem:SignalStrengthIsPoor............................... 162 Problem:NoRoamingNetwork/InternetAccess................. 163
III
BuildingYourWirelessNetwork ... 165
15
PlanningYourWirelessNetwork.............. 167
16
DrawingaNetworkDiagram...................................168 ShoppingandConfiguring..................................... 173
BuyingaWirelessGateway .................... 177
17
HardwareOptions ............................................ 178 ConfigurationInterfaces...................................... 181 NetworkServices.............................................182 SecurityandFilters...........................................185 ISPInteraction ...............................................189 Miscellaneous ................................................ 191
SettingupaGateway ...............................195 LinksysBEFW11S4.......................................... 195 LinksysWRT54G ............................................201 AirPortExtremeBaseStation..................................204 CommonGatewaySettings....................................215
x TheWirelessNetworkingStarterKit
18
WirelessGadgets............................... 219 Cameras ..................................................... 219 PrintersandAdapters.........................................224 Wi-FiDetectors..............................................227 FileServers..................................................228 MusicandPhotoPlayers .......................................229 TVs,Monitors,andProjectors..................................231 Wi-FiPhones................................................233 Miscellaneous ................................................235
19
CreatingaSoftwareAccessPoint ............. 237
20
ConfiguringSoftwareBaseStationinMacOS8.6/9.x............238 ConfiguringInternetSharinginMacOSX......................240 WindowsXPandRoutingSoftware .............................241
BridgingWirelessNetworks ...................245 BridgingBasics...............................................245 KindsofBridges ..............................................247
21
IndoorAntennaBasics.......................... 255 ConfirmingCompatibility .....................................256 IndoorAntennaTypes.........................................257 AntennaInstallationTips.....................................260
22
SmallOfficeWi-FiNetworking ................ 261
23
SafePassage..................................................262 AuthorizedAccess............................................267
TroubleshootingYourWirelessNetwork..... 271 Problem:SignalStrengthIsPoor...............................272 Problem:SignalIsIntermittent................................ 274 Problem:ReceptionIsImpossible...............................275 Problem:NoWirelessConnectivity............................. 276 Problem:FrequentNeedtoResetAccessPoint...................277 Problem:NoLinkbetweenWirelessandWiredNetworks.........279 Problem:NoInternetConnection..............................280 Problem:WDSDoesn’tWork ..................................282
TableofContents xi
Section
IV
WirelessSecurity.......................... 283
24
WirelessWorries................................285
25
LikelihoodofAttack..........................................286 DeterminingLiability .........................................287 WhoShouldWorryAboutWhat...............................293
PreventingAccesstoYourNetwork.......... 295
26
SopstoSecurity..............................................295 EncryptionandControl.......................................297 KnowYourEnemy............................................302
SecuringDatainTransit .......................309
27
EmailPasswordEncryption.................................... 310 ContentEncryption........................................... 311 SSH(SecureShell)...........................................315 SSL(SecureSocketsLayer).................................... 319 VPN(VirtualPrivateNetwork)................................322
ProtectingYourSystems ....................... 325
Section
WhyWorry?.................................................325 Anti-VirusSoftware..........................................327 ActiveFirewalls..............................................328
V
TakingItontheRoad.................. 333
28
FindingWi-FiontheRoad ..................... 335 FreeWirelessNetworks.......................................336 CommercialWirelessNetworks................................341
xii TheWirelessNetworkingStarterKit
29
ConfiguringWISPSoftware.................... 357
30
BoingoWireless ..............................................358 iPass........................................................363 GRIC.......................................................368 SprintPCS..................................................368 OtherWISPs................................................370
UsingCellularDataNetworks................. 371
31
ConnectingwithGSMandGPRS..............................371 ConnectingwithCDMAandCDMA2000......................375
PreppingfortheRoad.......................... 379
32
AccessAccounts..............................................379 Email.......................................................380 Files........................................................382 BackingUp..................................................384 VPNs.......................................................385
WorkingontheRoad .......................... 387
Section
ConnecttoaNetwork.........................................387 WorkingTips................................................389
VI
GoingtheDistance....................... 393
33
Long-RangeWi-FiConnections................ 395
34
ConnectingtotheInternet .....................................396 ExtendingYourNetwork......................................401 Troubleshooting ..............................................404
Long-RangeAntennaBasics................... 407 Long-RangeAntennaTypes...................................408 AntennaCable&Connectors..................................415 WirelessAccessories.......................................... 418 CalculatingSignalStrength................................... 419 StayingLegal................................................427 AntennaInstallation..........................................430
TableofContents xiii
A
NetworkingBasics .............................. 435 What’saNetwork? ............................................436 NetworkUses................................................437 NetworkWiring ..............................................440 NetworkDevices.............................................453 NetworkProtocols............................................461
B
ConfiguringYourNetworkSettings..........469
C
ConfiguringNetworkSettingsinWindows......................470 ConfiguringNetworkSettingsinMacOS8.6/9.x................475 ConfiguringNetworkSettingsinMacOSX..................... 476
HowtoTroubleshoot ........................... 479 1.DescribetheProblem.......................................479 2.BreaktheSystemApart......................................480 3.AskYourselfQuestions ......................................481 4.AnswerQuestions..........................................482 5.GetExpertHelp ............................................483 DealingwiththeInsolvable....................................488
Glossary.........................................489
Index ............................................. 505
Introduction
i
Wireless.Thewordevokesthoseheadydayslongagowhenradioruledthe entertainmentworldandfamiliesgatheredaroundaconsoleradiothesizeof acoffeetabletomarvelatatechnologythatemitteddisembodiedvoicesfrom faraway.Thoughwenowtakeradioforgranted,backthenitwaspuremagic eachtimewordsandmusiccameout,withouteventheneedforwiresbetween thereceiverandatransmitterthatcouldbemilesaway. Fastforwardtothepresent,whereadifferentkindofradioistakingthe computerworldbystorm.Thesenewradiosareminusculechipsembedded incredit-card-sizeddevicesthatplugintocomputersthemselvesnotmuch largerthanpadsofwritingpaper.Theseradiostransmitandreceivenotthe scratchyvoicesandsoundeffectsofanewscastbuttinychunksofzerosand ones—computerdata.Inthepast,radioconnectedpeopleandmadepossible thefirstmassculture;today,radioconnectscomputerswithwirelessnetworks andthegreaterInternet. What’smostamazingaboutwirelessnetworkingishowpowerfulitis,considering theunderlyingsimplicity.There’snothingallthatunique,technologically speaking,inwirelessnetworking,butthecombinationofdifferentaspectsof computingandtransmissionmakesitacompellingchoice,andevenhintsat therootsofsocialrevolutionaspeoplecommunicatewithoneanotherinnew andevermoremobileways. Networksthatrunoverwireshavelongprovidedthesametypesofcommunication betweencomputersthatwirelessnetworkscanoffer,and,what’smore,data generallyflowsoverless-expensivewirednetworksatmuchfasterspeeds.Faster
xvi
TheWirelessNetworkingStarterKit
speedsandcheaperhardwareturnoutnottobethepoint—what’scompelling aboutwirelessnetworkingisthecombinationofflexibility,networkubiquity, andthedistancebetweennetworknodesthattakeswirelessnetworkingfar beyondthemundanewiredworld.Pluginafewinexpensivepiecesofgear,fire upaconnection,andyoucanwanderaroundyourhomeoroffice,gooutonthe patio,orvisitacafé,withfullnetworkaccesstheentiretime.Suddenlyyou’re networkinginawaythatseemedlikesciencefictionjustadecadeago.
Unplug,TuneIn,PowerUp Lookbehindyourdesktopcomputer.Ifit’sanythinglikeourcomputers,there’s arat’snestofwiresbackthere.Themonitorandthekeyboardconnecttothe computer,themonitorandcomputerbothplugintoelectricalsocketsinapower stripthatitselfplugsintoawalloutlet,andthentherearecablessnakingtoand fromtheprinter,themouse,andsoon.Nowimagineacomputercompletely freedofcablesandwires—thelaptopcomputer,withitsintegratedscreen, keyboard,andmouse,allreceivingpowerfromabatteryinside.Inmanyways, thelaptopisthefutureofcomputing,andasevidenceofthat,laptopsaleshave recentlyoutstrippeddesktopcomputersales. Withalaptop,you’refreetoworkwhereveryoulike—inbed,onthecouch, onanairplane,orinacoffeehouse.Andwithtoday’slaptops,whichcombine speedyprocessorsandbeautifulscreensinsveltepackagesweighingonlyafew pounds,youaren’tevenmakingmanytradeoffsforyourfreedomfromyourdesk. Butuntilrecently,therewasonethingyoudidgiveup—Internetaccess. Wewon’tgoonabouthowamazingtheInternetisbecauseyoualreadyknow allaboutthepowerofexchangingemail,browsingtheWeb,andrelyingon instantmessagingtoremaininconstantcontactwithfriendsandcolleagues. Butamazingitis—andwe’vebeenusingandwritingabouttheInternetsince wellbeforeitbecametheculturalphenomenonitistoday.(Infact,Adam wroteoneoftheveryfirstbooksabouttheInternetbackin1993,andwithin afewyears,hundredsofthousandsofpeoplehadusedhisInternetStarterKit seriesofbookstogetontheInternetforthefirsttime.AndGlennfounded oneofthefirstWebdevelopmentcompaniesin1994.)Today’scomputersare communicationdevices,andtocommunicate,theyrequireInternetaccess. ThisneedforInternetaccesshobbledlaptopsforawhile,becausewhileyou couldworkwithoutthelaptoppluggedinaslongasitsbatteryheldout,ifyour workrequiredtheInternet,youhadtohaveamodemcableorEthernetcable
Introduction
tetheringyourcomputertothewall.Enterwirelessnetworking.Suddenly, withtheadditionoftwoinexpensivepiecesofhardware—awirelessnetwork cardtoplugintoyourcomputerandanaccesspoint—youcoulduseyour laptopanywherewithinrangeofyouraccesspointwhileenjoyingInternet connectivity. Thefreedomofferedbywirelessnetworkingdoesn’tstopwhenyouleave home.Manyofficeshavejumpedonthebandwagon,networkingconference roomsandloungessoemployeescanaccesssharedfilesandInternetresources nomatterwheretheyare.(Anaddedbenefitischeckingyouremailduring particularlyboringmeetings,butyoudidn’thearussaythat.)Businesstravelers havecometoexpectwirelessInternetaccessinairports,attradeshows,and evenincoffeehouses,libraries,andsportsarenas. Wirelessnetworkingalsohasstronggrassrootssupport.Community-minded folkinmanycitiesaroundtheworldhaveputuplargewirelessnetworksthat coverwholeneighborhoods,soifyou’reinBryantParkinNewYorkCity,or almostanywhereinAshland,Oregon(homeoftheannualOregonShakespeare Festival),accessingtheInternetismerelyamatterofopeningyourlaptop, thoughwe’resureyouwouldn’tdothatinthemiddleofRomeoandJuliet. Putbluntly,wirelessnetworkingisoneofthemostexcitingdevelopmentsin computinginthelastfewyears,notbecauseitmakespossibleanynewtechnical feats,butbecauseitletscomputersfitbetterintoourlives.Peopleweren’tmeant tositinthesameplace,dayinanddayout,andwhilethoseofuswhospendour timeworkingoncomputershavemadethatsacrificeforyears,thecombination ofaslimlaptopandwirelessnetworkingprovidingInternetaccesswherever wegoistremendouslyliberating. It’sjustfreakingcool.
WirelessNetworkingRoots Sowhatexactlydowemeanwhenwetalkaboutwirelessnetworking?Forthe purposesofthisbook,we’realmostalwaystalkingaboutthreeshort-range, unlicensedradiotechnologies:IEEE802.11a,802.11b,and802.11g,known togetherbythemoremellifluousmonikerWi-Fi(it’sanoddshorteningof “wirelessfidelity”byatradeassociation).Althoughwemayoccasionallyreferto oneofthespecifictechnologiesforaccuracy,wemostlyuseWi-Fithroughout thebooktoavoidconfusion.Wi-Fiisbynomeanstheonlywirelessnetworking technology,butit’sbyfarthemostcommon.
xvii
xviii
TheWirelessNetworkingStarterKit
Let’stakeaquickspinthroughthedevelopmentofwirelessnetworking. ThefirstwirelessnetworkwasdevelopedattheUniversityofHawaiiin1971 tolinkcomputersonfourislandswithoutusingtelephonewires.Wireless networkingenteredtherealmofpersonalcomputinginthe1980s,whenthe ideaofsharingdatabetweencomputerswasbecomingpopular.Someofthe firstwirelessnetworksdidn’tuseradioatall,though,insteadrelyingoninfrared transceivers.Unfortunately,infrarednevertookoffbecauseinfraredradiation can’tpenetratemostphysicalobjects.Thus,itrequiredaclearlineofsightatall times,atrickythingtoaccomplishinmostoffices,andsomethingthatcould engenderofficehostility—“Hey,moveit!You’reblockingthenetwork!”Infrared alsowasn’tveryfast,andevenmoderninfraredisstillquitelowbandwidth, whenitworks. Radio-basedwirelessnetworksstartedtogainmomentumintheearly1990sas chipprocessingpowerbecamesufficienttomanagedatatransmittedandreceived overradioconnections.However,theseearlyimplementationswereexpensive andproprietary—theycouldn’tcommunicatewithoneanother.Incompatible networksaredoomedtofailure,sointhemid-1990s,attentioncoalesced aroundthefledglingIEEE802.11standardforwirelesscommunication. Earlygenerationsof802.11,ratifiedin1997,wererelativelyslow,runningat 1andthen2megabitspersecond(Mbps).Theywereoftenusedinlogistics: warehousesandinventoryoperationswherewiresweren’tfeasibleorwouldbe enormouslyexpensivetomaintain. Itwasclearthatthetechnologycouldbepushedmuchfarther,andin1999the IEEEfinalizedthe2.4GHz802.11bstandard,increasingthethroughputof wirelessnetworksto11Mbps(tocompare,standard10Base-TwiredEthernet runsat10Mbps).Althoughmanycompanieswereinvolvedincreatingthe 802.11bspecification,LucentTechnologiesandAppleComputerledtheway inproducingaffordablewirelessnetworkdevicesfortheconsumermarket. (OthercompanieslikeBreezeCOMandAironetWirelessCommunications werealreadysellingexpensiveequipmentaimedatthecorporatemarket.) TheturningpointforwirelessnetworkingcameinJulyof1999,withApple’s releaseofitsAirPorttechnology.AirPortwasanindustry-standardcompliant versionofIEEE802.11b,andApplejumpstartedthemarketbychargingonly $100forawirelessnetworkcardthatfitinsidedifferentmodelsoftheMacintosh and$300foranaccesspoint(whichApplecalledanAirPortBaseStation).It tookmorethanayearforothercompaniestodroptheirpricestothelevelApple set,butbyintroducingwirelessnetworkingtothemuch-largerPCmarket,
Introduction
theseothercompanieswereabletocontinueloweringprices.Aswewritethe secondeditionofthisbook,thecosttoequipasinglePCorMacwithaWi-Fi cardisbetween$50and$100,andanaccesspointcostslessthan$150. AlthoughtheIEEEactuallyratifiedthe802.11astandardfirst,technical andpoliticalrealitiesdelayeditsdevelopmentsuchthatthefirst802.11agear shippedinthemiddleof2002.802.11asignificantlyoutperforms802.11bin termsofspeed,witharawthroughputof54Mbpscomparedto802.11b’s11 Mbps.However,802.11aequipmentisn’tcompatiblewith802.11bhardware because802.11arunsinthe5GHzband.Thislackofcompatibilityslowed 802.11a’sacceptance. Attheveryendof2002,anotherstandardappearedonthescene,further hurting802.11a’schancestotakeoverfromtheslower802.11b.Thisnew standard,802.11g,usesthesame2.4GHzbandas802.11b,providesfull backwardcompatibilitywithall802.11bhardware,andmatchesthe54Mbps speedof802.11a.Interestingly,whenafewcompaniesstartedselling802.11g hardware—mostnotablyApple,withitsAirPortExtremedevices—theformal specificationhadn’tyetbeenratified.Butwithinsixmonths,theIEEEhad signedoffonthe802.11gdraft,andalltheequipmentmanufacturersscrambled toreleasefirmwareupdatesthatbroughttheirgearuptofullcompatibility. Throughoutthelastfewyears,capabilitieshaveincreasedaspriceshavedropped, andeaseofusehasimprovedsoanyonewhocansetupacomputercanalsoset upawirelessnetwork,completewithasharedInternetconnection.We’vecome alongwayinashorttime,andwiththepopularityofwirelessnetworking,the futurelooksasbrightastherecentpast.
WhoShouldReadThisBook? Wehadaparticularaudienceinmindwhenwewrotethisbook.You’llget themostoutofthebookifyoucanhearyourselfaskingquestionsalongthe linesofsomeofthese:
• I’vejustboughtalaptop,andIwanttosharemydesktopcomputer’sInternet connection.HowcanIsharethatconnectioncheaplyandeasily?
• IhaveasmallwirednetworktosharefilesandanInternetconnection
betweentwodesktopcomputers,butnowIwanttoaddmylaptoptothe mixwithoutneedinganynetworkcables.WhatshouldIbuytoaddmy laptoptothenetwork?
xix
xx
TheWirelessNetworkingStarterKit
• I’vejustmoved,andrunningEthernetcableswhereIneednetworkaccess
istooexpensiveandtoomuchwork.Iwantallmycomputerstosharean Internetconnectionwithoutpullingcable.Willwirelessnetworkingsolve myproblems?
• Ihaveawirelessnetworkinplaceandworking,butIcan’treceivethesignal insomerooms.HowcanIextendmynetwork’srange?
• IboughteverythingIneed,andIsetupmywirelessnetwork,butIcan’t
makethedarnthingworkwithmyInternetconnection.Canthisbook tellmewhatIdidwrong?
• Itravelalot.WhatdoIneedintermsofhardware,software,andaccounts togetwirelessInternetaccesswhereverIgo?
• Ican’tgetDSL(DigitalSubscriberLine)orcable-modemaccesstothe Internet,butI’veheardthatImightbeabletogethigh-speedwireless accesstotheInternetinmylocation.HowdoImakethishappen?
• I’mtryingtounderstandhowwirelessnetworkingworkssoIcanadvise mydepartmentonwhetherornotweshouldinvestinthetechnology.Can thisbookexplainthebasicsofwirelessnetworking,tellmewhat’scoming up,andpointtousefulWebsiteswhereIcanlearnmore?
• MyfriendsandcolleaguesturntomeastheirInternetandcomputerguru, andthey’reallinterestedinwirelessnetworking.WhatinformationdoI needtostartsettingupnetworksforhomeusers?
• I’mworriedaboutcrackerstappingintomywirelessnetworkandstealing mycompany’ssensitiveproductplans.HowdoIensurethatmynetwork issecure?
We’reconfidentthatifyourneedsarealongthelinesofthesequestions,you’ll findtheinformationyouneedinthisbook.Or,intheeventthatsomething haschangedsincethebookwaspublished,wemayhavecoveredthetopicon thebook’sWebsiteatwww.wireless-starter-kit.com,onourAppleAirPort Weblogatwww.wireless-starter-kit.com/airportblog/,oronGlenn’sWi-Fi NetworkingNewssite,atwww.wifinetnews.com. Ourgoalistoprovidepracticalinformationandadviceforanyonetryingto workwithawirelessnetwork,althoughweshouldnotethatthisbookisn’t forcompletenovices.Ifyoudon’tyetknowthebasicsofusingWindowsor
Introduction
aMacintosh,forinstance,werecommendreadinganappropriatebeginner’s bookfirst—PeachpitPressoffersanumberofgoodones—andthencoming backtothisbook. Ontheotherendofthespectrum,wedon’texaminewirelessnetworkingat theprotocollevel,dissectpacketheaders,discussthedetailedphysicsinvolved withradioreception,orhandleanyothertrulydeeptechnicaltopic.(Ifyouneed thatlevelofdetail,werecommendMatthewGast’s802.11WirelessNetworks: TheDefinitiveGuide.)Thatsortofinformationisprimarilyusefultothosefew peopledesigningwirelessnetworkinghardware,writingwirelesssoftware,or settingupcommunity-widemeshnetworks,andwewanttofocusthisbook onpracticalissuesexperiencedbylargenumbersofpeople.
WhoWeAre Beforewegetintothenutsandboltsofwirelessnetworking(sotospeak), we’dliketotellyouwherewe’recomingfromsoyoucanseethatwe’renotjust armchairtechnologists—we’velivedthisstuff.We’vebothbeeninvolvedwith technologyformorethan20years,andoverthelast13years,we’vedevoted largechunksoftimetowritingabouttechnologiesthatfascinateus.Wedo thisbecauseweloveexplainingcomplextopics. Since1990,AdamhaspublishedTidBITS,aweeklyelectronicnewsletterthat coverstopicsofinteresttoMacintoshandInternetusers(www.tidbits.com). HehasalsobeenacontributingeditoratMacUser,MacWEEK,andMacworld. Alongwiththebest-sellingInternetStarterKitseries,Adamhaswrittenandcoauthoredanumberofotherbooks,includingInternetExplorerKitforMacintosh (withBillDickson),EudoraforWindows&Macintosh:VisualQuickStartGuide, TheRaceforBandwidth(ghostwrittenwithSteveManesforourlatefriendCary Lu),CrossingPlatforms:AMacintosh/WindowsPhrasebook(withDavidPogue), andmostrecently,iPhoto2forMacOSX:VisualQuickStartGuide. Duringmuchofthattime,Glennhasbeenafreelancewriter.Healsofounded PointofPresenceCompanyin1994,oneofthefirstWebsitedevelopment companies—PeachpitPresswasoneofhisfirstclients,deployingamarketbasketsystemforbuyingbooksin1995.Thenhedidasix-monthstintas Amazon.com’scatalogmanagerandtooksometimeouttobeatHodgkin’s disease.Glennhasco-authored(withTidBITSmanagingeditorJeffCarlson) threeeditionsofRealWorldAdobeGoLiveandtwoeditionsofRealWorld ScanningandHalftones.GlenncurrentlywritesforpublicationssuchasThe
xxi
xxii
TheWirelessNetworkingStarterKit
SeattleTimes,InfoWorld,TheNewYorkTimes,andtheO’ReillyNetwork.He alsorunsthepopularWi-FiNetworkingNewsWebsite(www.wifinetnews.com), isasenioreditoratJiwire(www.jiwire.com),andiswidelyrecognizedasoneof theleadingjournalistscoveringwirelessnetworking. Wemetviaemailintheearly1990sandbecameclosefriendswhenwebothlived inSeattle.SinceAdamleftSeattletomovebacktohishometownofIthaca, NewYork,weseeeachothermostlyattradeshowsandotherindustryevents andinteracttherestofthetimeviaphone,email,andinstantmessaging.
What’sinthisBook InthissecondeditionofTheWirelessNetworkingStarterKit,we’veupdatedall ourdiscussionsfromthefirstedition,addedhundredsofpagesonnewtopics, andreorganizedtheentirebooktocreatesmallerchaptersthateachfocuson aspecifictopic.Tothatend,wedividedthebookintosixsectionsandthree appendixes.
• SectionI,WirelessBasics,startsfromscratchwithChapter1,HowWireless
Works,discusseswirelessstandardsinChapter2,WirelessStandards,and tellsyouexactlywhathardwareyou’llneedinChapter3,WirelessHardware. WerunthroughotherprotocolsyoumightencounterinChapter4,Other WirelessStandards,andforthosewonderingwhatthefutureholdsfor wirelessnetworking,checkoutChapter5,Wirelessofthe(Near)Future.
• SectionII,ConnectingYourComputer,getsdowntothenitty-gritty,
withself-explanatorychaptertitlesincludingChapter6,ConnectingYour WindowsPC;Chapter7,ConnectingYourCentrinoLaptop;Chapter8, ConnectingYourMacintosh(bothMacOS9andMacOSX10.2and10.3); Chapter9,ConnectingwithLinuxandFreeBSD;Chapter10,Connecting YourHandheld(focusingonPalmOShandheldsandPocketPCdevices); andChapter11,ConnectingviaBluetooth.Thesechaptersofferstep-by-step, illustratedinstructionsalongwithbackgroundinformationasnecessary. Threeadditionalchaptersroundoutthediscussionofconnectingcomputers: Chapter12,CreatinganAdHocWirelessNetwork;Chapter13,SharingFiles &Printers;andonewehopeyoudon’thavetoreadbutknowyouwill, Chapter14,TroubleshootingYourConnection.
• SectionIII,BuildingYourWirelessNetwork,takesthediscussionof
wirelessnetworkingbeyondasimpleconnectiontothecreationoffullfledgedwirelessnetworks.Werecommendathoroughapproach,starting withChapter15,PlanningYourWirelessNetwork,followedbyChapter16,
Introduction
BuyingaWirelessGateway,andfinishingupwithChapter17,Settingupa WirelessGateway.Thenwemoveontomoreesoterictopics,suchasallthe thingsyoucanaddtoyourwirelessnetworkinChapter18,WirelessGadgets. Chapter19,CreatingaSoftwareAccessPoint,looksatusingacomputerto dothejobofawirelessgateway;Chapter20,BridgingWirelessNetworks, helpsyoufigureouthowtoextendyourwirelessnetwork;andChapter 21,IndoorAntennaBasics,offersanotherapproachforextendingrange. RoundingoutthissectionareChapter22,SmallOfficeWi-FiNetworking, whichlooksatsecurityandauthenticationissuesinsmalloffices,and Chapter23,TroubleshootingYourWirelessNetwork,whichoffersnumerous testsandbitsofadviceforsolvinganyproblemsyoumayencounteracross anetwork.
• SectionIV,WirelessSecurity,looksatthetopicthatconcernssomany
peopleandbusinesses:keepingdatasafeandnetworksprotected.Chapter 24,WirelessWorries,offersawayofevaluatingtheleveltowhichyoushould beconcerned.Thefollowingchaptersthenprovidethepracticaladvice youneedtokeepyourdatasecure:Chapter25,PreventingAccesstoYour Network;Chapter26,SecuringDatainTransit;andChapter27,Protecting YourSystems.
• SectionV,TakingItontheRoad,turnsitsattentiontotheneedsofthe
traveler.Chapter28,FindingWi-FiontheRoad,helpsyoulocateservice, Chapter29,ConfiguringWISPSoftware,providesguidanceonsettingup thesoftwareprovidedbythemostcommonwirelessISPs,andChapter 30,UsingCellularDataNetworks,helpsyoumakeanInternetconnection usingeitheryourcellphoneoraPCCardinyourlaptop.Lastly,Chapter 31,PreppingfortheRoad,andChapter32,WorkingontheRoad,offerhardwonadviceonusingwirelessconnectivitywhiletraveling.
• SectionVI,GoingtheDistance,offersapairofchaptersforanyone
interestedinsettingupalong-rangewirelessnetwork(andbylongrange, wemeananythingbetweenafewhundredfeetand20miles).Chapter 33,LongRangeWi-FiConnections,providesallthebackgroundyouneed, andChapter34,Long-RangeAntennaBasics,simplifiesthecomplextask ofpickingthebestantennatypeanddeterminingsignalstrength.
• AppendixesinthiseditionofTheWirelessNetworkingStarterKitprovide backgroundinformationthatnovicesmaywishtoread,butwhichwe believemostofourreadersalreadyknow.AppendixA,Networking Basics,looksatallthedetailsofhowwirednetworkswork(usefulsince
xxiii
xxiv
TheWirelessNetworkingStarterKit
almosteverywirelessnetworkstillneedsawiredcomponent).Appendix B,ConfiguringYourNetworkSettings,offersstep-by-stepinstructions forconfiguringTCP/IPsettingsforbothWindowsandMacintosh. Mostpeopleshouldn’tneedthisinformation,sincethedefaultsettings formostcomputersarefine,butit’shereforthosewitholdermachines orcomputersthatothershavemessedupforyou.Finally,AppendixC, HowtoTroubleshoot,givesgeneraltroubleshootingadviceandastep-bystepprocessforisolatingandeliminatinganysortofproblem,whether ornotit’srelatedtoawirelessnetworking.Chapters14,Troubleshooting YourConnection,and23,TroubleshootingYourWirelessNetwork,relyonthe basicsofthisappendix. That’sit,solet’sdivein!
WirelessBasics
I
Wirelessnetworkingmayseemlikemagic,butlikesomanyothersufficiently advancedtechnologies,it’sactuallyjustextremeclevernessonthepartofmany brightanddedicatedengineers.Muchaswebothenjoythemagicalfeeling whensettingupanewwirelessnetworkortestingsomeinterestingnewpiece ofwirelessnetworkinghardware,wealsothinkit’simportanttounderstand whatisactuallygoingonunderneaththevirtualhood. Whatdoyouneedtoknowtounderstandthebasicsofwirelessnetworking? Chapter1,HowWirelessWorks,looksathowwirelessnetworkinggearmanages totransmitradiowavesthroughsolidobjectsand,evenmoreimportantly, howitmanagestopiggybackdataontothoseradiowaves.Chapter2,Wireless Standards,narrowsthefocustothethreewirelessnetworkingstandardsthat compriseWi-Fi:802.11b,802.11a,and802.11g.Thenwegetpracticalin Chapter3,WirelessHardware,lookingatallthedifferentpiecesofhardware youneedtocreateawirelessnetwork,withaspecialfocusonwhatsortof wirelessnetworkadaptersareavailableforolderMacs. WiththenutsandboltsofWi-Fioutoftheway,Chapter4,OtherWireless Standards,examinesavarietyofotherrelevantwirelessnetworkingstandards inwideuseorabouttoemerge:Bluetooth,cellulardataprotocols,anda menagerieof802.11cousins.Chapter4isoptionalreadingifyouwantto knowonlyaboutWi-Fi,asisChapter5,Wirelessofthe(Near)Future,which venturesevenfartherafieldtocovermeshnetworking,UltraWideband,and airbornewirelessbroadband.
HowWirelessWorks
1
Thewirelesstelegraphisnotdifficulttounderstand.Theordinarytelegraphislike averylongcat.YoupullthetailinNewYork,anditmeowsinLosAngeles.The wirelessisthesame,onlywithoutthecat. —ATTRIBUTEDTOALBERTEINSTEIN AlthoughtheAlbertEinsteinArchivesinJerusaleminformedusthatthere’s norecordofEinsteineversayingthis,it’sapt:wirelesstransmissiondoesn’t makeintuitivesense;wecanonlyuseanalogytounderstandhowinformation movesfromoneplacetoanotherwithoutphysicalelementswecanseein between.Fortunatelyforus,wirelessjustworks—lookatcordlessphones,cell phones,AMandFMradiostations,walkie-talkies,andsatellitetelevision dishes.Wirelessisalloverthesedays,andunintuitiveornot,itisrootedin basicphysics. Wirelessnetworkingreliesonthesameprinciplesthatdrivecordlessphones andalltheseotherwirelessdevices.Atransceiver(acombinationoftransmitter andreceiver)sendssignalsbyvibratingwavesofelectromagneticradiationthat propagateoutfromanantenna;thesameantennareceivessignalsbybeing appropriatelyvibratedbypassingsignalsattherightfrequencies. Inthischapter,we’llexplainhowwirelesstransmissionworksandhowwireless networkspiggybackdataontopofradiowaves.
4
TheWirelessNetworkingStarterKit
PassingSignalsThroughWalls Themagicalpartofwirelessnetworkingishowitworksnotjustwithout cables,butalsowhenyoucan’tevenseetheaccesspointtowhichyou’re connecting.Althoughwetakethisobstructedpathforgrantednow,itwasn’t alwaystrue. Earlywirelessnetworksusedfrequenciesofelectromagneticradiationjust belowthevisiblespectrum,namelyinfrared.Infrarednetworkinghad(and stillhas)ahugelimitation:youneedperfectlineofsightfromoneinfrared transceivertoanother.Inlargeofficeswithnumerouscubicles,itisdifficult topositionthetransceivershighenoughforthesignaltogetoverpartitions andequallyhardtoensurethatpeoplestandingaroundgabbingdon’tblock thenetworksignal. AlthoughinfraredisstillusedtodaywithPalmOS-basedorganizers,PocketPC devices,somecellphones,andmanylaptopcomputers,itsuseisreservedfor adhoc(spur-of-the-moment)one-timeconnections.Forinstance,youmight setupanadhocconnectiontotransferafileorabusinesscardbetweentwo
UnlicensedSpectrum The900megahertz(MHz),2.4gigahertz (GHz),andlargepartsofthe5GHzfrequencybandsarereservedintheU.S.and inmanyothercountriesforunlicenseduse. Therearetwokindsoflicenses:thoseowned bycompaniesoperatingequipmentonvarious frequencies(suchascelltelephonecompanies), andthoseusingtheequipment(likeamateur radiooperators).Theseunlicensedbands,as you’dguessfromthename,requireneither kindoflicense.However,theequipmentthat usesthesebandsmuststillbecertifiedbythe FCC(FederalCommunicationsCommission) andnationalregulatorybodies. Becausealicenseisn’tnecessary,theFCC andsimilarregulatorybodiesinothercountriesrequirethatunlicenseddevicesusevery littlepower,whichrestrictstheirrange.It
alsomeansthatthesedevicesmustbehighly resistanttointerference,becausethere’sno guaranteethatanyuserwillhaveexclusive accesstoanyoftheunlicensedfrequencies. Unfortunately,interferencecanstillhappenif a2.4GHzcordlessphone,wirelesscamera,or amicrowaveoven(whichcanspew2.4GHz radiationasittwistswatermolecules)isused nearanaccesspoint. The2.4GHzbandhasafewlicenseduses thatoverlappartoftheunlicensedrange,includingamateurradiointhelowerpart,and certainpublicsafety,televisionstationremote signal,andcommercialmicrowavetransmissions.Theselicensedusershavepriority,but, sofar,low-poweruseofwirelessnetworking hasn’tcausedanymajorturfdisputes.
Chapter1|HowWirelessWorks
PalmOShandhelds.Adhocinfraredconnectionsrequireverycloseproximity (we’retalkingaboutincheshere)and,aswiththeinfrarednetworksofold,an unobstructedlineofsightbetweenthetwoinfraredtransceivers. Wirelessnetworkingovercomestheline-of-sightproblembyjumpingtoa differentportionoftheelectromagneticspectrum.Modernwirelessnetworks typicallyworkat2.4GHzor5GHz,farbelowthevisiblelightspectrum (Figure1.1).Atthosefrequencies,thewavelengthofeachtransmissionisso smallthatsignalscanpassthroughseeminglysolidobjects. Figure1.1 Theelectro– magneticspectrum.
2.4GHz 900MHz 5GHz
Radio
Microwaves
AudibleRange 0
1kHz
Infrared 1MHz
1GHz
1THz
Visible Ultraviolet 1015Hz
X-Ray GammaRays 1018Hz
10 21Hz
CosmicRays 10 24Hz
NOTE Nottogettoofarintothephysicsofitall,butsolidobjectsaren’treally solid—there’splentyofemptyspaceinbetweenandinsidetheatomsthat makeupeverythingweconsidersolid.Soalthoughradiationlikevisiblelight isabsorbedbysolidobjects,lower-frequencyradiowavescansneakintothose tinyspacesbetweenatoms.
Althoughmodernwirelessnetworksofferthelongestrangewhentheyhave lineofsight,theyalsoworkperfectlywellovershortdistancesininteriorspaces (Figure1.2).However,someinteriorobstaclescanreducesignalqualityand makeitnecessarytoadjustthenetworklayout.Forinstance,brickwallscan holdalotofwater,andwatercanblockenergyfromthefrequenciesatwhich 2.4GHznetworkswork.Somehousesandofficeshavemetalintheirinteriors, suchaschickenwiresupportingplasterorductwork,andmetalcanalsointerfere withnetworksignals. NOTE AFaradaycageisaconceptinphysicsembodiedbyanenclosuremadeofa conductingmaterialsuchaswiremesh.What’sunusualaboutaFaradaycage isthatitactsasanelectromagneticshield—thatis,electromagneticradiation liketheradiowavesusedinwirelessnetworkingsimplycan’tpenetratethewalls oftheFaradaycage.Whyarewetellingyouthis?Ifyourhousehaschicken wiresupportingtheplasteronyourwalls,manyofyourroomsmayessentially beFaradaycages,whichwillresultinterriblesignalstrengthforyourwireless network.Laterinthisbook,you’lllearnaboutafewworkaroundsthatare moreappealingthanrippingoutinternalwalls.
5
6
TheWirelessNetworkingStarterKit Figure1.2 Howradiowaves travelthrough space.
AddingDatatoRadioWaves Usingaportionofthespectrumthatcanpenetratesolidobjectswasanimportant steptowardmakingwirelessnetworkingmorepopular,butanotherimportant aspectofwirelessnetworkingneededtobeimprovedaswell—howdatais actuallytransmittedviaradiowavesandsortedoutbythereceiver. NOTE Practicallyspeaking,thisisbackgroundinformation—youdon’thaveany choiceinwhatstandardanygivenpieceofwirelessnetworkinggearuses.
Wirelessdatatransfercanemployoneofafewdifferentstandardsthatwetalk aboutinlaterchapters.Butonethingallwirelessstandardshaveincommon istheirabilitytosortoutoverlappingdatasignals.Inespeciallydenseareas, likeacafé-richurbanstreetorabusyoffice,severalorevenseveraldozensof competingdevicesmightbetransmittingsignalsatthesametimeoveraset offrequencies.Wirelessdevicesuseoneoftwodifferentapproachestocope withalltheseoverlappingsignals:frequencyhoppingspreadspectrum(often abbreviatedtoFHSSorjustFH)ordirectsequencespreadspectrum(frequently shortenedtoDSSSorDS). Withfrequencyhoppingspreadspectrum,thefrequenciesonwhichdatais transmittedchangeextremelyquickly.Withonestandard,thefrequencies change1600timespersecond.Inothers,therateofchangeisslower.Butall
Chapter1|HowWirelessWorks
frequencyhoppingstandardshavemanyhoppingpatternssothatdifferent networksorgroupsusingthesamestandardinthesameplacehavealow probabilityofusingthesamefrequenciesatthesametime. Incontrast,directsequencespreadspectrumdividesaswathofbandwidthinto separatechannelsandnevertransmitsforlongonanyonefrequencyinthe channel.Byusingdifferentchannelsinthesamearea,manydifferentnetworks canoverlapwithoutspoilingeachother’ssignals.Thereareseveraldifferent incompatiblemethodsofencodingdatausingdirectsequence.Newerwireless networkingprotocolsuseafastermethod,forcingequipmentthataimstobe backwardcompatibletosupportmultipleencodingmethods,whichincreases networkoverheadandreducesoverallthroughput. Bothformsofspread-spectrumtransmissionresistinterference,becausenoone frequencyisinconstantuse,andfrequencyhoppingcanalsoresistsnooping, becausehoppingpatternscanavoidallbutindustrial-andmilitary-grade spectrumanalyzers. NOTE FHSSwasco-inventedandpatentedbyactressHedyLamarr(withcomposer GeorgeAntheil)in1942andkeptsecret(andunused)bytheU.S.government duringWorldWarII;LamarrandAntheilneversawacentfromthepatent. Lamarr’scontributionwasrediscoveredwhenspreadspectrumbecamethe basisformodernwirelesstelecommunications.WhentheElectronicFrontier FoundationgaveheraPioneerAwardin1997,theactressreportedlyremarked fromherFloridahome,“It’sabouttime.”ShediedinJanuary2000,justbefore Wi-Fihitthebigtime.
7
WirelessStandards
2
Nomatterwhatthecontext,successfulcommunicationcantakeplaceonlyif allpartiesarespeakingthesamelanguage.Inthenetworkingworld,sucha languageiscalledaspecification,andifit’ssufficientlyagreed-uponbyenough partiesorgivenastampofapprovalbyanindustrybody,itmayincreasein statustobecomeastandard. That’sthetheory,anyway,buteveryindustryhasahostofso-calledstandards thatfailtoworkwithoneanotherandareapointofcompetitionbetween manufacturers.However,thewirelessnetworkingworldhas,remarkably,almost entirelyevolvedbeyondthisquagmireofcompetingstandards.Whenyoutalk aboutwirelessnetworking,you’retalkingaboutafamilyofstandardsthatwork together:equipmentthatsupportsonestandardisalwayscompatiblewithother devicesthatsupportthesamestandard.Evenbetter,backwardcompatibility hasbeentheruleratherthantheexception. From1999to2001,theleadspecificationwasIEEE802.11b,alsoknownasWiFi,orbyApple’snameforthetechnology,AirPort.802.11bwaswildlysuccessful, andcompanieshavesoldtensofmillionsofdevicesthatsupportit. In2001,themuch-faster802.11astandardfinallyappearedinshipping equipment,andalthoughitwassimilarto802.11b,thetwostandardscouldn’t workwitheachotherbecausetheyusedifferentpartsofthespectrum. Thesolutionforachieving802.11a’sspeedwhilemaintainingcompatibilitywith 802.11bfinallycamein2003with802.11g.Thislateststandardrunsasfastas 802.11awhileworkinginthesamefrequenciesas802.11b,thusprovidingfull backwardcompatibilitywithallthosemillionsandmillionsof802.11bdevices.
10
TheWirelessNetworkingStarterKit
Realistically,802.11gwillgraduallyreplace802.11bandwilllikelyconsign 802.11atonicheapplications.Forthosewhowanttohedgetheirbets,some manufacturersoffer“a/b/g”adaptersthatsupportallthreespecifications. TheindustryassociationthatcontrolsWi-Fihasexpandedthedefinitionto includeallthreeofthesespecifications,andanythingyoubuylabeledWi-Fi willnotewhetheritworksinthe2.4GHzband,the5GHzband,orboth (Table2.1).AllWi-FigearhasbeencertifiedasworkingwithallotherWiFigearinthesameband,whichisjustanotherwayofsayingthatall802.11b and802.11gequipmentwillworktogether,but802.11adeviceswillonlywork withother802.11adevices. Whenwewrotethefirsteditionofthisbookinmid-2002,therewasstill aquestionastowhetherWi-Fiwirelessnetworkingwouldbetheultimate winner,sincetherewerestillsomecompetingstandards,suchasHomeRF. Table2.1
WirelessStandardsataGlance Standard
Frequency
Raw/Real Throughput
Compatible with 802.11b
YearIt Became Real
AdoptionTrend
802.11b
2.4GHz
11Mbps/ 5Mbps
Yes
1999
Slowingdownin computers,rampingupin cheaperelectronics
802.11a
5GHz
54Mbps/ 25Mbps
No
2002
Businessesadoptingslowly, noconsumers
802.11g
2.4GHz
54Mbps/ 20Mbps
Yes
2003
Rampingupeverywhere
TheIEEE TheIEEE,ortheInstituteofElectricaland ElectronicsEngineers,(pronounced“Eyetriple-E”)isanon-profit,technicalprofessionalassociationwith380,000members.The IEEE’smissionistodevelopconsensus-based technicalstandardsforelectronicsinseveralindustries.Manyofthemanufacturersof802.11b equipmentareinvolvedwithsubcommittees oftheIEEE.
TheIEEE802Committeedealswithnetworking:the802.11WorkingGrouphandles wirelesslocalareanetworks(WLANs);and the various Task Groups (a, b, e, f, g, h, andi,amongothers)handlespecifictypes ofWLANsorspecificproblemsrelatedto wirelessnetworking,suchasmultimediadata streaming,inter-accesspointcommunication, andsecurity.
Chapter2 | WirelessStandards
Wi-Fi’sstatusisnolongerinquestion:withitscompetitorsdeadandwith devicesinmillionsofhomesandbusinesses,Wi-Fiistheundisputedkingof thewirelessnetworkinghill. Nonetheless,forspecializedpurposes,otherwirelessstandardshaveentered thegame,suchasBluetoothforshort-range,low-powerdatasynchronization, orWiMax,forlong-distance,point-to-pointnetworkbackhaul.We’lltalk aboutallthesestandards,andwaysthatWi-Fiwillbeextended,inChapter 4,OtherWirelessStandards.
Wi-FiCertification Wi-Fiissupposedtoimply“wirelessfidelity”andconveythenotionofsendingdata withhighquality.It’sactuallyatrademarkof theWi-FiAlliance,anindustryassociation thatledthechargetoensurecompatibility amongdevicesfromdifferentmanufacturersusingtheIEEE802.11bstandard,and more recently both 802.11a and 802.11g (www.wifialliance.com).TheWi-FiAlliance was so successful at spreading the name Wi-Fithatitchangeditsnamefromthe moreclunkybutmoreexplanatoryWireless EthernetCompatibilityAlliance.TheWiFiAlliancerequiressubstantialmembership feesfrommemberswhosubmittheirequipment—alongwithadditionalfees—tothe association’scertificationlabfortesting. Thecertificationprocessmakessurethatthousandsofindividualfeaturesworkcorrectlyusing astandardsuiteoftests.Onlyifthedevicepasses thosetestscanamanufacturerlegallyusethe Wi-Fisealandname(Figure2.1).Although othertradegroupshavehadmixedsuccess inpushingstandards,theWi-FiAlliance’s approachreallyisasignofcompatibilityyou cantrust.Bluetooth,forinstance,ismoreof amarketingconcept,becausemanufacturers
Figure2.1 TheWi-Filogo.
aren’trequiredtoundergoarigorousindependentcertificationprocessbeforetheycanapply thenametotheirproducts. InOctober2002,theWi-FiAllianceupdatedtheWi-Ficertificationmarktoidentifywhetherapieceofequipmentcouldwork inthe2.4GHzband(802.11batthetime, butnowalso802.11g),inthe5GHzband (802.11a),orinboth,thankstoequipment thatsupportsmultiplespecifications.Older Wi-Figearjusthasthemarkbyitself;with newergear,youneedtocheckwhichbands thedevicesupports.Theinformationshould beprominentlydisplayedonthebox. Morerecently,theWi-FiAlliancehasadded additionalstandards,suchasWPA(Wi-Fi ProtectedAccess,anewsecurityspecification), totheWi-Ficertificationprocesstoensurethat new,moresophisticatedoptionsforwireless networkingworktogetherjustaswellasthe basicelements.
11
12
TheWirelessNetworkingStarterKit
802.11b:TheReigningKing 802.11busesdirectsequencespreadspectrumtotransmitandreceivedataat 11megabitspersecond(Mbps).Don’tletthatnumberfoolyou,though.That 11Mbpsincludesallthenetworkoverheadforthestartandendofpackets,for synchronizingtransmissions,andotherfiddlydetails.Therealthroughputrate istheoreticallyabout7Mbps,closetotherealrateof10Base-TEthernet(rated at10Mbps),butmostuserssee4to5Mbpsatbestbecauseofthelimitations ofinexpensiveconsumerhardwareandsignalcongestioninmostnetworks. 802.11bsupportsfivespeeds,startingatthefastestandbackingofftoslower speedsifinterferenceoraweaksignalpreventsdatafromgettingthrough.The fivespeedsare11Mbps,5.5Mbps,2Mbps,1Mbps,and512Kbps(kilobits persecond). NOTE Thethreeslowestspeedsareactuallypartoftheoriginal802.11protocol,which predates802.11b.Someoftheoldestdevicescanstillworkwithnewequipment becauseofthisbackwardcompatibility.Theslowestspeed,512Kbps,doesn’t appeartobesupportedinsomeoftheverynewestequipment.
Somewirelesscardsandaccesspointsletyouchoosethespeedyouwishto use,butunlessyou’rerunningalong-distancelinkthatyouneedtopreset toaknownlevel,there’snopointinsettingaspeedmanually:thehardware shouldnegotiatethehighestpossiblespeedatalltimes.Youcan’tgenerallytell whatyourconnectionspeedis,thoughit’sasafebetthatafull-signalwireless networkwillrunat11Mbps,whereasalong-rangewirelessconnectionismore likelytorunat1or2Mbps. TIP Trulytweakywirelessgeekscansometimesextractslightlybetterperformance bydisablingthelowestspeedsandforcingalldevicestotalkatthefasterspeeds orevenjustthefastest,11Mbps:802.11beatsupsomeofitsbandwidthwith everychunkofdataitsendsinordertomaintaincompatibilitywithsloweror moredistantsystems.Eachpacketbydefaultstartsbyspeakingveryslowly andthenspeedsup.
Because802.11busesdirectsequence,each802.11baccesspointcanbeset tooneofseveralchannelstoavoidconflictswithotherwirelessdevicesinthe samevicinity.802.11busestheunlicensed2.4GHzband,whichintheU.S. rangesfrom2.4000GHzto2.4835GHz.Althoughthattechnicallyprovides 14possibleoverlappingchannelsin802.11b’sspecification,only11arelegal foruseintheU.S.
Chapter2 | WirelessStandards
TIP Don’tbecomeaninternationalcriminalunintentionally.We’veheardreports fromtravelerswhoturnontheirwirelessgearusingchannelsthatwerelegal intheirhomecountry,butareillegalintheplacesthey’revisiting.Sofar,no onehasbeentrackeddownandjailed,butcheckforlocalrules.Somecards enableyoutochooseyourcurrentcountrysoastocomplywithlocalregulations. Localresidentsneedtopayattentionheretoo.Becausesomeequipmentcan’t beresetfordifferentcountries’rules,youmightwanttobuyWi-Fiequipment onlyinyourhomecountry,evenifit’scheaperoutsideyourborders.
Thechannelsareoffsetfromeachotherbyafewmegahertztoallowflexibility inchoosingchannelsincaseofinterference.Forinstance,interferencecould comefromportionsofthebandsharedbyamateurradiooperators,television uplinksignalsforremotetransmission,andlimitedpublicsafetypurposes. Or,interferencecouldoccurinanareacontainingseveral802.11baccess points—imagineauniversitylibrarywheremanystudentswishtobrowsethe Internetfromlaptops,allinasmallphysicalspace. Channels1,6,and11canbeusedsimultaneouslyrightontopofeachother withoutanydirectoverlapinfrequency;sidenodesofmuchlessstrengthdon’t causerealproblemswithreceivingthesignalclearly(Figure2.2).Someexperts havearguedthatchannels1,4,7,and11couldbeusedwithminimaldisruption, too,soyoumighttrythoseifyoucan’tusechannel6forsomereason.
802.11a:HigherFrequencies,LessInterference Networkingequipmentadheringtothe802.11astandardstartedappearingin themiddleof2002,andyoumaynaturallyaskwhythe802.11bstandardcame
Figure2.2 Channels1,6,and 11overlapwithout directinterference; sidenodesoverlap withoutany intensity.
1
6 6
6
1 11
11 11 1
6 6
13
14
TheWirelessNetworkingStarterKit
beforethe802.11astandard.TheIEEEactuallyapprovedthemissionforthe 802.11ataskgroupfirstandratifiedthetwoprotocolssimultaneously,butthe technologynecessarytoimplement802.11aandaportionofthespectrumin whichitwastooperateweren’tyetavailable. NOTE TheWi-FiAllianceoriginallyplannedtocertify802.11adevicesunderthename “Wi-Fi5”butdecidedinsteadtomodifytheWi-Fimarktoinclude802.11a. IfaWi-Fidevicesupports802.11a,thetextbelowtheWi-Fisealnotesthe5 GHzband.
802.11adiffersinfourimportantwaysfromits802.11bsibling.802.11a
• Usesthreepartsofthe5GHzbandspanningafewhundrednoncontiguous megahertzoverall
• Has12non-overlappingchannels(8availableforindooruse)thatenable moreaccesspointstocoverthesamephysicallocationwithoutinterfering withoneanother,withmorechannelsontheway
• Runsatarawspeedof54Mbps,orabout25Mbpsofrealthroughput • Worksonlyovershorterdistances,buthasbetterprotocolsthan802.11b forsortingoutsignalreflectionindoors
Thechiefadvantagesof802.11astemfromthesefourdifferences:the5GHz bandisn’talreadyusedbymanyotherwirelessdevices,andthe8distinctindoor channels—whichmayriseto11ormoreduetoadditionalinternationalfrequency allocation—allowasubstantiallyhighernumberofusersatfullbandwidthin thesamephysicalspace.Thismakes802.11aalikelychoiceforhigh-densityuse inofficesorserverrooms.Othercandidatesfor802.11agearincludelocations withalotof2.4GHzinterference,suchascommercialmanufacturingsites, hospitals,andotherinstitutionsthatuseindustrial,scientific,ormedical(ISM) devicesthatoccupythe2.4GHzband. Likewise,thefourchannelsreservedintheupperendofthe5GHzbandfor 802.11aoutdoor,point-to-pointuse(withexternalantennas,ofcourse)can employhigherpowerlevels,whichmayprovideabetterthroughputthan802.11g inthesamecircumstances.Giventhespeedsthat802.11aoffers,point-to-point transmissionisacompellingwaytoavoidtelephonecompanychargesfor45 MbpsT-3digitallines.T-3linescancostseveralthousanddollarsamonthfor shortdistancesinthesamecity,andmayrequireexpensiveequipmentonboth ends.(The802.16astandardmayreplace802.11a’spoint-to-pointadvantage inthesamefrequencies,sinceit’sdesignedforlong-haulwithasingleradio
Chapter2 | WirelessStandards
onbothends.Incontrast,802.11aismeanttobeusedbyabunchofclients communicatingwithacentralaccesspoint.) Unfortunately,thankstoitsuseofthe5GHzband,802.11aisn’tcompatible withthetensofmillionsof802.11bdevicescurrentlyinuse.ThisfactledApple CEOSteveJobstosaythat802.11aisdoomedtofailureasheannouncedApple’s 802.11g-basedAirPortExtreme.It’smoreappropriatetosaythat802.11a isnowrelegatedtonichestatusforparticularpurposes.Applewasn’talone; noothermajormanufacturerhasbacked802.11aasareplacementforeither 802.11bor802.11g.Themainareawhere802.11ahasgainedpopularityisthe homeentertainmentindustry,whichappearstohavemigratedto802.11afor beaminghigh-definitiondigitalsignalsbetweenconsumerelectronicsdevices inahouse.Microsofthasshowedproductsbasedonthisinwhichmultiple DVDstreamsflyamongmultipledeviceswithnaryaglitchinquality. Thecostof802.11aequipmentdroppedfasterthanexpected,andmany802.11a devicescostjust$50to$100morethan802.11bequipmentandtheircostison aparwithnew802.11gdevices.Ultimately,most802.11adeviceswillbepaired withbandg:manufacturersthatinitiallyshipped802.11a-onlycardsquickly revampedtooffera/b(dual-mode/dual-band)ora/b/g(tri-mode/dual-band) products.Manyaccesspointsnowcanhandleaorb/g,oracombinationin whichallthreestandardscanbeusedatonce.Therearesomedesignproblems withthisapproach,sincethegreaterrangeprovidedby802.11band802.11g willlikelymeanthatyouwouldneedeitheramorepowerfulantennaonthe 802.11asideorperhapsadditional802.11aaccesspointstoprovidethesame rangeforbothprotocols. Asidefromdifferentchannelnumbers,configuring802.11aclientsandaccess pointsisidenticaltoconfiguring802.11bdevices,whichwedescribeinSection II,ConnectingYourComputer.
802.11g:FasterandCompatible In2002,802.11bequipmentruledtheland.Thefaster,54Mbps,802.11adevices thatshippedstartinginlate2001werecompellinglyfaster,butbecausethey usedadifferentfrequencythan802.11bandcostmore,onlyasmallnumberof earlyadoptersandtestersboughtin.Overall,peoplelikedtheideaofthefaster 802.11a,butcompatibilityreignssupremeand802.11awasn’tcompatiblewith 802.11b,leavingthedoorwideopenfor802.11g. 802.11goperatesat54Mbpslike802.11a,butitusesthesameradiofrequencies as802.11b,whilesupportingfullbackwardcompatibilitywiththatolder
15
16
TheWirelessNetworkingStarterKit
specification.Becauseofpoliticalandtechnicalconflicts,the802.11gcommittee attheIEEEtooknearlythreeyearstoratifytheprotocol,andfinallyformally adopteditonJune12,2003. Technologydoesn’twaitforengineeringgroups,though.Againstsomeindustry experts’betterjudgment,buttoachievehigherspeeds,severalcompaniesstarted toshipequipmentusingchipsbasedonthen-currentdraftversionsof802.11g inDecember2002. TheseearlydevicesfromApple,Belkin,Buffalo,D-Link,Linksys,and othersworked,butwereoftenflakyinhandlingmixednetworkscontaining both802.11band802.11gdevices.Theseearly802.11gdevicesoftenbacked downto802.11bspeeds,thuseliminating802.11g’sadvantages.Fortunately, asdraftscontinuedtocirculateattheIEEE,manufacturerscontinuallyupgraded firmware(internalsoftwarethatrunsdedicatedhardwaredevices)tofixthese earlyproblems.ShortlyaftertheJuneratification,mostmanufacturersreleased final802.11gfirmwareupdatesthatcementedthe802.11b/gimprovements, andevenincludedathroughputboost. Asisthecasewithmostrawnetworkthroughputs,802.11g’snetthroughputof realdata—thecontentoffilesortransactionsminusnetworkingoverheadand conflicts—islowerthanitsrawspeed,closerto20Mbps.Incontrast,802.11b’s 11Mbpsrawthroughputgenerallytranslatestoabout5Mbpsatbest,andit oftendropswellbelowthatasdistancefromtheaccesspointincreases.802.11g hasseveralintermediatestepsforspeed,soyoudon’tjustdropfrom54Mbps allthewaydownto11Mbpsorslower. Infact,802.11gmaybeevenabitslowerthananequivalent802.11anetwork inthesamesituation.That’sbecause802.11gmustmaintaincompatibilitywith 802.11bdevices,whichuseadifferentmethodofencodingdataontoradio waves,andtheoverheadofmanagingwhichdevicesonamixed802.11b/802.11g networkmaysendatanygiventimeslowsthingsdown. Somehaveclaimedthat802.11gcouldbeasmuchas40percentslowerthan 802.11ainsuchsituations,thoughothersbelievetheslowdownwillbeonly about10percent.Realistically,unlessperformanceisyourultimategoal,it probablydoesn’tmakeanydifference.(Andifperformanceisall-important,wired Ethernetrunningat100Mbpsoreven1Gbpsmaybethebestsolution.) MajorwirelesschipmakerssuchasAgere,Broadcom,Intersil,andTexas Instrumentshaveplanstoimprovethroughputevenwithexistingequipment. BroadcomandIntersilbothofferframeburstingtechnologythatworksbytaking short802.11gpacketsandwrappingthemintoonelongerpacket.Thisreduces
Chapter2 | WirelessStandards
mandatorypausesorgapsbetweenpackets,andBroadcompredictsabout25 percentimprovementsinthroughputwith802.11galoneand75percentwith mixedb/gnetworks.This25percentimprovementbringsthe20Mbps802.11g throughputupto802.11a’s25Mbps. Dependingonthemanufacturer,frameburstingmaybepartofthefirmware already,andsomeofitmayinteroperateamongchipsmadebydifferent companies.(Thesechangesarepartof802.11e,aspecificationdevotedto improvingmultimediastreaminganddigitalvoiceoverwireless.) 802.11g’s full backward compatibility with 802.11b isn’t optional for manufacturers;it’samandatorypartofthespec.Howcompatibilitywillcontinue toplayoutwithreal-worlddevicesisstillanopenquestion.Manufacturersmay havetocontinuallyre-engineerandreleaseupdatestoimprovecompatibility.
AdHocMode AlltheflavorsofWi-Fiofferanadhocmode, inwhichtwoormorecomputersexchangedata directlywithnocentralaccesspoint,muchlike intheolddaysofusinganEthernetcrossover cableorplugginganullmodemcablebetween twocomputers’serialports. Inadhocmode,onecomputercreatesanetwork thatothercomputerscansee(checkoutthe sidebar,“ConnectingwithWi-Fi,”inChapter 3,WirelessHardware).Thedifferencebetween adhocmodeandasoftwareorhardwareaccess point,isthatadhocconnectionsdon’thavea centralpointofauthority.Adhocconnections areentirelyprivateamongthemachinesused. (Youcansetuponecomputerasagatewayto theInternet,sharingitsconnection;wediscuss howtohandlethisinChapter19,Creatinga SoftwareAccessPoint.) Becauseadhocconnectionsexistonlyamong twoormorecomputers,they’reusefulprimarilyfortransferringfiles—ifyouneedtogive
acolleagueafileandhavenootherwaytodo it,turningonfilesharingandsettingupanad hocnetworkworkswell.Nexttimeyouhave afewextraminutes,werecommendfiguringouthowtosetupanadhocnetworkand transferfiles,sinceworkingthroughthesteps whileawayfromhomeortheoffice,possibly withsomeoneyoudon’tknowwell,canbea bittricky. AdhocmodeisoneofthefewaspectsofWiFithatisn’tpartofthecertificationprocessfor devicesmadebefore2002.Olderequipment,or equipmentthatdoesn’thavethelatestfirmware updates,won’tallnecessarilyuseadhocmode inthesameway.TheWi-FiAllianceadded anadhocstandardtoitsWi-Ficertification inlate2001,soallnewequipmentmustwork together.Thatsaid,equipmentfromthesame manufacturer,suchasallofApple’sAirPort cards,generallysupportadhocmodewhen connectingtooneanother.
17
18
TheWirelessNetworkingStarterKit
Anareainwhich802.11ghadtocompromisetomaintainbackwardcompatibility isinthenumberofchannelssupported.Like802.11b,itsupports14channels, only3ofwhichdon’toverlapintheU.S.Contrastthatwith802.11a,which haseightindoornon-overlappingchannels,making802.11amoreappropriate fordensecorporateinstallationswithmanyusers.Ofcourse,anyonesettingup suchanetworkmightdowelltobuynetworkcardsthatsupportboth802.11a and802.11gsotravelinguserscanaccessmorecommon802.11bnetworksin public. Oneof802.11g’sbigadvantagesover802.11bisthatitbetterhandlesthe inevitablesignalref lection.Radiosignalsbounceoffdifferentpiecesof matter—floors,metal,eventheairaroundyou—atdifferentanglesandspeeds. Areceivermustreconcileallthedifferentreflectionsofthesamesignalthat arriveatslightlydifferenttimesintoasinglesetofdata.802.11g(like802.11a) slicesupthespectruminawaythatenablesreceiverstohandlethesereflections inasimplerbutmoreeffectivewaythan802.11b. InJuly2003,theWi-FiAllianceofficiallyadded802.11gtoitscertification suite,andearlyinJuly,companiesstartedtoannouncethattheirdeviceshad beentestedascompliant.It’sexpectedthatallcurrent802.11gequipmentwill easilypassthetestsgiventhesmallnumberofcompaniesthatreleasedchips inthefirsthalfof2003.Clearly,802.11gisheretostay,andithasalmost instantlyeclipsed802.11a.Weexpectthat802.11ggear,whichisalreadyonly slightlymoreexpensivethan802.11bequipment,willquicklybecomethemost commonchoiceforconsumersandbusinessesalike. Aswith802.11a,configuring802.11gclientsandaccesspointsisexactlythe sameasconfiguring802.11bdevices. NOTE Allpublicnetworkscurrentlyuse802.11b,butit’spossiblethatas802.11g gainsacceptance,public-spaceproviderswilladdthehigher-speedservice. Severalprovidersarealreadyexperimentingwiththefasterspeeds.Ofcourse, mostpublicnetworksprovideInternetaccessatlessthan1.5Mbps,sothe differencemaynotmattermuch!
NOTE IfyoueverseeyourcomputerreportingthatithasanoddIPaddressinthe 169.254.x.xrange,that’saself-assignedaddressdesignedinpartsoad hocnetworkscanoperate.Inanadhocnetwork,there’snoDHCPserver tohandoutIPaddresses,sobothAppleandMicrosofthaveagreedthat insuchsituations,computersshouldpickrandom169.254.x.xaddressesso theycancommunicatewithoneanotherusingInternetsoftwareoveranad hocnetwork.
WirelessHardware
3
Atthemostbasiclevel,youneedonlytwopiecesofhardwareforanywireless network:acentralaccesspointandanetworkadapter(Figure3.1).Access pointsareusuallystandalonedevicesthatactasthehubsofwirelessnetworks. Incontrast,networkadaptersusuallyfitinsidecomputersusingallthestandard methodsyoumightexpect—PCCardbay,PCIslots,andcustomslots—as wellassomemethodsyoumightnotexpect,likeCompactFlashandSecure Digitalcards.Forcomputersthatlackinternalslots,youcanpluginexternal adaptersthatuseUSBorEthernet. Althoughbothaccesspointsandnetworkadaptershavebuilt-inantennas, morepowerfulexternalantennascanincreasethesignalstrength,andthus extendtherangeofwirelessnetworks.Table3.1givesyouarundownofthe basichardwarenecessaryforawirelessnetwork,andwediscusseachitemin moredetailinthischapter. Figure3.1 Atypicalwireless networkwithan assortmentof devices.
20
TheWirelessNetworkingStarterKit
AccessPoints Anaccesspointisthebrainsofawirelessnetwork(Figure3.2).Itcanperform anumberofdifferenttasks,someofwhichareoptional,dependingonwhatyou need.Unfortunately,you’relikelytorunacrossnumerousdifferenttermsfor accesspoint,including“wirelessgateway,”“wirelessrouter,”and“basestation.” Also,thetermisfrequentlyabbreviatedto“AP”intechnicalliterature.Westick withaccesspointwhentalkingaboutdeviceswiththefeatureslistedbelow.
ClientAssociation Mostimportant,theaccesspointcontainsawirelesstransceiverthatsendsdata toandreceivesdatafromwireless-equippedcomputersorotherdevices.(A Table3.1
WirelessHome/SmallOfficeHardwareataGlance Device
ConnectsTo
Function
Gotchas
CostRange
AccessPoint orWireless Gateway
YourInternet connection, usuallyvia yourEthernet network
Actsasthehubforyour wirelessnetwork;shares yourInternetconnection withotherwiredand wirelesscomputers; connectswiredand wirelessnetworked devices
Typicallygeared totheWindows world,Appleand Unix/Linuxusersmay facehurdles;nonWindows/IPprotocols notnecessarily supported
$30to $250
Wireless Network Adapter
Your computer
Letsacomputerorother equipmentconnect toanaccesspoint wirelessly
Lesscommontypes requirecustomdrivers
$10to $150
Antenna
Anaccess pointor wireless network adapter
Extendstherangeofthe wirelessnetwork;usually builtin
Oftenungainly
$30to $600
Wireless Bridge
YourEthernet network
Canconnectwired networkstogether wirelessly,orbridgea separatewirednetwork toanexistingwireless network
Somebridgesrequire oneunitpernetwork tohookup
$60to $120
Wireless Relay
Yourwireless network
Extendstherangeof thewirelessnetwork byrelayingthewireless signal
Throughputis reducedbecausea singleradiohasto bothreceiveand retransmitevery packet
$60to $100
Chapter3 | WirelessHardware
Figure3.2 LinksysEtherFast WirelessAP+ Cable/DSLRouter w/4-PortSwitch andApple AirPortExtreme BaseStation.
fewneweraccesspointshavetwoormoreradios.)Theconnectionbetweenan accesspointandacomputerwithawirelessnetworkadapteriscalledaclient association. TIP Accesspointsdon’thavetobestandalonepiecesofhardware,althoughthey usuallyare.MacintoshandWindowsbothhavebuilt-inoptionsthatcanturn aregularMacorPCwithawirelessnetworkcardintoasoftwareaccesspoint, withoutpreventingthecomputerfromperformingitsnormalserverordesktop tasks.Withasoftwareaccesspoint,youdon’tneedtobuyaseparatedevice, butyoumustleavethecomputeronallthetimeandriskthechanceofacrash thatdisablesthenetworktemporarily.Wetalkaboutsettingupsoftwareaccess pointsinChapter19,CreatingaSoftwareAccessPoint.
Wired/WirelessBridging Anothercommontaskforanaccesspointistoactasanetworkbridgethat connectsthecomputersonawirelessnetworkwiththoseonawirednetwork. WeexplainbridginginAppendixA,NetworkingBasics,butinessence,it’sjust amatterofplugginganEthernetcablefromawirednetworkintotheaccess pointinordertoconnecttwolocalareanetworks(LANs).Wirelessgateways oftenhavemultipleEthernetportsforthispurpose,onefortheWANtomake theInternetconnection,andasmanyasfouradditionalEthernetportsfor wiredcomputersorprintersontheLAN. NOTE Bridgingfunctionalityseldomappearsinstandalonedevicesthatyoucanuse forjustthepurposeofbridgingtwoisolatednetworkstogether.Therearea fewsuchdedicateddevices,liketheLinksysWET11andWET54G,butthey’re lesscommon(andoftenmoreexpensive)thanaccesspointsthatinclude bridgingfunctionality.Themainadvantageofadedicatedbridgeisthatit generallyworkswithaccesspointsfromanymanufacturer,whereasbridging functionalitybuiltintoanaccesspointmayberestrictedtodevicesfromthe samemanufacturer.
21
22
TheWirelessNetworkingStarterKit
Wireless/WirelessBridging NeweraccesspointssupportatechnologycalledWDS(WirelessDistribution System),whichisabridgingmodeinwhichtheaccesspointcandotwothings simultaneously:bridgewirelesslytoanotheraccesspointandactasanaccess pointforwirelessclients.Sometakethiscapabilityevenfarther,actingin essenceasarepeaterbetweentwootheraccesspoints.Thesecapabilitiesare newandstillpoorlyexplainedbythemanufacturers,soturntoChapter20, BridgingWirelessNetworks,formoredetails.
InternetSharing SincesharinganInternetconnectionamongmultiplecomputersistheprimary useofmostsmallwirelessnetworks,youcanexpectmost(butnotall,sopay attentionwhenpurchasing!)accesspointstoofferanEthernetport,internal modem,orserialportforanexternalmodemtofacilitateattachingthewireless networktoahigh-speedordial-upInternetconnection.Acablemodemor DSLInternetconnectionplugsintotheEthernetport;foradial-upInternet connection,atelephonelineconnectstothemodem. Eitherway,whenconnected totheInternet,theaccesspointnowactsasagateway,connectingaLANwith awideareanetwork(WAN)suchastheInternet. Whenactingasagateway,anaccesspointoftenoffersanumberofnetwork servicessuchasautomaticallyassigninganInternetaddressviaDHCP(Dynamic HostConfigurationProtocol),creatingprivateunreachableaddressesforlocal computerswithNAT(NetworkAddressTranslation),filteringtrafficasa firewall,andcontrollingwhichclientscanassociatewithit. NOTE FliptoChapter16,BuyingaWirelessGateway,formoredetailsonfeatures foundindifferentkindsofaccesspoints.
Security Accesspointshandlesecurity,too.Anaccesspointcanrestrictaccessbased onanidentifierbuiltintoawirelessclient,orpassalonginformationtoother hardwareandsoftwareonanetworktoauthenticateauserinalargerorganization. Accesspointsalsoenableencryptionthatscramblesthedatabetweentheclient andaccesspoint.Inthepast,thisencryptionwasmadepossiblewithWEP (WiredEquivalentPrivacy),asystemthatcanbebrokeneasilyinhigh-traffic networks.ThenewwayofdoingencryptionisviaWPA(Wi-FiProtected Access),whichisbelievedtobemuchmoresecure.SeeChapter25,Preventing AccesstoYourNetwork,forallthegorydetails.
Chapter3 | WirelessHardware
AdvancedFeatures Someaccesspointscontainadvancedfeatures,likerouting(usedinnetwork installationstodividenetworksintosmallerpieces),Ethernetaddresscloning (toaltertheaccesspoint’suniquenetworkidentifier,usefulwhensharinga cablemodemconnectiononsomesystems),andspecialsupportforvirtual privatenetworks(VPNs)andothersystems.Whetherornotyouneedanyof theseadvancedfeaturesdependsentirelyonyoursituation. NOTE Youdon’tnecessarilyneedanaccesspointforasimplewirelessnetwork temporarilylinkingonlyafewcomputers.Anetworkthat’screatedbytwo wirelessnetworkcardstalkingdirectlytooneanotherisknownasanadhoc networkbecauseitdoesn’trequirecoordinationbyafixedaccesspoint.See Chapter12,CreatinganAdHocWirelessNetwork,fordetails.
WirelessNetworkAdapters Thesecondpieceofhardwarethat’snecessaryforanywirelessnetworkisa wirelessnetworkadapter.Aswithaccesspoints,youmayrunintodifferent namesforthesedevices.Forinstance,Applecallsitswirelessnetworkadapter an“AirPortcard”oran“AirPortExtremecard.”Othermanufacturershave othermoreorlessdescriptivenames,likeDell’sTrueMobileadapterswhich havevariousflavorsofWi-Fi.Sincetheseadaptersinstallincomputersthatare clientsoftheaccesspoint,youoftenseetheterm“client”addedtothename ofthesoftwarethatcontrolstheadapter. NOTE Aclientispartofapair;aserveristheotherhalf.Aserverhandlesrequests frommanydifferentmachinesorusers;clientstalktooneserverforeachtask. Inwirelessnetworking,theaccesspointiseffectivelyaserver,eventhough it’srarelycalledthat.
Wirelessnetworkadapterscomeinquiteafewshapesandsizes,andthe varietymayseemintimidating.RefertoTable3.2topickthetypethat’smost appropriate,andthenreadmoredetailsonthefollowingpages.
InternalWirelessCards Thebestoption,ifit’savailableforaclientcomputer,isusuallyaninternal wirelessnetworkcard.They’recheaperandlessobtrusivethanexternaladapters. Theonlydownsidetointernalwirelesscardsisthattheycanbemoretrouble toinstallandunlessthey’redesignedproperly,thecomputer’scasecanblock thenetworksignalsomewhat,reducingrange.
23
24
PickingtheMostAppropriateWirelessNetworkAdapter PC Card DesktopPCs LaptopPCs
PCI card
MiniPCI card
●[P] ●[P]
●[P]
USB
Ethernet adapter
●[1]
●[2]
●[1]
●[2]
Compact- Flash
Secure Digital card
AirPort card
AirPort Extreme card
Pre-AirPortPowerMacs
●[P]
●[1]
●[2]
Post-AirPort,pre-2003 PowerMacs
●
●
●
2003PowerMacs
●
●
●
USB-onlyiMacs
●[P]
●
FireWire/15"iMacs
●
●
●[P]
17"iMacs
●
●
●[3]
●[4]
●[1]
●
●
●
●[P][5]
●[P][6]
●[P]
G3PowerBooks
●[P]
iBooks Titanium,FireWire-only PowerBooks
●
●
●
12"/17"PowerBooks
●
●
●
PocketPChandhelds
●[7]
PalmOShandhelds
Built-in adapter
●[P] ●[P]
●[P] ●[P]
●[8]
●[9]
●[8]
●[9]
[P] Preferred adapter for simplest or cheapest installation [1] For computers with built-in or add-on USB [2] For computers with built-in or add-on Ethernet [3]For17"iMacsreleasedbefore2003[4]For17"iMacsreleasedafter2003[5]G3iBook[6]G4iBook[7]MayrequireanadapterdependingonPocketPCmodel [8]ForPocketPCsorPalmOShandheldswithSDIOslots[9]Dependingonmodel
TheWirelessNetworkingStarterKit
Table3.2
Chapter3 | WirelessHardware
PCCard ThefamiliarPCCardslotisfoundmostlyinlaptops.Sincelaptopsareidealfor usewithwirelessnetworks,manykindsofwirelessnetworkadaptersareavailable initially,andsometimesonly,inPCCardform.MostWi-FiPCCardshave antennasbuiltin(usuallyaminiaturedipolediversityantenna),andalthough they’refairlysmall,theyoftenstickoutfromthebodyofthelaptop. ItcanbehardtochoosebetweenWi-FiPCCardsfromdifferentmanufacturers becausethey’reallprettymuchthesame,thanksinlargeparttothefactthat anycardyoubuyshouldbeWi-Ficertified.Theremaybeslightdifferences inperformancebasedonwhichchipsettheyuse,butsinceyoucan’tgenerally findoutwhatchipsetaparticularcarduses,that’snotabighelp. Yourmaindecisioncomesdowntotransceiverpower.Mostradiosareratedat 30milliwatts,butyoucanbuyWi-FiPCCardsthatareratedat100oreven 200milliwatts(suchastheEnGeniuscardsoldbyNetGateatwww.netgate.com), andthemorepoweryouhave,thehigheryoursignalstrengthandthebetter yourrange. TIP Somecaveats:Transmitpowerisactuallyonlyhalfthebattle,withreceive sensitivitybeingtheotherhalf.Also,doublingtransmitpowerfrom100 milliwattsto200milliwatts,forinstance,isanincreaseinsignalstrength ofonly3dB,andaccordingtoawhitepaperfromnetworkingvendorCisco Systems(www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_ note09186a00800e90fe.shtml),aroughruleofthumbsaysyouneeda9 dBincreasetodoubleindoorcoveragearea.Sowhileahigherpowercardwill helpincreaserange,don’texpectmiracles.SeeChapter34,Long-Range AntennaBasics,formoreoncalculatingsignalstrength.
Forthemostpart,Wi-FiPCCardsareofinterestprimarilytoPCusers— WindowsandUnix/Linux—notbecauseofthename,butbecausemany Macintoshusershavebetterchoices:allmodernPowerBooksfromAppleaccept aninternalAirPortorAirPortExtremecard.However,olderPowerBooksstill needtouseWi-FiPCCards,andTitaniumPowerBookG4softenexperience improvedrangewhenusingWi-FiPCCards. AfeworiginalPocketPCscoulduseWi-FionlyviaungainlyPCCardadapters. Fortunately,built-inWi-FisupportandWi-FiCompactFlashadaptersseem tohavetakenoverfromPCCardadapters. NOTE PCCardsusedtobecalledPCMCIAcards.PCMCIAofficiallystandsfor PersonalComputerMemoryCardInternationalAssociation,despiteitswaggish expansiontoPeopleCan’tMemorizeComputerIndustryAcronyms.
25
26
TheWirelessNetworkingStarterKit
PCICard Exceptforafewparticularlycompactmodels,alldesktopcomputershave PCIslotsforexpansioncards,whichiswherewerecommendyouinstalla Wi-Fiadapter.SomePCIcardshaveexternalantennas;othersprovidejacks forhigher-poweredantennas.Certainmanufacturers,suchasProxim,used aPCI“carriercard”toholdaPCCard-basedwirelessnetworkadapter;this
ConnectingwithWi-Fi Wi-FiclientsassociatewithWi-Fiaccess pointsviathefollowingsteps: 1.AuseractivatesWi-Fionacomputer(the
clientdevice)byturningthemachineon, plugginginanadapter,orselectingasoftwareoptiontoenableWi-Fi. 2.Theclientdevicesearchesforlocalnetworks
byscanningallthelocallegalchannelsin the2.4GHzbandfor802.11b/gor5GHz for802.11a. 3.Theclientoffersadisplay,typicallyina
pop-uporpull-downmenu,ofthenames ofanynetworksbroadcastingtheiridentity (opennetworks). 4. Theuserselectsoneofthesenetworks,
choosesonefromapresetconfiguration, ortypesinthenameofanetworkthatis closed(notbroadcastingitsname).Ifonly onenetworkisavailable,oriftheclientis settoconnecttoeitherthenetworkwith thestrongestsignalortoaspecificnetwork, theclientdevicecanautomaticallyselect theappropriatenetwork. 5. Theclientattemptstoassociatewiththe
selectednetwork’saccesspoint. 6.Ifsuccessful,theaccesspointandclient
nowhaveanactivenetworkconnection
overwhichTCP/IP,AppleTalk,andvarious WindowsandUnixnetworkingprotocols canbesent. 7. IftheclientisconfiguredtoacceptanIP
addressautomaticallyandtheaccesspoint ornetworkisalsosettoassignanIPaddressautomatically,thatdanceoccurs, andtheclientendsupwithanInternet address—oftenaprivatenetworkaddress thatcan’tbereachedfromtheoutsideworld. (See“NetworkProtocols”inAppendixA, NetworkingBasics.) NOTE Whensettingupaconnectionforthefirsttimewith anetworkthat’sprotectedbyencryption,youmust enteraWEP(WiredEquivalentPrivacy)orWPA(WiFiProtectedAccess)key,whichisanencryptionkey usedinWi-Fitoscrambledatabetweenaclient andaccesspoint.Somesoftwareforcesyouto enterthekeyeachtimeratherthanstoreitina profile—though,fortunately,we’veseenlessand lessofthatovertime.Formoreinformationabout WEPandWPA,seeChapter25,PreventingAccess toYourNetwork.
NOTE Wi-FimayseemalotlikewiredEthernet,anditis: Wi-Fisharesmostofitsinnerworkingswithwired Ethernetanddiffersonlyinthelimitedpartofthe specificationthatcoversthephysicalpartofmoving bitsaroundusingradiosignalsinsteadofpushing electronsdownaphysicalwire.
Chapter3 | WirelessHardware
combinationcanresultinstrangedriverproblemsasonesetofsoftwaretries tocopewiththecarriercardandanotherwiththePCCarditself,andthis styleofadapterhasbeenphasedoutasanoption. TIP Wherepossible,ifyou’renotsurewhetherabuilt-incardcanprovideenough signalstrength,buyawirelessnetworkadapterwithanexternalantenna oranantennajack.It’smucheasiertopluginanantennathantoswapout acard.
Again,withafewexceptions,PCuserswillbemoreinterestedinusingPCI card-basedwirelessnetworkadaptersthanwillMacusersbecausemostmodern PowerMacscanacceptanAirPortorAirPortExtremecard.OlderPowerMac G3ownersshouldreadthesidebar,“OutfittingOlderandWeirderMacs,” laterinthischapter.
MiniPCICard Anincreasingnumberoflaptopmodels,suchastheDellInspiron600mand theGateway200series,takeanevensmallerinternalexpansioncardcalleda MiniPCIcard,inlargepartbecausethat’swhatIntelispushingaspartofthe CentrinoMobileTechnologythatmanylaptopvendorsnowuse. ThebeautyofMiniPCIcardsisthatthey’restandardized,uselittlepower (importantforlaptopbatterylife),andconnecttointernalantennastoimprove rangeoverexternalWi-FiPCCardantennas(andavoidtheinelegantbitthat sticksoutwithaPCCard). MostofthetimethatyoubuyalaptopwithaMiniPCIcard,thecardis preinstalledandpreconfigured,andoftencannotberemovedandreplaced withanewermodel.However,thecostistypicallyhalforlessthanbuyinga similarcardseparately.
ProprietaryInternalSupport Since1999,ApplehasbuiltintoeveryMacaninternalconnectorthataccepts acustomwirelessnetworkadapter.FirstAppleusedaPCCard-likeconnector forits802.11bAirPortcards.In2003,Applereplacedthisconnectorwitha MiniPCI-likeslotfortheAirPortExtremecard.Notethattheseslots,despite thefactthatthecardsusestandardformfactors,areproprietaryanddedicated towirelessnetworking.YoucannotputaPCCardinanAirPortslot,nora MiniPCIcardinanAirPortExtremeslot.And,tobeclear,youcan’tputan AirPortExtremecardintoanAirPortslotbecauseitwouldn’tfit,andevenif suchathingwerepossible,thebusthattheAirPortslotisoncan’thandlethe fullspeedofthe802.11g-basedAirPortExtreme.
27
28
TheWirelessNetworkingStarterKit
OutfittingOlderandWeirderMacs Table3.2aboveoutlinesthepossibilitiesfor olderMacs,butthequestionofhowtoconnectolderMacintoshmodelsthatcan’tacceptAirPortorAirPortExtremecardshas remainedcommoninemailwereceiveand ondiscussionforums.Webroughttogether alltheinformationyouneedinthissidebar. Althoughmanyoftheseoptionswillalsowork forAirPort-orAirPortExtreme-capableMacs, wealwaysrecommendusinganAirPortoran AirPortExtremecardinthoseMacs…with oneexceptionthatwediscussbelow. OlderPowerMacsthatpredateAirPort. ThesecomputerscanuseEthernetadapters, Wi-FiPCIcards,andUSBadapters,buteach comeswithvariousissues.
• AWi-FiEthernetadapterliketheLink-
sysWET11sidestepstheoperatingsystemproblementirely,andmightbeuseful lateronaswell.(Don’tbotherwiththe WET54GsincetheseolderMacshave only10MbpsonboardEthernet,whichis slowerthan802.11g’s54Mbpsthroughput.) We’drecommendtheWET11foranyolder machine,includingthosethatpredatethe PowerPCG3processorthathave10Mbps (10Base-T)Ethernet.
• InMacOS8.6/9x,youcanusetheMac-
Wireless802.11bPCIcard(www.macwireless. com/html/products/80211b/pcicard.html). That’sidealformostofthesecomputers,but sinceallPowerPCG3-basedPowerMacs canrunMacOSX(albeitslowly),youmight
wantasolutionforMacOSXaswell.We haven’ttestedthis,butmany802.11gPCI cardsusingtheBroadcomchipsetworkunderMacOSX10.2.6orlaterifyouhave version3.1orlateroftheAirPortsoftware installed.ThisincludescardsfromBelkin, MacWireless,andothers.
• AfinaloptionistoaddaPCIcardthat
providesUSB(andFireWire,whileyou’reat it)ports,andthenuseaWi-FiUSBadapter fromMacWirelessorBelkin.Notethatthe BelkinunitcomeswithMacOSXdrivers (seebelow).
OlderUSB-onlyiMacs.Thesecomputers lackthePCIslotsofPowerMacs,soyou’re downtoeitheraWi-FiUSBadapterora Wi-FiEthernetadapter(discussedabove). AswithWi-FiPCIcards,findingaUSB adapterthatwillworkinMacOSXwithan olderMacintoshhasbeentricky.However, Belkin(www.belkin.com)nowoffersMacOS XdriversforitsWi-FiUSBadapter,making itthebestchoiceforputtinganolderiMacon awirelessnetwork.It’sabittrickytofindthe BelkindriversontheWebsite,butthisURL —http://web.belkin.com/support/download/ download.asp?download=F5D6050—worked when we were writing the book. If you desperatelywanttomakeanothervendor’s USB adapter work with Mac OS X, and you’renotafraidtogetyourhandsvirtually dirty, Thomas McQuitty has posted instructions—seewww.mcquitty.net/Thomas/
projects/USBWirelessOSX.html—onmodifying
theBelkindrivertoworkwithasimilarUSB adapterfromNetgear. OlderPowerBookG3s.Thesituationisdifferentfortheselaptops,sincetheyallhavePC Cardslots,andeventhoughWi-FiPCCards stickoutabit,they’remoreelegantthanWiFiEthernetadaptersormuckingaboutwith aUSBPCCardadapterandaWi-FiUSB adapter(anunholycombinationthatmight work,butifnot,don’tblameus).Sostickwith aWi-FiPCCardforthesePowerBooks,and rememberthatyoucanbuyhigher-powered PCCardsthatoffergreaterrangethanthe run-of-the-millvariety.WitholderPowerBookG3s,though,yourunintovariousissues surroundingsoftwaredriversandoperating systemversion.
• IfyouuseMacOS9,buyanOrinocoSilver
oraWaveLANSilver(samecard,different name),sinceitusesthesamehardwareas Apple’sAirPortcardsandwillworkwith Apple’sAirPortdrivers.
• InMacOSX,ifyouwanttousean802.11b PCCard,youcantrythefreeopensource driver(checktheWebsiteforcompatibilitybetweenthecardandthedriverbefore buying,ofcourse)availableathttp://wi relessdriver.sourceforge.net/.Theopen sourcedriverworks,buthasn’tbeenupdated inalongtime,soitmayhavetroublewith currentversionsofMacOSXbythetime youreadthis.Abetter-supportedoption
Chapter3 | WirelessHardware
thathandlesmorecardsisthe802.11b wirelessdriverfromthegurusatIOXperts (www.ioxperts.com/80211b_X.html);youcan tryademoversionforfreeandifitworks foryou,buyitfor$20.(IOXpertsalsooffers MacOS9driversforcardsotherthanthe OrinocoandWaveLANSilver.)
• Assumingyou’rerunningatleastMacOS
X10.2.6andhaveinstalledtheAirPort 3.1update,Apple’sdriversautomatically support802.11gPCCardsthatusethe Broadcomchipset.Don’tworryabouttryingtoidentifytheinternalchipset;most manufacturerssayclearlyiftheir802.11g devicesarecompatiblewithMacs.
TitaniumPowerBookG4s.Here’sthatexceptionweweretalkingabout.Apple’sTitanium PowerBookG4caseissoelectromagnetically shieldedthatithalvesthecomputer’swireless networkrange.Tomakemattersworse,Apple placedtheantennainthebase,ratherthan aroundthescreen,thusgivingitsuboptimal receptioncapabilities.Toworkaroundthese limitations,someusersrelyoneitheraWi-Fi PCCard(somepeopleparticularlylikethe SonyPCWA-C150Sbecauseitmatchesthe titaniumfinishofthePowerBookG4and doesn’tstickoutfar)oraUSBadapterthat movestheantennaoutsidethecase;seeearlier inthissidebarfordetailsonwhichWi-FiPC Cardsanddriverstoconsiderforyouroperatingsystemversion.
29
30
TheWirelessNetworkingStarterKit
Appleisn’ttheonlyonebuildingproprietarywirelessnetworkingadapters intodevices.Althoughwehaven’theardofanyPClaptopvendorsdoingthis, it’sincreasinglycommonwithhandhelddevices,suchasPalmOShandhelds andPocketPCs.ThePalmTungstenC,forinstance,featuresbuilt-in802.11b supportthatenablesittoaccesswirelessnetworksforInternetconnectivity andforremotedatasynchronization. NOTE CardsthatfitintoanAirPort,AirPortExtreme,orMiniPCIconnectorhookto anantennabuiltintothecaseofthelaptopordesktopcomputeritself—often twoantennasrunupbothsidesofabuilt-inLCDdisplay.Becausethese antennascantypicallybebothlongerandmoreintegrallydesigned,they offersignificantlybetterrangeandreceptionthanthetinyantennasjammed intootheradapters.
CompactFlashCard Manyhandheldsanddigitalappliances,suchasPocketPCorganizers,cameras, andMP3players,useCompactFlashcardsforstorage,andsomealsonowsupport Wi-FiCompactFlashadaptersforconnectingtotheInternetorsynchronizing. Linksys(www.linksys.com),SanDisk(www.sandisk.com),andothermanufacturers haveCompactFlashwirelessadaptersthatworkwithWindowsCE2.1and WindowsMobile2003PocketPCs.We’vealsoheardcameramakerstalkabout usingWi-Fiasawaytostreamphotostoanearbycomputer,insteadofstoring themonthecameraitself(seeChapter18,WirelessGadgets). ManydevicesrelyontheCompactFlashcardforstorage,makinganewproduct fromSanDiskthatcombinesaWi-FiCompactFlashadapterwith128MBof RAMtheidealcompromise.ManyotherdevicesthatsupportCompactFlash forstoragecan’tuseaWi-FiCompactFlashadapterpurelybecauseofthe physicalformfactor.Asyoumightexpect,aWi-FiCompactFlashadapter stillneedsastubfortheantenna,eliminatingdevicesthatholdCompactFlash cardsentirelyinternally. NOTE NotalldeviceswithCompactFlashslotshavethebuilt-insoftwarenecessaryto handlewirelessnetworking;besuretocheckforcompatibilitybeforeassuming yourCompactFlash-capabledevicecanuseaWi-FiCompactFlashadapter.
SecureDigitalIOCard Severalhandhelds,includingsomePocketPCmodelsandsomeorganizers fromPalm,accepttinySecureDigitalIO(SDIO)cards.Untilveryrecently, therewerenoWi-FiSDIOadapters,butthere’snowonefromSanDisk
Chapter3 | WirelessHardware
(www.sandisk.com),andweexpecttoseemorefromothermanufacturersas well.SinceSDIOslotsaren’tquiteasfastasCompactFlashslots,performance doessufferabitincomparison.MakesureyourdeviceissupportedbytheWiFiSDIOadapter,sincenotevenallPocketPCshavethenecessarylow-level networkingsoftware.
ExternalWirelessAdapters Somecomputers,suchasanyiMacorPowerMacthatpredatestherelease ofApple’sAirPorthardware,mustuseanexternalwirelessadapterbecause theylackaslotforaninternalwirelesscard.Externalwirelessadapterscan beusefulforsomemodernmachinesaswell,if,forinstance,acomputer’sPC Cardslotsarefull,you’renervousaboutmessingwithPCIslotsthatmightbe fullofadapters,orthecomputerrequiresmultiplewirelesscards.Although locatinganexternaladapterwasamajorobstacleinthepast,they’renow commonlyavailable. TIP WehavenoideawheretocategorizethisWi-Fiadapter.TheEnforaWireless LANPortfolioisacaseforPalmhandheldsthatprovidesWi-Fiaccessby pluggingintothePalmUniversalConnector.It’snotclearifit’sshippingyet, butyoucanlearnmoreatwww.enfora.com.
USBAdapter TheUSBport,whichisoftenusedforplugginginkeyboards,mice,andprinters, canalsoacceptexternalwirelessadapters.Don’tworryaboutperformance degradationwiththeolder802.11bstandard,sincestandardUSB1.1runs at12Mbps,slightlyfasterthanthe11Mbpsmaximumthroughputof 802.11bnetworks.USB2.0operatesat480Mbpswhichisfastenoughto handleeitherofthe54Mbpswirelessspecifications,802.11aand802.11g, andBuffaloTechnologyhasjustintroducedan802.11gUSB2.0adapter (www.buffalotech.com/wireless/products/airstation/wliusbg54.php).See Chapter2,WirelessStandards,fordetailsonthesespecifications. TIP SomeUSBhubsmaynothaveenoughpowertohandleaWi-FiUSBadapter. Ifyourunintothis,tryusingapoweredUSBhub,andfailingthat,plugthe adapterdirectlyintooneoftheUSBportsonyourcomputer.
EthernetAdapter Somenewerhomeelectronicsdevices,suchastheReplayTVdigitalvideo recorder,Microsoft’sXBox,andSony’sPlaystation2,aswellassomeolder
31
32
TheWirelessNetworkingStarterKit
computers,haveonlyanEthernetportorcan’tacceptthesoftwaredriversto handlewirelessnetworks.Inthosecases,youwantawirelessnetworkadapter thatplugsdirectlyintothedevice’sEthernetport. ThemostpopularWi-FiEthernetadapteristheLinksysWirelessEthernet Bridge(WET11),whichcostslessthan$100andworkswellinseveralodd situations(www.linksys.com/products/product.asp?grid=33&scid=36&prid=432). ThepopularityoftheWET11hasencouragedLinksystoproduceavariety ofsimilardevices,suchasthewalkie-talkie–likeWireless-BGameAdapter (WGA11B),whichappearstobeessentiallyaWET11withafrontpanelbutton forselectingthecurrentchannel.Andifthe11Mbpsofthese802.11bdevices isn’tsufficient,therearemoreoptionsfromLinksys:theWireless-GEthernet Bridge(WET54G)andtheWireless-GGameAdapter(WGA54G)—both ofwhichconnectanyEthernet-capabledevicetoawirelessnetworkusing 802.11g.
Antennas Allaccesspointsandwirelesscardshaveantennasthatarebuiltinorthatconnect toaspecialantennajack.However,giventhesizeofthesedevices,particularly thediminutivewirelesscards,there’salimittotherangethattheseincluded antennasprovide.Forbetterrange,youwantanexternalantenna. Inthesimplestterms,anantennaincreasesthepowerofatransceiver.A transceivercombinesatransmitterandareceiver,sobybetterfocusingthe electromagneticenergyenteringandleavingtheradio,theantennaincreases bothtransmissionsignalstrengthandreceptionsensitivity.Thepowerofan antennaisexpressedindecibels,ordB,andeveryantennahasapowerratingin decibels,generallyreferredtoasthegain.Decibelsincrementonalogarithmic scale—asmallincreaseindecibelsresultsinalargechangeinsensitivity. NOTE It’snotnecessarilytruethatthelongerorlargertheantenna,thebetterthe signal.Instead,shape,composition,andanumberofotherfactorscombine todeterminegain.Higher-gainantennas,forinstance,alsofocustheirenergy intonarrowbeamssuitableonlyforpoint-to-pointinterchanges.SeeChapter 34,Long-RangeAntennaBasics,formoredetails.
UsesforAntennas Byaddinganexternalantennatoawirelessnetworkdevice,youcanextendthe device’srangefromafewhundredfeettothousandsoffeetoreventensofmiles. Therearetwomainreasonsyou’dwanttoextendyournetwork’srange.
Chapter3 | WirelessHardware
First,andmostlikely,ifyouhavetroublereceivingthewirelessnetworksignal inpartsofyourhomeoroffice,asmallantenna—eitheranomnidirectional antennaifyouraccesspointisinthemiddleofyourdesiredarea,oradirectional antennaifit’sononeside—mightincreasethepowerenoughtopunchthrough theobstacle(seeChapter21,IndoorAntennaBasics).Ifthatdoesn’twork,you cantryotheroptions,whichwe’llcoverinabit. Second,ifyouwanttosetupalong-range,point-to-pointwirelessconnection, youdefinitelyneedanantenna,anditwilllikelybefairlylarge.Point-to-point connectionsgenerallyuseparabolicoryagitypeantennas,bothofwhichhave relativelynarrowsignals—thefartheryouwantthesignaltoreach,themore focuseditneedstobe.WetalkinSectionVI,GoingtheDistance,abouthow tocreatelong-distance,point-to-pointlinks.
ConnectinganAntenna Manywirelessnetworkingdeviceshave“standard”antennaconnections. Inthesecases,eachdeviceoffersaplugintowhichyoucanhookapigtail
LegalAntennas Allunlicensedwirelessnetworks,suchasthose usingWi-Figear,aresubjecttostrictandenforcedpowerlimitationscreatedtoprevent unnecessaryinterferenceamongunlicensed devicesandtoavoidinterferingwiththefew licensedusersofthesameband. Strictlyspeaking,antennasandtransceivers are approved by the FCC and regulatory bodieselsewhereonlyascompletesystems: eachantennaandeachsystemaretestedand approvedtogethertoassurethattheydon’t emitmorepowerthantherulesallow,andthat theyconformtootherlimits.Somepartsof theworldaremorestringentthanothersabout actuallyenforcingsuchregulations. However,manypiecesofwirelessgearhave plugsorconnectorsthatallowyoutoconnect antennasfromavarietyofsources,oreven
homemadeones,suchasthosedevelopedby communitywirelessnetworkinggroups.These antennasare,unfortunately,illegaltousein mostcases,eventhoughenforcementwould belikelyonlyifyouwerebroadcastingsomuch powerorinsuchawaythatotherpeoplenoticed (seeChapter34,Long-RangeAntennaBasics). There’safinelinetoskirthere,andwhilethe rulesareclear,it’shardforindividualstounderstandhowtoactwithinthemwithoutbeing antennaexpertsorFCClegalspecialists. Ouradvice?Mostdevicesyoucanbuyand theantennasthatgowiththemstaycollectivelywithinthepoweroutputrulesand won’tviolatethespiritofthelaw.Wedon’t advocateviolatingtheletterofthelaweither, ofcourse,butifyouexercisecommonsense, youshouldbeokay.
33
34
TheWirelessNetworkingStarterKit
(smallcableadapter)thatthenconnectstoacoaxialantennacable.Wequote “standard”abovebecausetheFederalCommunicationsCommission(FCC), whichregulateswirelesscommunicationofalltypesintheU.S.,discourages attachingarbitraryantennastoconsumerwirelessnetworkinggear.That’s becausetheFCCworriesaboutpeopleconnectingtoo-powerfulantennasand steppingalloverotherusesofthespectrum.Onewayofaddressingthisconcern hasbeentorequirethateverymanufactureruseadifferenttypeofantenna connector.SothepigtailthatworkswithyourOrinocoSilverPCCardwon’t workwithaLinksysPCCard,andsoon.It’sannoying,butaslongasyou’re carefulwhenbuying(andit’susuallyeasiesttobuyfromthesamemanufacturer forthatreason),youshouldn’thaveserioustrouble. Addinganantennasometimesrequiresspecialeffort.Ifyouopenanoriginal AppleAirPortBaseStationanddrillaholeinitsplasticcase,youcanaddan externalantenna,butit’snotamodificationforthefaintofheart.(TheWeb sitewww.vonwentzel.net/ABS/hasdetailedinstructions.)ThenewerAirPort ExtremeBaseStation’smoreexpensivemodelhasanexternalantennajackand Dr.Bott(www.drbott.com)offerstwoantennasthataredesignedandcertified toworkwithit.HyperLinkTechnologiesalsosupportstheAirPortExtreme BaseStation(www.hyperlinktech.com/web/apple_antenna_kits.php). Ifyouhaven’tyetpurchasedwirelessnetworkinghardwareandthinkyou mightwantanexternalantenna,makesuretoaddthatfeaturetoyourlist whencomparingdifferentdevices.
4
OtherWirelessStandards
AlthoughWi-Fihasbecomethestandardformovingdataathighspeedsaround alocalareanetwork,notalldatacommunicationsneedbothhighspeedanda localnetwork.Andeventhoughwehavethree802.11standardsalready—a, b,andg—moreareonthewaythatsupplementthesethreeandimprovethe waytheymovedataaround. Inthischapter,welookatBluetooth(shortrange,slow,andlowpower),cellular datastandards(slowbutwithwidecoverage),WiMax/802.16(longrange, fast,andforpoint-to-pointconnections),andseveralmembersofthe802.11 familythatcanimprovespeed,increaseinternationalsupport,andimprove thewaydevicescommunicate.
Bluetooth WhenyourealizethatyouforgottopacktheUSBcablenecessaryfor downloadingimagesfromyourdigitalcamera,trytouseinfraredtosynchronize yourPalm,orwanttosharefileswithoutanetworkinsight,Bluetoothstarts tomakealotofsense. Bluetoothisashort-range,adhocnetworkingstandardthatusesthesame2.4 GHzbandas802.11band802.11g.Designedtorunatarawrateof1Mbps oranetthroughputofabout700Kbps,BluetoothomitsalltheEthernet-like overheadofWi-Fitoenablequickconnectionsbetweencomputersandother devices,oftenforshortperiodsorsingle-itemtransactions(Figure4.1). Bluetoothwasfirstenvisionedasacheapandbatterysensitivealternativeto Wi-Fi.IntheyearssinceBluetooth’sintroduction,however,Wi-Fideviceshave
36
TheWirelessNetworkingStarterKit Figure4.1 Bluetooth networking. Laptopinteractingwith desktop,PDA,andcell phoneoverBluetooth.
droppedinpriceandbecomelesspowerhungry.ButBluetooth’sstrengthsstill lieinitsenergymiserlinessanditscapabilitytomakefast,simpleconnections againandagain—thoughonlyafteryou’vetediouslyintroducedthedevices toeachother.
BluetoothTechnology Bluetoothusesfrequencyhoppinginsteadofdirectsequence,andBluetooth deviceschangefrequencies1600timespersecond.Thiscombinationmakes Bluetoothhighlyresistanttointerferenceandobstructions,andallowslarge numbersofBluetoothtransceiverstoworkinthesamesmallspacewithout steppingoneachother.
Bluetooth’sSuccessors YoumightnoticethatBluetoothhasjusta trademarkednameandnoIEEEnumber.In 2002,theIEEE802.15WirelessPersonalArea Network(WPAN)WorkingGroupsolved thatstandardsproblembyapproving802.15.12002.Thisstandardisalargesubsetofwhat Bluetoothoffers,andisfullyapprovedbythe groupthatcontrolstheBluetoothstandard,the BluetoothSIG.Expectmoredeviceslabeled with802.15.1orthatquietlysupportit. Meanwhile,theWPANhaspushedforward withtwonewstandardsthatwilleventually replacemostofBluetooth’scurrentuses.The 802.15.3agroupfocusedonhigh-speed,shortdistance,simplestreamingofmediaandeasy filetransfers.Theirworkisunderwayin2003 tooffer110Mbpsat10metersand480Mbps at1meter.The802.15.3astandardwillprob-
ablyuseultrawideband,apromisingnewlowpowertechnology:SeeChapter5,Wirelessof the(Near)Future. Attheotherendofthefigurativespectrum,the 802.15.4committeewantedtoextendbattery lifetomonthsoryearswhileofferingjustafew Kbpsinshort-rangetransfer.Thisgroupaims toreplaceinfraredhome-entertainmentremote controls,alarmwiring,andotherlow-databut long-useequipmentwithwirelessdevicesthat caneasilytalktoeachother.Thetradename forthisin-progressstandardisZigbee. Both802.15.3aand802.15.4havethepotential totakeoverfromthetwocriticalsweetspots inBluetooth’scurrentmarket,butcompanies makingtheequipmentexpectitwon’tbeuntil 2006or2007.
Chapter4 | OtherWirelessStandards
Bluetooth’srangeisonlyabout30feet,whichseemsshort,exceptthatitwas alwaysplannedtoworkatlowpowertopreservethebatterylifeofhandheld devicesandcellphones,aswellasotherkindsofobjectsthatmighthave embeddedBluetoothchips. DevicediscoveryiskeytoBluetooth’seaseofuse:insteadofhavingtoknow anythingaboutapieceofBluetoothequipmentyouwanttoexchangeinformation with,suchasanetworkaddressoradapternumber,youcansimplymakethe devicediscoverable,andtheequipmentyou’reconnectingfromcanseeit,exchange ashortpassphraseforauthentication,andthenpassdatabackandforth. Bluetoothand2.4GHzWi-Fihavehadafewco-existenceproblems:makers ofbothkindsofequipmentinitiallywarnedagainstputtingtransceiverswithin threefeetofeachotherinordertoavoidinterferencethatwouldreducethe bandwidthofbothtransceivers.Asmoredevicesincludeorsupportboth Bluetoothand802.11borg,suchasApple’s17-inchPowerBookormodelsof Sony’sPalmOS-basedCliéhandheld,however,manufacturershaveworked outcompromisestoallowbothtofunctionwithsomecoordination. FutureversionsofbothWi-FiandBluetooth—throughtheeffortsofyet anotherIEEEcommitteeknownas802.15.2—shouldworkside-by-sidewith fewerconflicts.The802.15.2specificationrequiresdevicestominimizetheir useofbusyfrequencies.
BluetoothUses Originallydesignedasa“cablereplacement”byanindustryconsortiumcalled theBluetoothSpecialInterestGroup(www.bluetooth.com),Bluetooth’sreal utilityseemstolieinitsroleasauniversaltranslator.Bluetoothstandardsallow radicallydifferenthardwaredevicestoconnectwithminimalconfiguration andnospecialdrivers. Forinstance,withaBluetoothphoneinhand,suchasseveralmodelsoftheSony EricssonTline,youcanuseacomputerwithaBluetoothadaptertodialthe phone,synchronizephonenumberswiththephone’sbuilt-inaddressbook,and placedatacallsusingthephone’sGSMorGPRSinterface(Figure4.2). AppleaddedfullsupportforBluetoothtoMacOSX10.2Jaguar;Microsoft planstoaddBluetoothsupporttoWindowsXPinanupdatethatshouldbe outbythetimethisbookispublished(ofcourse,Microsoftsaidexactlythe samethingbackwhenwewrotethefirsteditionofthisbook). Onthehardwareside,anumberofdevicesnowofferBluetoothnetworking options,includingadd-onUSBadaptersandPCCardsmadebyBelkin,3Com,
37
38
TheWirelessNetworkingStarterKit
Figure4.2 SonyEricssonT608.
D-Link,andothers;laptopsanddesktopswithinternalcardsorbuilt-insupport; cellphones,whicharestartingtoincludebothGSM/GPRSandthemore frequentlyusedU.S.standard,CDMA;andplug-incardsfor(orhardware includedwith)PalmOSandPocketPChandhelds.Youcanevenbuyaparallel portadapterfrom3ComthatturnsaprinterintoaBluetoothdevice—handy forprintingfromacomputerorhandheldinthesameroom. OneofBluetooth’spromisesisthatitcanturnacellphoneintoanaccessorythat younevertouchdirectly.Youcouldmakelaptopdataconnectionsviayourcell phoneinyourcomputerbag,dialthecellphoneinyourpocketfromyourPalm OShandheld,ortalkonaBluetoothheadsetthattransmitsthevoicesignaltoand fromyourcellphone.SeeChapter11,ConnectingviaBluetooth,fordetails. AlthoughBluetoothisn’treallyacompetitorforWi-Fi,ithasarealrolebetween robustEthernet-stylenetworkingandthemélangeofcablesandincompatible standardsthataresofrustratingwhenmovingbitsofinformationbetween smalldevices.
CellularDataNetworks Cellularphoneserviceiswidelyavailableinpopulatedareas,andcellphones havebecomecommonplaceinmostcities.Imagineifthesecellnetworkscould alsohandledata,notjustvoicephonecalls?Insteadofbeinglimitedtowireless hotspots,you’dbeabletosendandreceivedatapracticallyanywhere. Ofcourse,cellnetworksalreadycarrydata:thevastmajorityofthecellnetworks worldwidenowhandledigitalvoicecalls,theso-called“secondgeneration”of celltechnology(thefirstgenerationwasanalog).Withspecialadapters,alot offrustrationandpatience,andahightoleranceforper-minutefees,youcan ekemaybeafewthousandbitspersecondoutofthesedigitalcellnetworks. Forinstance,onCingular’snetwork,youcanmake9600bps—yes,bitsper second—modemcallstoanInternetserviceprovider.
Chapter4 | OtherWirelessStandards
NOTE Theseinterface,speed,andcostproblemsarestillanissuebecause,remarkably, celloperatorsweren’tthinkingaboutpushingdataovertheirnetworkswhen theyspentbillionsinthemid-1990stobuylicensestooperatedigitalvoice networks.ThefirstinklingwasAT&T’squicklyabandonedProjectAngel,which wasanever-builttrialnetworkthatsuggestedtherevolutionaryideathat packetdatacouldbesentovercellularnetworks.Celltelcos’lackofinterestis oneofthereasonsWi-Fihadachancetobecomepopular.
Second-generationcellnetworksarelimited,however,bytheconceptofa connection:theserviceisavailableonlywhenyouconnecttoit,andyoumust maintainacontinuousconnectiontoexchangedata(ortalktosomeoneelse). Thisconnectionconceptisstandardwiththetelephonenetwork,whichis genericallyreferredtoasacircuit-switchednetwork,becauseit’slikehaving yourveryownwire—acircuit—fromyourtelephonetothetelephoneofthe personyou’recalling.
TheThirdGeneration Athirdgenerationofcellnetworks,oftencalled3Gforshort,aimstoturn digitaldataintotheprimaryapplicationofcellcarriers,withvoice,multimedia, andInternetaccessallintermingledthroughavarietyofdevices,including phonesandcomputernetworkadapters,aswellaskiosksandnewconsumerand automotiveelectronics.Inthe3Gworld,dataisavailableatalltimes.Because thecellnetworkturnsfromacircuit-switchednetworkintoapacket-switched networkliketheInternet(inwhichthedatatobetransferredisbrokeninto packetsandsentalonganynumberofpaths),thecellphoneandcell-enabled devicesarealwaysconnectedtothenetwork. Cellulardataservicewiththe3Gmonikerissupposedtoofferatleast384 Kbpsofbandwidthperuser,andmanyofthesystemsnowintestinghavea theoreticalpeakof2.4Mbps,withindividualusers,inidealcases,havingaccess tobetween400Kbpsand1.2Mbps.But3G’subiquitymeansthatitcould operatemoreslowlywhenusedbymanycustomersinlargerareas,thoughit wouldstillprovidebetter-than-dial-upspeeds.Theselowspeedscouldbe availableinanymetropolitanarea,onhighways,andpotentiallyelsewhere. Thehighestspeedswouldconceivablybereachedonlyinthedensestpartsof citieswherecellularcompaniesmightinstallmanymore“picocells”—tinyareas ofhighcoverage—orevenonlyinsideofofficebuildingsthathaddedicated interiortransmitters. Because3Gdevicesarealwaysonthenetwork,evenslowspeedsaren’ta hindrancewhen,forinstance,newmapsarebeingspooledintoyourcar’s
39
40
TheWirelessNetworkingStarterKit
directionalsystem,ortheday’sheadlinesaredownloadingintoyourPDA. Servicesthatpushinformationtoyoutakeadvantageofthenetwork’subiquity innottyingyoudownwhiletransferringdata. AsofSeptember2003,onlyafewU.S.celloperatorshavebeenwillingtoeven discusstheirplansfordeploying3G.SprintPCSwasstillinthelabwiththe flavoritprefers,1xEV-DV(EvolutionData/Voice);AT&TWirelesscommitted tohavingatleastsixU.S.citiescoveredwithserviceby2005tomeetaloan obligation;andVerizonWirelesswasexperimentingwith1xEV-DO(Evolution DataOptimized)inSanDiegoandWashington,D.C.Othercarriers’plans areevenmurkier.Elsewhereintheworld,particularlyinAsia,celloperators havebeendeployingearlierversionsof3Gmorewidely.InEurope,carriers spent$100billiononspectrumlicenses—beforeevenknowingwhether3G ideaswouldworkintherealworld! Evenmoretroubling,pricinghasn’tbeensetforanyoftheseservices,andfew carriersoranalystsareevenspeculatingastowhattheycouldcost. NOTE TheU.S.andtherestoftheworlddidn’tagreeonwhichfrequenciestousefor 3G,whichmeansthataU.S.-based3Gphonewon’tworkinEuropeorAsia andvice-versa,unlessthephonesupportsabouteightdifferentfrequency bandstoencompassallthepossibilities.
NOTE Asyoumightexpect,wherethere’s3G,there’s4G.Putativefourth-generation celldatanetworkswillabandonalltheproprietaryandindustry-specific networkingprotocolsinfavorofapureInternetProtocol(IP)networkthat works,well,justliketheInternet.Althoughmanyresearchersareworkingon4G networks,there’snostandardyetandnoideawhen4Gdeviceswillappear.With 4G,itseemslikelythatWi-Fianditsilkwillconvergewith3Ganditscronies.
OneHalfStepBack Whenis2.5greaterthan3?Whenyou’redealingwithastopgapmeasurethat thecellularoperatorsdevelopedtobridgethedigitaldividebetween2Gand 3Gservice.Theycallit2.5G(pronounced“twopointfivegee”),andit’san amalgamofless-expensivecelltowerupgradesandcobbled-togethermethods ofachievingmodem-or-betterdataspeedsviadigitalcellularconnections. 2.5Gtechnologyisdesignedtooffersomethingbetween10and150Kbps, andtendstobepricedatreasonablelevels. Becausetherearetwokindsofcellularnetworks,therearetwokindsof2.5G datanetworks,too.IntheU.S.,CDMA(CodeDivisionMultipleAccess) dominates.TherestoftheworldadoptedGSM(GlobalSystemforMobile
Chapter4 | OtherWirelessStandards
Communications),whichCingular,T-Mobile,andAT&TWirelessuseor areintransitiontouseintheU.S. The2.5GtechnologyforGSMcomesinflavorsknownasGPRS(General PacketRadioService)andEDGE(EnhancedDataGSMEnvironment). GPRSprovidesfrom10to50Kbps;EDGEshouldtop100Kbpswhenit’s deployed.CingularisthefirstU.S.networktopromiseanEDGErollout,and CingularwastestingtheserviceinIndianapoliswhenwewrotethisbook. Pricingisstillupintheair. TheCDMAhalf-stepcomesunderanumberofnames,with1xRTT(Radio TransmissionTechnology)beingthemostcommon.Somecarrierscall1xRTT “3G,”butitoperatesatonlyamaximumof144Kbpsintheory(notthe384 Kbpsnominallyrequiredfor3G),andmorelike50to70Kbpsinthebest cases.VerizonWirelessandSprintPCSbothofferunlimited1xRTTservice for$80permonthviaaPCCard,anddifferentdealswhenyouuseacellphone throughwhichyoucanmakevoicecallsandconnectyourcomputer. NOTE The“1x”in1xEV-DV,1xRTT,andotherstandardsreferstothefirstwaveof3G standards.Eventually,carriersexpecttooffer3x,which,youguessedit,has threetimesthefrequencyavailablein1x—inthiscase,spectrumperuser.
WhyCan’tWeAllGetAlong? With3Gnotlikelytoemergefullyuntilatleast2005or2006,and2.5G offeringjusttensofkilobitspersecond,thecellcompaniesfacedadilemma: howtokeepcustomerswhomighteventuallyreducetheirdependenceoncell phonesbyusing,forinstance,voice-over-IP(VoIP)phonesorservicesthat workthroughanyInternetconnection? ThesolutionappearstobetoaddWi-Fitothemixofcommunicationsservices offeredbycelloperators.T-Mobilewasthefirstintotheactwhenitpurchased theassetsofbankrupthotspotnetworkpioneerMobileStarinearly2002. T-MobilehassincebuiltaU.S.networkofStarbucks,Borders,andKinko’s thathit3000locationsinOctober2003.T-Mobilecurrentlydoesn’tshare itsnetworkintheU.S.withanyotherWi-Fiproviders,althoughitdidink aninternationalroamingagreementinthemiddleof2003withtheWireless BroadbandAlliance,whichhasmostlyAsianmembersandhasn’tfinalized detailsastowhenitwillstartallowingroaming. Meanwhile,SprintPCSannouncedinJuly2003thatitwouldresellaccessto WayportandAirpath’shotspotnetworks,whileinstallingatleast1300ofits ownhotspotsinairportsandhotelsbytheendof2003.VerizonWirelesssaid
41
42
TheWirelessNetworkingStarterKit
itwouldstartresellingWayport’sserviceaswellduring2003.AndAT&T Wirelessstartedwithairports,agreeingtorunDenver’salready-builtWi-Fi network(Denverhadsearchedforanoperatorfornearlytwoyears)andNewark InternationalAirport.AT&TWirelessnowresellsWayport’snetwork,too. Cingular,whichismostlyownedbySBCCommunications,willoffersome kindofserviceviaSBC,whichplanstoresellandinstall6000hotspotsby 2006,starting,youguessedit,withWayport’snetwork.Nextelhasn’tannounced plansaswewritethis. InAsiaandEurope,celloperatorshavebecomeevenmoreinvolvedwithWiFi,formingpartnershipsorbuildingoutwirelessnetworks.TeliaSonera,the Swedish/Finnishcellgiant,operatesseveralhundredhotspotsacrossScandinavia undertheHomeRunbrandandoffersroamingagreementsacrossEurope.In JapanandSouthKorea,dominantcellcarriershavealreadyinstalledthousands ofhotspots,oftenincompetitionwiththelandlinephonecompanies. Simultaneouswiththeserolloutsandroamingagreementscomestheongoing developmentbymanywirelessnetworkingchipmakersofmultiple-standard networkadapters.Theseadapterswilltalk802.11a/b/g,aswellascellulardata flavorsincludingGSM,GPRS,1xRTT,andevenBluetooth. Eventually,weexpecttoseeasinglePCCard,probablyusingatiny,cell phone-stylepersonalauthenticationcardfromtheGSMworldcalledaSIM (SubscriberIdentityModule),thatcouldenableyoutoroamfromcellular networktohotspottocellularnetworkwithuninterruptedaccess.Or,perhaps yourlaptopwillconnecttoyourcellphone(probablyviaBluetooth)toaccess theInternet. It’sclearthatthecellphonecompaniesdon’twanttoleavemoneyonthetable, andwithtensofmillionsoflaptopsalreadyequippedwithWi-Fiadapters, theyalreadyhaveanaudiencetheycouldserve. Weexpecttherealbreakthroughwillbeacombinationofsimplicityand seamlessness:asinglebill,asingleauthenticationmodule,nologinorcaptive portalpages,andtransparentservicewhereveryougo.
MeettheFamily:802.11Relatives Heavenforbidthatwementionevenmorenumbersandletters,butwecan’t helpit.802.11isafamilyofstandards,eventhoughwe’remostfamiliarnow withthelettersa,b,andg.Comingdownthepipeareseveralmoreletters
Chapter4 | OtherWirelessStandards
representingtaskgroupsthathavemorespecificmissionsinmind:streaming data,securityfixes,higherthroughput,internationalcompatibility,andothers. MeettherestofthefamilyinTable4.1.
NOTE Don’tmakebigplansaroundfuturereleasedates.Ourresearchshows thatthepredicteddatesareoftenayearormoreearlierthanwhatactually endsuphappening.Buildingtechnicalconsensusinavolunteerorganization takestime.
802.11e:QualityofService Qualityofservice,orQoS,isameansofensuringthatnetworkusesthatneed totakeplaceinrealtime,suchasvoiceandvideo,aren’tinterruptedbyother packetscontainingdatathataren’ttime-sensitive,suchasemail.Withan emailmessage,ifittakesafewextrasecondsandretransmissionattemptsfor allthepacketsthatcomprisethemessagetoarriveattheirdestination,noone notices.However,ifyou’retalkingwithsomeoneoveranetwork,evenasmall numberoflostordelayedpacketscanresultinstutteringorgarbledspeech. That’sabadthing,particularlyasmorecompaniesstartexperimentingwith voice-over-IP(VoIP)softwareandhardwarethatcouldeventuallysupplement orreplacetraditionaltelephonenetworks.So,thegoalofthe802.11etaskgroup istodevelopQoStechnologythatwillhelpWi-Finetworksavoidproblems whentransmittingtime-sensitivedatalikevoiceandvideo. One802.11einnovationhasalreadystartedcreepingintochips.It’scalled frameburstingorpacketbursting,anditimprovestheratioofdata-to-network overheadonaWi-Finetworkbysendinglargeramountsofdatainindividual frames,anothernameforpackets.Because802.11bisrelativelyslow,Wi-Fi dataissentinsmallpacketswithmandatorygapsbetweenthem. Astherawspeedof802.11bquintupledfrom11Mbpsto54Mbpsin802.11g, thepacketsizestayedthesame,meaningthattherewerealotofquickly transmittedpacketswiththosesamemandatoryspacesbetweenthem.Packet burstingcanspeedupmixed802.11b/gand802.11g-onlynetworks. Packetburstingappearsasanoptionalfeatureinmostofthe802.11gchipson themarkettoday,andit’sasubsetofthe802.11edraft.Packetburstingfrom differentchipmakersmightnotofferasmuchimprovementinitiallyashaving equipmentallfromthesamemaker. Wecanexpecttoseeafinalversionof802.11ebyearly2004.
43
44
TheWirelessNetworkingStarterKit
802.11f:Inter-accessPointCommunication Rightnow,Wi-Fiaccesspointsaren’tverygoodatcommunicatingamong themselves.Dependingonthemanufacturer,someaccesspointscancoordinate certainactivities,likeallowingauseralreadyloggedintothenetworktoroam toanotheraccesspoint;othersdon’ttalkamongthemselvesatall. With802.11f,accesspointswillbeabletoofferfasthandoff,soauthenticated usersdon’thavebreaksinserviceastheyroam,whichisespeciallyimportant inlogisticsoperations,likewarehouses. Someof802.11f ’sfeaturestieinwiththenewsecuritystandard,802.11i. Table4.1
802.11RelativesataGlance Task Group
WhatItDoes
ExpectedorActual Ratification
802.11d
Modificationsofearlier802.11specificationsfor compatibilitywithregulationsinothercountries
June2001
802.11e
AddsQualityofService(QoS)to802.11a,b,andgfor voiceandvideoapplications
Early2004
802.11f
Improvescommunicationbetweenaccesspointsfor authentication
July2003
802.11h
Modificationsofother802.11specificationsfor compatibilitywithEuropeanregulationsinthe5GHz band
Ongoing
802.11i
Improvessecurityofwirelessnetworks
Earlytomid-2004
802.11j
Modificationsofother802.11specificationsfor compatibilitywithJapaneseregulationsinthe5GHzband
Ongoing
802.11k
Providesbetterreportingofsignalstrengthandother physicalattributesofradio
Ongoing
802.11l
Doesn’texistbecausealowercaseLlookstoomuchlike thenumeral1
Whenhellfreezes over,ifengineershave anysayinthematter
802.11m
Minormodificationsandfixestopreviouslypublished specifications
Ongoing
802.11n
Aimstoincreasetherawthroughputofwirelessnetworks to100Mbpsorhigherandtoensurethatmoreoftheraw throughputisactuallyusable
Ongoing
Chapter4 | OtherWirelessStandards
802.11i:Security ThefactthatcurrentWi-Fiencryptioncanbebrokenrelativelyeasilyhas botheredmanypeopleandslowedWi-Fi’sacceptanceinthebusinessworld, whereprotectingeverythingfromconfidentialbusinessdocumentstocredit carddatabasesisparamount.Fortunately,theIEEEhasbeenworkingon improvingsecurityforyears,andafteravarietyoftheusualdelays—political fights,technicalsetbacks,andlogisticalissuesoverratification—802.11iis poisedbothtoimprovesecurityandtomakesecuringanetworkeasier. 802.11ireplacesthebrokenWEP(WiredEquivalentPrivacy)encryption systemwithTKIP(TemporalKeyIntegrityProtocol),abackward-compatible methodofencryptingdataonawirelessnetworkthatcanworkonolder equipment.SupplementingTKIPisAES(AdvancedEncryptionSystem), thebestencryptionnowavailableforgeneral-purposeuse.AESwillbeused innewerdevices. 802.11ialsoaddspre-authentication,whichenablesauserloggedintoa corporate-stylenetwork—oneemployinguseraccountsforwirelessaccess— connectedtooneaccesspointtomovetoanotheraccesspointwhilemaintaining theconnection;thisfeaturereliesontheinter-accesspointcommunication providedby802.11f,asexplainedabove. Thetimetablefor802.11iapprovalisearlytomid-2004. NOTE Youmightwonderhow802.11iinteractswithWPA(Wi-FiProtectedAccess). TheWi-FiAlliancereleasedWPAinmid-2003,andsupportgraduallyappeared inthesecondhalfof2003.Inshort,WPAisheretoday,anditoffersmanyof thebestfeaturesof802.11i.Infact,WPAisalargeandcompatiblesubsetof 802.11i,sowecanexpecttosee802.11isupplementingWPAafterratification. SeeChapter25,PreventingAccesstoYourNetwork,formoredetails.
802.11n:HigherThroughput Aconsistentcomplaintabout802.11aandgisthatalthoughtheyhaveahigh rawspeedof54Mbps,theirrealthroughput—themeasureoftheactualamount ofdatatransmittedafteryousubtractnetworkingoverheadneededtomove dataaround—iscomparativelypoor:about20to25Mbps. Inresponse,the802.11ngroup,whichstarteditsworkontheheelsof 802.11g’scompletion,willtrytoincreaseboththeoverallspeedoffuture 802.11protocols—toatleast100Mbpsandmaybeover300Mbps—andthe actualthroughputsothatmorerawbandwidthisusedtotransferusefuldata, ratherthanjustnetworkoverheadpackets.
45
46
TheWirelessNetworkingStarterKit
802.11d,h,j,andm:RegulatoryCompatibility andMaintenance Justsothelesserrelativesdon’tfeelleftout,meetafewofthequietsiblings. 802.11d,h,andjweremodificationstoother802.11specstoallowthem toworkappropriatelyundertheradioregulationsofothercountries,which oftendiffersignificantlyfromthosesetdownbytheFCCintheU.S.802.11d wasratifiedinJuneof2001,whereasworkon802.11h(Europe)and802.11j (Japan)continuestoachieveregulatorycompatibilityinthe5GHzbandin thoselocations. Finally,802.11misapotpourriofminorfixestocleanupandconsolidateall theotherspecificationsmovingforward. NOTE It’spossibleinthefuturethatyoucouldbuyequipmentlabeled“supports 802.11a,b,d,e,f,g,h,i,j,k,m,andn.”Heavenhelpusall.
WiMax:802.16andtheLongHaul Runningorleasingwireisanexpensivewaytocreatehigh-speeddatanetworks, whetheryou’retalkingaboutthelengthofafewcityblocksor100kilometers inruralpartsofIndia.Thenotionofusingwirelesstosubstituteforwired bandwidthcoulddramaticallyreducethecostsofnetworkinstallations,the timeittakestobringanetworklive,andtheexpenseinextendingthenetwork, allwhileincreasingthespeed-to-dollarratioinyourfavor. Thousandsofcompaniesaroundtheworldareusingwirelessforlong-haul andback-haulcommunicationsalready.Longhaulcarriesdataovermilesor dozensofmiles,andusedtobepossibleonlyoverwiredlinks.Backhaulbrings Internetaccesstoalocation,overshortorlongdistances.Inbothcases,the connectionsarepoint-to-point(onetransceiveroneachend)or,increasingly, point-to-multipoint(onetransceivercommunicatingfromacentrallocation tomanytransceiversscatteredabout). Untilrecently,wirelessapproachestobothkindsof“hauling”usedeither adaptationsofwirelessLANtechnologies,likeWi-Fi,whichweren’tdesigned forandaren’tspecificallysuitedtopoint-basedorlong-distancepurposes,or proprietarytechnologysoldbyahostofcompaniesincludingAlvarion,Cisco, andProxim. EntertheIEEEinitsusualrole:bringingtogethermanypartiestosimplify, extend,andstandardize.The802.16WorkingGrouponWirelessBroadband
Chapter4 | OtherWirelessStandards
AccessStandards(www.wirelessman.org)hasdevelopedWirelessMetropolitan AreaNetworking(WirelessMAN)standardsthataredesignedspecifically forlonghaulandbackhauloverwireless. Thefirstiterationofthespecificationreliedonhigherfrequencies,10to66GHz, bothlicensedandunlicensed,butthemoresignificantworkhappenedmore recentlyin802.16a,whichcoversuseinthe2to11GHzrange,encompassing theunlicensed2.4GHzand5GHzbandscurrentlyusedby802.11b/gand 802.11a. Manycompanieshavealreadycommittedtousing802.16and802.16a,which shouldmakeitalmostimmediatelycheaperandsimplertoinstalllong-distance connectionsbecausetherewillbemorechoicesforequipmentthatallworks together.Thesecompaniesevenformedatradegroupwithacatchyname: TheWiMaxForum(www.wimaxforum.org).WiMax,unlikeWi-Fi,reallydoes standforsomething:WirelessInteroperabilityforMicrowaveAccess—think ofitas“Axcess.” Theupshotof802.16andWiMaxisthatwirelessbroadbandshouldnow expandevenmorequicklythanithaspreviously.Inthehomeoroffice,ifyou seeWiMaxgear,itwillbeattachedtoawindoworroof.
47
5
Wirelessofthe(Near)Future
Sofar,we’vetalkedonlyaboutthepracticalandtheavailable:whatyouneed toknowtobuyandusetoday’sequipment.Inthenearfuture,threenewideas mayaffectyourchoices.
MeshNetworking Meshnetworkingdiffersfromnormalwiredandwirelessnetworkinginthe basicdesignofthenetwork.InanormalwiredorwirelessEthernetnetwork, bothofwhichuseastartopology,computersalllinktoacentralpoint(awireless gatewayorwiredswitch),andthendatatransfersamongthecomputersbyfirst passingthroughthecentralpoint. Withmeshnetworking,eachcomputercantalkdirectlytoanyotherwithin range.Meshnetworkingisespeciallyusefulforshort-rangewirelessnetworking, whereacomputercanseeonlyoneothercomputer,whichinturncansee another,andsoon.Nomachineneedstobewithinwirelessrangeofacentral hubtocommunicatewithothercomputersoraccessacentralhub’sshared Internetconnection(Figure5.1).SeeAppendixA,NetworkingBasics,for moreinformationondifferentnetworkdesigns. NOTE It’snotjustcomputersthatcanformmeshnetworks,ofcourse:handhelds, cellphones,andotherdigitaldevicescouldbeinterconnected,too.
Meshnetworkscanformopportunisticroutes,inwhicheachnode’srouter sendsdatainthemostefficientwayamongmanydifferentnodesthatitcan
50
TheWirelessNetworkingStarterKit Figure5.1 Ameshnetwork topology.
see.Thisnotonlyreduceschokepointsbutalsoaddsredundancy,ensuring thatasinglenode’soutagedoesn’tbringdownanetwork. NOTE TheInternetissupposedtoroutepacketsusingthemostefficientpath,and sometimesdoes,butthenumberofpossibleroutesontheInternet’shigh-level, long-haulroutesislimitedbyactualphysicalconnectionsbetweennetworks andmachines.
Meshnetworkinggearthusmakesitpossibletoextendawirelessnetwork orincreaseitsoverallbandwidthsimplybyaddingmoremeshaccesspoints. AslongasoneofthemeshaccesspointshasanInternetconnection,every computerconnectedtothemeshnetworkcanuseit.Withmeshnetworks, remotecommunitiesanddenseurbanareasalikecouldenjoymorereliable, morerobust,andlessexpensiveInternetconnectivity. Thedownsideofmeshnetworkingisthatinordertoenableconnections,every devicemusthavesomelimitedawarenessofeveryotherdevice.Likewise, becauseeachdevicemustbeavailabletotalkandlisten,certainnodesona meshnetworkcanbetotallyboggeddownwithopportunistictrafficarriving fromothernodeswhenthereareonlyoneortwopathstoothersystems. Althoughtherearenoconsumerdevicesthatusemeshnetworkingyet,the inclusionofWirelessDistributionSystem(WDS)inanincreasingnumber ofinexpensivewirelessgatewaysforeshadowsthedaywhenhomeandsmall businessnetworksmayrelyentirelyonmesh-like,wireless-onlyconnections ratherthanawiredconnectiontotheInternet.AlthoughWDSinteroperability amongequipmentfromdifferentmanufacturersisn’tgoodrightnow,theprotocol showsgreatpromiseasasimplewaytoconnectwirelessgatewaystorelaytraffic. SeeChapter20,BridgingWirelessNetworks,formoreonWDS.
Chapter5 | Wirelessofthe(Near)Future
Hereareafewcompaniesthathavereleasedactualproducts,mostlyintended forcorporateorcommunitynetworks:
• MeshNetworks(www.meshnetworks.com)hasthepurestandmostfulfilled visionofmeshnetworkingcurrentlyonthemarket.Thecompanysells threedevices,allofwhichcanuseplainWi-Fisignalstocreatemesh networks:aPCCardthatenablesacomputertopeerwithothercomputers alsousingtheMeshNetworksPCCard;afixedwirelessrouterwhich actsasarepeaterandextendstherangeofanetwork;andanaccesspoint thatexchangesdatawithpeersandalargernetworkortheInternet.The MeshNetworkssystemcanworkonitsownwithjustthePCCards.
• LocustWorld(www.locustworld.com)hasmadeitsMeshAPsoftwareopen sourceandfreelyavailable.Consequently,manydevelopersareimproving thecode,andmanycommunitygroupsarebuyingeithertheirownor LocustWorld’shardwareandbuildingcheapmeshnetworks.LocustWorld sellsmostofitsgearnearcostandconsultsonlargerprojectsforafee.
• TroposNetworks(www.troposnetworks.com)(formerlyknownasFHP
Wireless)wantedtosolvetwoproblemsatthesametime:creatingseamless networksofwirelessaccessandpoolingbandwidthwithoutconnectingeach accesspointtoaseparatenetworkconnection.Thecompany’sproductscan beusedtoreplaceexpensivepoint-to-pointlinksinlocationslikecollege andcorporatecampuses.TroposNetworks’routersfindthebestpathsto eachother,andtheycanautomaticallyrerouteifaconnectionfails.The companytypicallysellsdeviceswithtwoWi-Fiadapters:oneisusedfor localserviceandtheotherformeshconnectionsamongthenodes.
• RoamAD(www.roamad.com),asmallcompanyinNewZealand,hasfound
awaytoblanketthreesquarekilometersofdowntownAucklandwith ubiquitous802.11baccessusingacombinationofcleverlyplacedaccess points,wirelessmesh-basedbackhaul(bandwidthfromawiredconnection distributedtotheaccesspoints),andsomespecialsoftwarethatintegrates thehardwareforseamlessroaming.RoamADguaranteesaminimumof 330Kbps,butGlenn’swirelessWeblogreadersinAucklandreportthat theyusuallygetmuchmorethan330Kbps.Thecompanyhopestosellits equipmenttocellularoperatorswhocouldusetheequipmenttoprovide cheap,high-bandwidthWi-Fiaccesstoanentiremetropolitanarea.
Meshoffersthepromiseofdramaticallyexpandingwirelessnetworkaccessin communities,sincetheeffortofaddinganodetothenetworkisincremental:a singlegatewayandantenna—nowires,cables,fiber,orotherphysicalconnection required.Willameshnetworkdebutinyourneighborhoodsoon?
51
52
TheWirelessNetworkingStarterKit
UltraWideband(UWB) ModernradiosworkinmuchthesamewayasMarconi’sfirstsuccessfulradio, transmittingandreceivinginaspecificbandoffrequenciesinthespectrum. Becauseofthistechnicalreality,governmentagenciesaroundtheworldhave maderulesthatgovernwhocanusewhichpartsofthespectrum,inwhat geographicareastheycantransmit,howmuchpowerthey’reallowedtouse, andforwhatpurposestheycanuseit.Theseregulationsgovernindividuals, privateorganizations,militarybranches,andgovernmentagencies. Stepbackfromthatforamoment.Aconceptininformationsciencecalled Shannon’sLawdefinesaso-farimmutablesetofideasabouttheamountof informationyoucanencodeintoapieceofbandwidth,whichis,quiteliterally, thewidthoftheradiofrequencybandsusedfortransmission,measuredinHertz, coupledwiththesizeofthewavelength(higherfrequenciesoffermoreroom toencode).Shannon’sLawsaysthatthemorebandwidthyouuseand/orthe higheryourbroadcastpower,themoreinformationyoucancramin.However, increasingbroadcastpowerisaproblem,becausenoonewantstobefriedby walkinginfrontofanantenna. UltraWideband(UWB)communicationusesShannon’sLawtostand thetraditionalspread-spectrumapproachonitshead,providinghighdata bandwidthwhileignoringobstructions.(VisittheUltraWidebandWorking GroupWebsiteatwww.uwb.orgformoreinformation.)Insteadofbroadcasting continuouslyontinybitsofspectrum(afewmegahertzforthestandardswe’ve discussed)whileswitchingbetweenmanyfrequenciesordistributingsignals alongacontinuum,aUWBtransmitterbroadcastsmillionsoftinypulsesat trillionthofasecondintervalsusingverylowpoweracrossenormousswathsof bandwidth:hundreds,oreventhousandsofmegahertz.Thereceiverextracts thecontentofthetransmissionbydecodingtherhythmofthepulses.It’sa lotlikeMorsecodewithmillionsofdotsanddashesbeingtransmittedevery second. UWBadvocatesclaimUWBcancoexistwithallcurrentusesbecauseexisting equipmentwouldn’tbeabletodetectthesignals—thesignalsfallwellbelowthe thresholdofcurrentgearandwouldseemlikenoiseevenwithinthethresholds. UWBcanpassthroughpracticallyanyphysicalobjectbecausesomeofthe frequenciesitusesareextremelylow,anditcanpenetratealmostanything (thesearethetypesoffrequenciesusedforcommunicatingwithsubmarines underwater).UWBequipmentcancoexistwithitself,too,astheoddswould beverylowthattwodeviceswouldtransmitsimultaneously.
Chapter5 | Wirelessofthe(Near)Future
Sincethereceivermustdetermineonlytherhythmofthepulses,ratherthan decodetheirwavesinanyway,UWBcanuseverylowpower,whichishelpful frommanydifferentstandpoints,nottheleastofwhichislaptopbatterylife. Afinaladvantageisthatbecausethepulseshappensoquickly,UWBis highlysecure;muchoftheinterestinUWBovertheyearshascomefrom themilitary. AninterestingsideeffectofUWBisthatitimplicitlytransmitslocationvery preciselyovershortdistances.AUWBtransmitterseveralhundredfeetfrom areceiver,evenoperatingattensofkilobitspersecondatthatdistance,could provideanalmostexactrangeandposition.Thiscapabilitymaybetiedinto otherstandardsthatneedpreciselocationinformation. ThedownsideofUWBisthatalthoughit’sbeentestedinlabs,various regulatorybodiesaroundtheworld,includingtheFCC,aredubiousabout allowingittobeusedinthewildwithoutalotmoreresearch.UWBdoubters anddetractorsworrythatthetransmissionscouldinterferewithawidevariety ofexistingusesbecauseofUWB’sapproachoftransmittingonwideswaths ofspectrumsimultaneously. In2002,theFCCtookababystepbyapprovingashort-distance,low-power, narrowbandversionofUWBthatcanoperateupto30feetat100Mbpsusing averynarrowsliceofbandwidth—severalgigahertz,whichissmallforUWB. Evenwiththoseenforcedrestrictions,UWBcouldgiveBluetootharunfor itsmoneysinceBluetooth’scurrentspecificationoperatesonlyat1Mbpsover similardistances. TheIEEE802.15workinggroup,whichturnedBluetoothintoanIEEE standard,isworkingonaproposalcalled802.15.3atoputastreamingmedia andfiletransferprotocolontopofUWB.Itrunsatspeedsof110Mbpsat10 metersand480Mbpsat1meter.Theintentisthatyoumightbeabletouse aharddrivenexttoyourcomputerwiththespeedsmadepossiblebyUSB2.0 orFireWire400/IEEE1394a,butwithoutcables.Or,yourcomputercould liveinaclosetandcommunicatewithmultiplemonitorswithoutyouhaving tostringcablesunderthedoor. SomeanalystshavealreadypredictedthedemiseofWi-Fiwithinafewyears givenUWB’sawesome,butuntested,potential.MorelikelyUWBwillbecome justanotherletterinthe802.11familybecausemaintainingspeedatadistance willalwaysbeconstrainedinUWB.BythetimeUWBmaturesin2006or later,hundredsofmillionsof802.11a/b/gdeviceswillbeinuse,andcompanies don’tdropworkingtechnologiesovernight.
53
54
TheWirelessNetworkingStarterKit
Inthemorenearterm,UWBmighthelphomeelectronicsmakersasearly asDecember2004bycarryinghigh-bandwidthserviceslikevideoandaudio overshortdistances.Thinkaboutputtingasolar-poweredsatelliteTVdishon yourroofwithmultipletelevisionsinsideyourhousereceivingthesignalfrom theroof—andnowireswhatsoever.However,UWBwillhaveabattleagainst entrenchedtechnologytheretoo,sincecompanieslikeSonyandMicrosoft havealreadyused802.11aforearlytechnologydemonstrationsandafewreal productsbecauseoftheuncrowdedspectrumin5GHz.
AirborneWirelessBroadband Themostsignificantproblemwithtransmittingradiowaveslongdistancesis dealingwithobstacles,suchashills,buildings,andtrees.Theseobstaclesprevent wirelessISPsfromprovidinghigh-speedInternetaccessviaWi-Fiandthus competingdirectlywithbroadbandcompaniesthatusecablemodemsorDSL. Findingaclearshotfromwhereyouaretoanantennaonsometallbuilding ortowerisoftendifficult,andifyou’reawirelessISP,figuringoutwhereyou canlocateyourantennasisoftenfrustrating,sinceyouhaveastrongincentive tomaximizethenumberofcustomerswhocanreceiveyoursignal. Butwhatifthesignalcamefromhighaboveyou?Allyou’dneedthenwouldbe anantennawithanunobstructedviewoftheskytoreceivethewirelesssignals. We’renottalkingpie-in-the-skydreamshere—anumberofcompanieshave triedtomakethisareality,andalthoughtheirtechnologyis(orwas,insome cases)real,thedeploymentshaven’tyethappened.
• AngelTechnologies(www.angeltechnologies.com)plannedtooperateits HALONetworkwithspecialhigh-altitudeplanesthatwouldcirclethe serviceareaataheightof52,000feet,wellabovecommercialairtraffic. Angel’splaneswouldbepiloted,andtheywouldhavetotakeoffandland regularlyonanoverlappingscheduletoavoidinterruptionsinservice.(At thiswriting,Angel’ssitehadn’tbeenupdatedsince2000andallemailis bouncing,sothecompanywouldseemtobedefunct.)
• AeroVironment(www.skytowerglobal.com )isworkingwithNASA
todevelopunmannedsolar-electric-poweredairplanesthatcanactas mobileairbornetelecommunicationsstationsat60,000feet.Thehopeis thatAeroEnvironment’splaneswillbeabletostayaloftforsixmonthsor more(andtoanswertheobviousquestion,theyuserechargeablefuelcells toprovidepoweratnight).AeroEnvironment’sHeliosprototypecurrently holdstheworldaltituderecordforajet-orpropeller-poweredplaneat
Chapter5 | Wirelessofthe(Near)Future
96,500feet.Unfortunately,inJune2003,theprototypefailedandcrashed intothesea.Thelasttestslistedonthecompany’ssitedatetomid-2002, butthecompanysaysNASAremainscommittedtofuturetesting.
• SkyStationInternational(www.skystation.com)plannedasomewhat
differentapproach,optingforhugeunmannedblimpsthatwouldhover aboveacityataheightof69,000feet.Ittoowouldrelyonsolarpowerto runthenetworkinggearprovidingconnectivitytocustomersbelow.We checkedseveraltimesbeforethisbookwenttopress,andthecompany’s Websitewasdead.
• AdvancedTechnologiesGroup(www.airship.com)isworkingonatechnique
alongthelinesofSkyStationInternational’sblimps.ATG’sStratSatblimps aredesignedtostayinplace60,000feetupforfiveyears,usingadiesel engineforbackuppower.In2002,thecompanywonacontracttobuild apropulsionsystemfortheJapanesegovernment’sStratosphericAirship program,andinAugust2003,thatprogramsawthesuccessfullaunchof aprototypeinJapan.Althoughtherehasn’tbeenmuchotherinformation abouttheStratSatblimpsbeingusedfortelecommunicationsplatforms,the companyhashadsomeinterestfromotherfirmslookingforsurveillance platformsaspartofhomelandsecurityprograms.Hmm…
• 21stCenturyAirshipsandSanswireTechnologies(www.21stcentury
airships.comandwww.sanswire.com)fallintotheblimpcategoryaswell, withtheirStratelliteballoons,whichareslatedtoliveatanaltitudeof 68,000feetforayearbeforeneedingreplacement.Theywouldbepowered byregenerativefuelcelltechnologiesandsolar-poweredhybridelectric motors.AlthoughSanswire’slatestpressreleaseabouttheStratelliteis datedMay2003,andthecompanyhasanactiveWebsite,we’renotholding ourcollectivebreath.
Inthepreviouseditionofthisbookwesaidthatweexpectedplansforthese airbornewirelessInternetproviderstobedelayed,inpartbecauseoftheloss ofventurecapitalfundinginthetelecommunicationsindustry,andinpart becausethereappeartobequestionsthathaven’tyetbeenanswered(ifthey’ve evenbeenasked).Forinstance,eventhoughthetwounmannedservicesuse extremelylightmaterials,bothcouldcarrybetween500and2000poundsof gear,whichisabigloadtoplummettoearthincaseofcatastrophicfailure(we canjustseetheheadlinenow,“RouterCrashes,CrushingSuburbanHome”). Unfortunately,ourpredictionswithregardtothebusinessissuesappeartohave cometrue,althoughatleastsomeofthesecompaniesremaininbusiness.
55
56
TheWirelessNetworkingStarterKit
Theremaybeotherhitchesaswell,suchaswhetherWi-Fiismostappropriate forthisuse,whatsortofequipmentwillberequiredatcustomers’premises, andhowreliabletheequipmentintheblimporplanewillbe.Buthey,noone eversaidinnovationwaseasy. Nonetheless,theconceptofprovidingpermanentwirelessnetworkservicesvia high-altitudeplanesorblimpsisinnovative,andifiteverprovessuccessful,it couldmarkahugechangeinhowmanyofusconnecttotheInternet.
WhyNotSatellites? Althoughthe52,000-to69,000-footaltitude (about10–13miles)abovetheearth’ssurface proposedbythesecompaniessoundshigh,it’s nothingcomparedtotheheightnecessaryfor ageostationarysatellite,whichmustorbitthe earthatanaltitudeofabout22,300milesto maintainitsgeostationaryposition. NOTE Glennalwaysremembersthat22,300milesisthe heightofgeostationaryorbitbecausethatwasthe heightoftheJusticeLeagueofAmerica’sorbiting satellite.EveryissueofDCComics’sJusticeLeague mentionedthedistancewhenintroducingscenes inthesatellite.
Therearetwoproblemswithsatellitealtitudes forwirelesscommunications.Thefartheraradiosignalmusttravel,themoresignalstrength islost,thusforcingyoutoincreasetransmit powerandreceivesensitivitysignificantly (seeChapter34,Long-RangeAntennaBasics, tounderstandtheimportanceoftransmit powerandreceivesensitivity).Thereinlies theattractionofflyingataloweraltitude.But satellitesthataren’tgeostationarymustorbit aboveabout200miles,soyouneedmultiple satellitesinlowerorbittoprovideconstant coverage,thusincreasingcostandcomplexity. Also,thelonground-tripforpacketstotravel
fromyourcomputeruptothesatellite,back downtotheearthtotheirdestination,upto thesatellitewiththeresponse,andbackdown toyoucanresultinlonglatency(thelength oftimebetweenapacketbeingsentandthe responsetoitcomingback),whichcanin turninterferewiththequalityofinteractive serviceslikeonlinegames,chatting,andvoice communications. Satellitesarealsoexpensivetolaunchand maintain,whichmakesitdifficultforsatellite-basedInternetservicestoofferreasonable ratestoindividualsathighspeed.Serviceslike Direcway(www.direcway.com)andStarBand (www.starband.com)offerspeedsbetween150 Kbpsand500Kbpsusingproprietaryhardware andprotocols—noWi-Fiorcheapconsumer gearhere.Thatsaid,we’reseeingmoreand moreback-haul,orhigh-speedconnections fromtheInternettohotspotsorbusiness locations,deliveredbysatellitefeeds.These costmuchmorethanindividualconnections, butspeedsarehigherandtheserviceismore reliable.AlohaNetworks(www.alohanet.com), foundedbyafriendofGlenn’s,andHughes NetworkSystems(www.hns.com)aretwoofthe companiesthatspecializeindeliveringhigh quantitiesofdatafromorbit.
II
ConnectingYourComputer
Thechaptersinthissectionallfocusonconnectingtoawirelessnetwork, butyoushouldpickandchoosewhichchapterstoreaddependingonwhich typeofcomputeryouuse.Chapter6,ConnectingYourWindowsPC,walksyou throughsimple,intermediate,andadvancedconnectionsusingWindowsXP. Chapter7,ConfiguringYourCentrinoLaptop,offersadditionalinformationfor laptopsusingIntel’snewCentrinosystem.Macintoshuserswon’twanttobother witheitherofthose,butChapter8,ConnectingYourMacintosh,offersthemthe necessarydetailsforbothMacOS9andMacOSX.Chapter9,Connecting withLinuxandFreeBSD,providessometipsandbackgroundinformationfor LinuxandFreeBSDusers.LikeAlice,Chapter10,ConnectingYourHandheld, getssmall,providinginstructionsforconnectingbothPalmOShandheldsand PocketPCstowirelessnetworks. WithChapter11,ConnectingviaBluetooth,wetakeabreatherfromWi-Fito lookatwhat’snecessarytoestablishBluetoothconnectionsbetweenBluetoothequippedlaptopsandavarietyofBluetooth-enableddevices.Chapter12,Creating anAdHocWirelessNetwork,returnstoWi-Fiwithinstructionsonhowtoset upawirelessnetworkbetweentwocomputers…noaccesspointnecessary. Formostpeople,theprimarygoalofawirelessnetworkistoshareanInternet connection,butanothercommonuseforawirelessnetworkistoenablemultiple computerstosharefilesorprinters.Chapter13,SharingFiles&Printers,covers thatground.Lastly,Chapter14,TroubleshootingYourConnection,offersdifferent testsandtipsthathelpyoutrackdownandfixproblemsyoumayhavewhen connectingtoawirelessnetwork.
6
ConnectingYourWindowsPC ConnectingyourWindowscomputertoawirelessnetworkisasnap—ifyou’re usingWindowsXP.It’sonlyslightlymorecomplicatedforpreviousversions oftheoperatingsystem,forwhichyouneedtousesoftwaredevelopedby companieslikeLinksysandProxim. WithWindowsXP,Microsoftoffersitsownwell-thought-outconnection toolforwirelessnetworks.Or,youcanstickwithanindividualmanufacturer’s software,ifitofferssomeadditionalfeaturethatyoufindhelpful.Eitherway, havenofear:afewselections,orpossiblyevennoselections,andyoushouldbe upandrunningnomatterwhatWi-Ficonnectionsoftwareyouuse. NOTE Doyou have a Centrinolaptopcomputeror a computer with an Intel Pro/Wirelessadapterinstalled?Afterreadingthesectioninthischapteron “ConfiguringWindowsXP,”checkouttheadditionaloptionsinChapter7, ConfiguringYourCentrinoLaptop.
Thefirsttaskistoinstallandconfigureyournetworkadapter.Thenextstep, however,dependsonwhetheryournetworkhasanyspecialrequirements.For thevastmajorityofhomeandsmallofficeWi-Fiusers,youdon’tneedtotouch thenetworksettingsinyourcomputer.ThedefaultsettingsthatWindows offersforanewwirelesscardarecorrect.
InstallingHardware NomatterwhichversionofWindowsyou’reusing,youmustfirstinstallyour wirelessnetworkadapterandconfigurethenetworksettingsappropriately.
60
TheWirelessNetworkingStarterKit
NOTE IfyourWi-Finetworkadapterisalreadyinstalledandworking,skiptothenext sectionbelowforconfiguringyourwirelessnetwork.
1. InstallthedriversforyournetworkcardusingtheCD-ROMorfloppy
diskthatcamewithit,orusinganinstalleryoudownloadedfromthe manufacturer’sWebsite.RecentversionsofWindowsincludedriversfor manyadapters,butit’sbesttoinstallthelatestones. 2. Iftheinstallertellsyouto,shutthecomputerdown,andconnectyour
networkadaptertothecomputer.Powerupagain.WithPCCards,you maybeaskedtoinsertthecardwhiletheinstallerisrunning. TIP Shuttingdownisn’tessentialforPCCardorUSBwirelessnetworkadapters, butitisforPCIcardsorotherinternalcards,andstartingfromscratchis neverabadidea.
3. Ifallgoeswell,Windowsidentifiesyournewwirelessnetworkadapter,
loadsthedriveryouinstalled,andcreatesanentryintheNetwork(95/98/ Me/NT)orNetworkConnections(XP/2000)controlpanelcorresponding tothehardware(Figure6.1). NOTE IfWindowsdoesnotautomaticallydetectandconfigureyournewwireless networkadapter,refertoAppendixB,ConfiguringYourNetworkSettings, andChapter14,TroubleshootingYourConnection.
ConfiguringWindowsXP Nowthatyourhardwareandnetworksettingsareproperlysetup,it’stimeto configurethewirelessnetworkclientsoftwarethatmanagessettingsspecificto thewirelessnetwork.ThiswirelessclientsoftwareisbuiltintoWindowsXP. Figure6.1 Windowsrecognizes newhardwareand configuresit.
Chapter6 | ConnectingYourWindowsPC
NOTE Ifyouaren’trunningWindowsXP,orchoosenottouseitsbuilt-inclientfor somereason,flipforwardafewpagesforinstructionsonconfiguringthe LinksysandBroadcomclientsoftware,plussomeadviceonwhat’snecessary forotherclientsoftware.
We’vediscoveredthatmostWindowsXPsystemsshippingin2003lack theWi-FiProtectedAccess(WPA)upgradenecessarytoworkwithWi-Fi gatewaysandadhocnetworksthatsupportthisrobustnewsecuritystandard. MicrosoftmadetheupdateavailableinMarch2003,butit’snotastandard XPfeatureatthiswriting. SincewehighlyrecommendusingWPA,andupgradestosupportitare availableformostnewer802.11gequipment,youshoulddownloadandinstall theXPpatchthatprovidesWPAsupport.Microsoftdoesn’tofferapermanent downloadpage,butyoucanfindthepatchbyvisitingMicrosoft’sKnowledge Basearticleathttp://support.microsoft.com/?kbid=815485,scrollingtothe bottom,andfollowingthedownloadlink.WiththeWPAupdateinstalled, theconfigurationforWirelessNetworkConnectionslooksslightlydifferent (Figure6.8,laterinthischapter). TIP Ifyou’reusingCentrino,makesuretofollowthelinkontheWPApatch downloadpagenotedabovetoupdateyourCentrinodriver—ifyourlaptop makersupportsit!SeeChapter7,ConfiguringYourCentrinoLaptop,for moreonthisissue.
Let’slookathowyouenableandconfiguretheWindowsXPwirelessnetwork clientsoftware.
SimpleConnection Ifyou’reusinganetworkwithnosecurityenabled,youcanconnectwithout anyfuss.Infact,Windowsmayhavealreadyautomaticallyconnectedtothe networkforyou. HoverovertheWirelessNetworkConnectioniconintheSystemTray.If itshowsyournetworknamealongwithspeedandsignalstrength,you’re connected—there’snothingmoretodo(Figure6.2). Figure6.2 Checkingtosee ifyou’realready connected.
61
62
TheWirelessNetworkingStarterKit
Ifyournetworknameisn’twhatshowsuporyou’renotconnected,youmight stillbeabletoestablishasimpleconnectionwithonlyacoupleofsteps. 1. Right-clicktheWirelessNetworkConnectioniconintheSystemTray
andselectViewAvailableWirelessNetworks(Figure6.3). Figure6.3 Selectingnetworks toconnectto.
2. IntheWirelessNetworkConnectiondialogthatappears,selectyour
network(Figure6.4). Figure6.4 Selectingyour networkinthe WirelessNetwork Connectiondialog.
Ifthesestepsdidn’tworkforsomereason(probablybecauseyournetwork isclosed,orrequiresapassword),read“IntermediateConnection,”next. Otherwise,you’redone.
IntermediateConnection IfyouareusingnetworkswithWEPorWPAsecurityenabledorconnecting regularlytomorethanonenetwork,youcanconfigurethesedetailsinthe WirelessNetworkConnectiondialog’sAdvancedsettings. TIP Skiptostep3iftheWirelessNetworkConnectionappearsinyourSystemTray.
Chapter6 | ConnectingYourWindowsPC
1. ToenableWindowsXP’sbuilt-inwirelessclientsoftware,openMy
NetworkPlacesfromtheDesktopandclickViewNetworkConnections (Figure6.5). Figure6.5 Selectingyour wirelessnetwork intheNetwork Connections window.
2. Right-clicktheWirelessNetworkConnectionitemunderLANorHigh-
SpeedInternet.Inthepop-upmenu,ifyouseetheoptionUseWindowsto ConfigureMyWirelessNetworkSettings,makecertainthatitisselected. (Iftheoptionisn’tshowing,justcontinueon.) TIP DeselectingtheUseWindowstoConfigureMyWirelessNetworkSettings optionallowsyoutouseclientsoftwareprovidedbytheadaptermaker,which wediscusslaterinthischapter.
3. Right-clickWirelessNetworkConnectionagain,andchooseView
AvailableWirelessNetworksfromthepop-upmenu. 4. IntheWirelessNetworkConnectiondialog,clicktheAdvancedbutton
(Figure6.6). Figure6.6 WindowsXP’s wirelessnetwork clientsoftware.
63
64
TheWirelessNetworkingStarterKit 5. IntheWirelessNetworkConnectionPropertiesdialogthatappears,click
theAddbuttonbeneathPreferredNetworkstobringuptheconfiguration dialogforanewWi-Finetwork(Figure6.7). Figure6.7 Configuringyour newconnection.
6. Enterthenetwork’snameorSSID. 7. Ifthenetworkisusingsecurity,runthroughthestepsforthemost
appropriateofthefollowingthreeoptions:
•
Ifyouhaven’tinstalledtheWPApatch(seeearlierinthischapter) andareusingWEP:CheckDataEncryptionanduncheckTheKey isProvidedforMeAutomatically(Figure6.8,upperleft).Checkthe NetworkAuthentication(SharedMode)box.EnteryourWEPkey, andthenconfirmitbyenteringitasecondtime.
NOTE IncertainreleasesofWindowsXP,youshouldalsobeabletochooseyourkey type(eitherASCIIorhexadecimal),aswellasyourkeylength.Ifyoucan’t getWindowsXPtoconnecttoyouraccesspoint,youmayneedtouseclient softwareproviderbytheadaptermaker,discussedlaterinthischapter.
•
IfyouhavetheWPApatchinstalledandWEPenabled:Choose SharedfromtheNetworkAuthenticationpop-upmenu,chooseWEP fromtheDataEncryptionpop-upmenu,anduncheckTheKeyis ProvidedforMeAutomatically(Figure6.8,lowerleft).Enterthe keytwiceintheformatyournetworkuses.
Chapter6 | ConnectingYourWindowsPC
•
Ifyou’reusingWPAinanormalhomenetwork:ChooseWPAPSKfromtheNetworkAuthenticationpop-upmenu,andchoose TKIPorAESfromtheDataEncryptionpop-upmenu,dependingon whichkindofkeywassetinthewirelessgateway(Figure6.8,lower right).(AESisnational-securitygradesecurity,butnotavailableyet inallgateways.)EnterthekeyintheNetworkKeyfieldandagainin ConfirmNetworkKey.
8. ClickConnect. 9. Repeatjuststeps4through8asnecessaryforanyothernetworkstowhich
youwanttoconnectregularly. Figure6.8 Configurationwith andwithoutthe WPApatch.
WithouttheWPApatchinstalled(left), withthepatchusinganadapterthat doesn’tsupportWPAinitsdriver (belowleft),andwiththepatchusing aWPA-readyadapter(belowright).
65
66
TheWirelessNetworkingStarterKit
Youcanchangethenetworktowhichyou’reconnectedintheWirelessNetwork ConnectionPropertiesdialog’sWirelessNetworkstab(Figure6.7,above). Anynetworksaboutwhichyou’veentereddetails(ifthey’reclosed)andall networksfromwhichtheadapterreceivesasignalappearintheAvailable Networkslist. PreferredNetworkslistsanynetworkconnectionsyou’vesetupasnotedearlier. YoucanchangethepreferenceWindowsgivestoconnectingtoavailablenetworks byselectinganetworkinthePreferredNetworkslistandthenclickingMove UporMoveDowntoreorderitspriority. ThereisanotherusefuldifferencebetweentheAvailableNetworksand PreferredNetworkslists.Eventhoughitmayappearthatselectinganetwork fromAvailableNetworksandclickingConfiguregivesyouaccesstosecurity settings,youcannotmakechangesfromthatwindow.Youcanmodifyyour securitysettingsandotherdetailsaboutanetworkonlybyselectinganetwork inPreferredNetworksandclickingthePropertiesbuttontoopentheProperties dialogforthatnetwork.
AdvancedConfiguration Onnetworksthatrequiremoreelaboratesecurity,suchaslargecorporate networks,youmayneedtoenable802.1Xauthentication.802.1Xprovidesa wayofsecurelyloggingintoaserverthatthenprovidesyourcomputerwith auniqueencryptionkeythatcanbeautomaticallychangedwithoutyour involvement.Ifyouhaven’tbeengiventhesettingsfor802.1X,youdon’tneed toturnonanyofthesefeatures. InWindowsXP,youenable802.1XviatheWirelessNetworkConnection dialogbox’sAdvancedmode.Yournetworkadministratormustprovideyou allofthenecessarydetails. 1. Followsteps1to7in“IntermediateConnection,”above,toreachthe
settingsfor802.1X(Figure6.8,above). 2. FromtheNetworkAuthenticationpop-upmenu,chooseWEPorWPA,
dependingonyournetwork’sencryptiontype.(Don’tchooseWPA-PSK: that’sasimplepasswordmethod.) 3. ClicktheAuthenticationtab(Figure6.9). 4. ForWEPnetworks,checktheEnableIEEE802.1XAuthenticationfor
ThisNetworkbox.ForWPAnetworks,thatboxisalreadychecked;it’s dimmedsince802.1XisimpliedwithcertainWPAoptions.
Chapter6 | ConnectingYourWindowsPC
Figure6.9 Authenticationtab.
5. FromtheEAPTypepop-upmenu,choosetheEAPtypebasedonwhat
yournetworkadministratortoldyou.Ifyouwereprovidedwithmoredetails orgivenacertificateyouinstalledonyourcomputer,clickProperties,and configuretheadditionalsettingsthere. 6. ClickOKtoclosetheWirelessNetworkConnectiondialogandsaveyour
changes.
ConfiguringBroadcomSoftware Broadcommakesthehardwarethatdrives802.11gand802.11a/gadapters foundinmanylaptopsandinthePCcardsandPCIcardsmadebymanymajor consumercompanies.Broadcom’ssoftwareworksalmostidenticallytothe WindowXPwirelessnetworkclientsoftware.However,youcantroubleshoot connectionsslightlymoreeffectivelywithBroadcom’sclientsoftwarethan withMicrosoft’s. NOTE AlthoughBroadcom’shardwareworkswithWPA,itsclientsoftwaredoesnot. YoumustuseWindowsXP’sconfigurationtoolwithWPAasofthiswriting.
IfBroadcom’sclientsoftwareisavailable,youseeaniconthatlookslikean“A” intheSystemTray(Figure6.10). Figure6.10 Identifyingthe Broadcomclient softwareinthe SystemTray.
Broadcom’s“A”iconintheSystemTray.
67
68
TheWirelessNetworkingStarterKit 1. OpenWirelessNetworkConnectionbyright-clickingitsiconinthe
SystemTrayandchoosingViewAvailableWirelessNetworks. 2. ClickAdvancedtoopentheWirelessNetworkConnectionProperties
dialog. 3. UncheckUseWindowstoConfigureMyWirelessNetworkSettings. 4. ClickOKtoclosetheWirelessNetworkConnectionPropertiesdialog. 5. OpentheBroadcomclientbyright-clickingitsiconintheSystemTray.
TIP MostofthetabspicturedaboveareavailableevenifyouletWindowsXP managethewirelessnetwork.
ThefirsttabyouseeisWirelessNetworks(Figure6.11).Helpfully,it’sidentical inalmosteverywaytothebuilt-inWindowsXPconfigurationtool.Consult “ConfiguringWindowsXP”inthischapterforworkingwithitssettings. Figure6.11 Broadcomclient’s WirelessNetworks tab.
TIP SomemachinesthatshipwithBroadcom’shardwarebuiltinalsohavea keyboardshortcutforturningtheradiooff,likeFunction-F3onlaptopsmade byeMachines.
TheothertabsintheBroadcomclientprovideusefulinformationfortroubleshooting.(SeeFigure6.12forapanoplyoftabs.)
• TheLinkStatustabshowsconnectioninformation.
Chapter6 | ConnectingYourWindowsPC TheBroadcomclientsoftwaretabsfromupper lefttolowerright:LinkStatus,Statistics, Diagnostics,SiteMonitor,andInformation.
Figure6.12 Broadcomclient’s varioustabs.
• TheStatisticstaboffersnetworktrafficstatistics,andifthenumbersgo upovertime,youknowthatdataisactuallypassingoverthatnetwork connection.
• ThecontrolsintheDiagnosticstabletyoutestthecardtodiscoverifit hasanyfault.
• TheSiteMonitortabdisplaysavailablenetworks. • TheInformationtaboffersdriverversions,MACinformation,andhardware information.
ConfiguringLinksysSoftware Linksys—nowownedbyCisco—makesthenetworkinggearthatpowersmuch oftheconsumerworld’sWi-Finetworks,accordingtomarketresearchand
69
70
TheWirelessNetworkingStarterKit
salesfigures.BothLinksys’solder802.11bequipment,liketheWPC11,and thecompany’snewer802.11gadapters,includingtheWMP54G,canwork withWindowsXP’sbuilt-indrivers.Butforoldersystemsorforthosepeople whopreferLinksys’ssoftware,youcandisableWindows’scontrol. TIP Ifyou’reusingLinksys’s54Gequipment,youmightprefertouseLinksys’s softwarebecauseithandlesconfigurationsformultiplelocationswhereas Microsoft’sdoesnot.
ToenableLinksys’ssoftware,followthesesteps: 1. OpenWirelessNetworkConnectionbyright-clickingitsiconinthe
SystemTrayandchoosingViewAvailableWirelessNetworks. 2. ClickAdvancedtoopentheWirelessNetworkConnectionProperties
dialog. 3. UncheckUseWindowstoConfigureMyWirelessNetworkSettings. 4. ClickOKtoclosetheWirelessNetworkConnectionPropertiesdialog.
TIP Onsomesystems,whenWindowsXPisinchargeofthenetworkconnection, theLinksyssoftwareisn’tinstalledatallordisablesitselfautomatically.You mayneedtoreinstalltheLinksyssoftwarefromyouroriginalCD-ROMand thendownloadupdatesfromLinksys’sWebsite.Andrealistically,thatamount ofextraworkmightnotbeworthwhile.
NOTE Linksys’sconnectionsoftwaredoesn’tsupportWPAor802.1Xauthentication, althoughyoucansetupthesefeaturesinsidetheWindowsXPconnection clientandtheLinksyssoftwarewon’tdisturbthem.
LinksysWireless-BSoftware Onceyou’veinstalledtheLinksyssoftware,theLinksysiconshouldappearin yourSystemTray.Itlookslikealittlecomputerwithanantennastickingout thetop(Figure6.13).Beforeyouconfigureaconnection,thescreenisred; afterward,greenoryellow,dependingonthelinkquality.Followthesesteps toconfiguretheLinksysclientsoftware: Figure6.13 Identifyingthe LinksysWireless-B clientsoftwarein theSystemTray.
Linksysclientsoftwareicon
Chapter6 | ConnectingYourWindowsPC
NOTE Iftheiconisn’tintheSystemTray,openyourControlPaneldirectoryand lookfortheiPrismcontrolpanel.(Prismistheseriesnameofthesetofchips inthewirelessadapter.)
1. OpentheiPrismcontrolpanelorclicktheLinksysclientsoftware’sSystem
Trayicon. 2. ClicktheConfigurationtab(Figure6.14). Figure6.14 Configuringyour connectioninthe iPrismcontrol panel.
3. Enterthenetwork’snameintheSSIDfield;ifthenetworkadapterfinds
wirelessnetworksinthevicinity,thefieldturnsintoapop-upmenu,and youcanchooseoneofthenetworkstoconnecttoit. 4. IfthenetworkusesWEPencryption,clicktheEncryptiontab(Figure
6.15).Enterthepassphrase,ifprovidedtoyou,orthehexadecimalWEP keyorkeys. 5. ClickApplyChangestosaveyoursettings.
Youshouldnowbeconnected.TheLinkInfotabshowssignalstrengthfor transmittingandreceiving,aswellasdetailsabouttheaccesspointandnetwork you’reconnectedto(Figure6.16).TheAbouttabprovidesversiondetailsforthe configurationsoftwareitself,thedriver,andthefirmwareontheadapter.
LinksysWireless-GSoftware LinksysradicallyoverhauleditsmeagersoftwareofferingbetweenitsWirelessBandWireless-Greleases.Thenewsoftwareoffersseveralexcellentfeatures
71
72
TheWirelessNetworkingStarterKit Figure6.15 Configuring securitysettingsin theiPrismcontrol panel.
Figure6.16 Viewingconnection informationin theiPrismcontrol panel.
thatmightmakeitabetterchoiceforsomeusersthanWindows’sbuilt-in wirelessnetworkclientsoftware.Inparticular,theLinksysWireless-Gsoftware providesbetteroptionsforautomaticallychoosingnetworks,storingmultiple configurations,andhandlingcertainconnectiondetails.It’salsofriendlier thanMicrosoft’ssoftware.
SimpleConnection FollowthesestepstoestablishasimpleconnectionusingtheLinksysWirelessGsoftware: 1. Double-clicktheLinksysiconinyourSystemTraytoopentheclient
software(Figure6.17).
Figure6.17 Identifyingthe LinksysWirelessG clientsoftwarein theSystemTray.
Chapter6 | ConnectingYourWindowsPC
LinksysWirelessGclientintheSystemTray.
2. Toconnecttoawirelessnetwork,clicktheSiteSurveytab,whichshows
youravailablenetworks(Figure6.18). Figure6.18 Selectingan availablenetwork.
3. SelectanetworkandclickConnect,enteringaWEPkeyorpassphrase,
ifnecessary.(There’snoneedtosetupaprofile.) TheLinkInformationtabfeaturesasomewhatsillygraphicthatidentifies whetheryourcardhasconnectedtoanetwork(Figure6.19).TheSignal StrengthandLinkQualitystatusbarsprovideconnectionfeedback,too. Figure6.19 Viewinginformation aboutyour connection.
73
74
TheWirelessNetworkingStarterKit
IntermediateConnection Toconnecttoaclosednetwork,youcreateaprofilethatstoresyoursettings. Profilesarealsousefulforswitchingamongdifferentnetworkconfigurations, whetherornotanyofthosenetworksareclosed.TheProfilestabletsyouuse awizardtoconfigureastorablesetofconnectionparameters. 1. OpentheLinksysWireless-Gsoftware,andclicktheProfilestab(Figure
6.20). Figure6.20 Startinganew profile.
2. ClickNew,entertheprofile’snameinthedialogthatappears,andclick
OK(Figure6.21). Figure6.21 Namingyournew profile.
3. Thesoftwarepre-fillstheSSIDnamewithyourprofilenameinthe
resultingdialog(Figure6.22).ChangetheSSIDifnecessary.Usually, youleavethetypeofnetworksettoinfrastructuremode,whichisthe standardnetworkmode.ClickNext.
Chapter6 | ConnectingYourWindowsPC
Figure6.22 Enteringthe appropriate networkname.
4. UnderNetworkSetting,stickwithObtainanIPAddressAutomatically
(DHCP)unlessyouhavebeenprovidedwithorneedtouseastaticIP address(Figure6.23).ClickNext. Figure6.23 Configuring networksettings.
5. IfyournetworkusesWEP,selectthebitlengthfromtheWEPpop-up
menuandeitherenterthehexadecimalkeyintheKey1fieldatthebottom ortypetheASCIIpassphraseintothePassphrasefield(Figure6.24). ClickNext. 6. ConfirmthatyoursettingsarecorrectandclickYes,oryoucangoback
andrevisethem. 7. Inthefinalscreen,youcanchoosetoswitchtotheprofilenoworlater.
Withoneormoreprofilescreated,youcanswitchnetworksatanytimefrom theProfilestabbyselectingtheappropriateprofileandclickingConnect.
75
76
TheWirelessNetworkingStarterKit Figure6.24 Enteringsecurity settings.
ConfiguringOrinocoSoftware TheOrinoco(www.orinocowireless.com)wirelessnetworkadapterswereonce theleading802.11bPCCards.OriginallyreleasedasWaveLAN,Orinoco’s makerwaspurchasedbyLucent,andthenspunoffaspartofAgere.Finally, AgeresoldthecardlinetoProxim.Proximnolongermakescardsforthe consumermarket,butweprovidethis802.11bconfigurationguide,asit’slikely youcanfindinexpensiveusedOrinocoSilverandGoldcards. NOTE Orinoco802.11bwirelessnetworkadapterscancomeinSilverandGold versions:Silveradaptersarelimitedto40-bitWEPencryptionkeys,whereas theGoldversionssupportboth40-bitand128-bitkeysforostensiblystronger encryption.
TheOrinococlientsoftwareappearsintheSystemTrayasaniconicsetofbars ofvaryingheights(Figure6.25).Thenumberoffilled-inbarsandthecolor ofthosebarsindicatessignalstrength—themorefilled-inbars,thebetter,and thecolormovesfromredtoyellowtogreenasthesignalstrengthimproves. Figure6.25 Identifyingthe Orinococlient softwareinthe SystemTray.
OrinococlientintheSystemTray.
IntermediateConnection ToconfiguretheOrinocosoftwaretoconnectyourcomputertoawireless network,followthesesteps: 1. ClickthebarsintheSystemTrayicontoopentheOrinococlient
software.
Chapter6 | ConnectingYourWindowsPC
TIP Right-clickthebarstoaccessAdd/EditConfigurationProfiledirectly.
2. ChooseAdd/EditConfigurationProfilefromtheActionsmenu. 3. Inthedialogthatappears,nametheconfigurationontheleftsideand
leaveAccessPointselectedattheright(Figure6.26). Figure6.26 Namingyour configuration.
4. ClickEditProfiletobringuptheEditConfigurationdialog(Figure
6.27). 5. IntheEditConfigurationdialog,enteranetworknameintheBasictab;if
networksareinthevicinity,choosethenetworkfromthepop-upmenu. 6. IfWEPisenabled,enteryourWEPkeyintheEncryptiontab. Figure6.27 Editingyour configuration.
77
78
TheWirelessNetworkingStarterKit 7. ClickOKtoclosetheEditConfigurationdialog,andclickOKagainto
closetheOrinococlient. TheOrinococlienthasaniftysignal-over-timemonitorbuiltinthatcanhelp youtestaccesswhilewalkingaroundwithalaptop.FromtheAdvancedmenu, chooseLinkTest,andthenclicktheTestHistorytab(Figure6.28). Figure6.28 Monitoringsignal strengthovertime intheOrinoco clientsoftware.
ConfiguringOtherWirelessClientSoftware Sowhatifyou’renotusingWindowsXPortheLinksys,Broadcom,orOrinoco (802.11b)wirelessclientsoftware?Don’tworry,becauseasyoucantellifyou’ve evenskimmedtheinstructionsforthesesoftwareclients,there’snotmuchto configure.Justmakesureyouhavetheinformationfrom“CommonSettings,” next,onhand(particularlynetworknameandWEPorWPAkey)whenyou setupthesoftware. Aswiththewirelessclientswe’velookedat,otherclientstendtohavemonitoring toolstoshowsignalstrength.Someofferconfigurationmanagerstostore differentsettingsfordifferentnetworks,andalloffersomewaytodisplaythe currentrevisionoffirmwareanddriversoftware,whichhelpsyoulearnifan upgradeisneededwhenyou’retroubleshootingaproblem. TIP Windowsusersmaythinkthere’sspecialmagictoconnectingtoanApple AirPortBaseStation,butthereisn’t:it’sjustlikeanyotheraccesspoint—with oneexception.IftheAirPortBaseStationisusingWEPencryption,youmust extractthenon-AirPort-friendlyhexadecimalWEPkeyfromtheAirPortBase Station.Seethesidebar“ConnectingtoaBaseStationwithoutanAirPort Card”inChapter17,SettingupaGateway.
Chapter6 | ConnectingYourWindowsPC
CommonSettings Everywirelessclientprogramrequiresatleastone,andsometimesall,ofthe followingsettingstobefilledinorchoseninordertoassociatewithanaccess point.Don’tworrytoomuchaboutfiguringoutallthisinformationrightnow, butyoumaywanttoreferbackherewhensettingthingsup.
NetworkMode Infrastructureisalwaysthechoicefornetworks;youuseadhoconlyformachineto-machineconnections.Networkmodeisoftenpresettoinfrastructure. Sometimesyouneedaseparateprogramtocreateadhocconnections.
NetworkName Technically,thenetworknameiscalledtheESSID(forlargernetworks)or SSID(forsingleaccesspoints).Inmanyclients,youcanleavethenetwork nameemptyorenter“any”toconnecttoanyavailablenetwork.Inothers,you mustselectanetworknamefromalistthattheadapterhasscanned,orenter thenamemanually. Forclosednetworks,youmayneedtobringupaspecialdialogorcreatea configurationentrytoenterthenetworkname.
WEPandWPA Manywirelessnetworkclients,evenforadaptersevenasrecentasmid-2003, supportonlytheWEPencryptionstandard.Newerhardwareandwireless clientscansupporteitherWEPoroneofseveralkindsofWPAkeys.
• WEP.AWEPkeyis10or26charactersinhexadecimal(hexadecimal numbersaremadeupofthenumbers0to9andlettersAtoF).Some networksuseaWEPpassphrase,inwhichashortwordorphraseisentered; itinturngeneratesthekey.
ManyclientsallowuptofourWEPkeysifthenetworkadministratorhas definedthatmany.Confusingly,ifonlyoneWEPkeyhasbeendefined,some oftheseclientsrequiretheentryofthesameWEPkeyinallfourslots! Inmostclients,youmustselecttheWEPkeysize(40/56/64bitsor104/128 bits)manually,aswellaschoosewhetherthekeywasenteredasASCIIor hexadecimal.
• WPA.WPAsimplifiestheentryofkeys.Inmostcases,youselectWPA-
PSK(pre-sharedkey)orasimilarname,andthenenterthetextpassphrase, whichcanbebetween8and63characters,anduseletters,numbers,and afewsymbolslikeunderscoreandspace.
79
80
TheWirelessNetworkingStarterKit
AdvancedAuthentication
Manycorporatenetworksrequirecertainmethodsofauthenticationthatrely onauserlogin,adigitalcertificateinstalledbyanetworkadministrator,oran externalsecuritydevicelikeanIDcardthatgeneratesuniquenumbers.Software clientsprovidedbyadaptermakerslacksupportforrequiredflavorsofencrypted tunnelauthenticationlikeLEAP(LightweightEAP),aflavorusedbyCisco; EAP-TLS(usesapreinstalledcertificate);orPEAP(protectedEAP). Generally,ifyouneedtoauthenticatewithoneofthesemethods,anetwork administratorwillhavegivenyousettingsorinstalledanappropriatepieceof clientsoftwareonyourcomputer,whichmightbesettingswithinWindows XPorsoftwareprovidedbyacompanyspecializinginauthenticationsoftware. Ifyou’resettingupthiskindofnetworkyourself,seeChapter22,SmallOffice Wi-FiNetworking.
RadioSettings
Wi-Fidevicesareradiosattheirhearts,andwithWi-Finetworkssupportinga varietyofspeedsandprotocols,youmightfindyourselftweakingthesesettings morenowthanyoudidbeforetheintroductionof802.11g.
Mode Ifyouhavean802.11gadapter,youcansometimeschoosewhethertoallow theclienttoconnectusing802.11bor802.11g.Thisfeatureismoretypically foundinanaccesspoint,whichmightrestrictitselftoallowingonly802.11b orgconnections.
TransmitRate Inclientsthatletyouchangethissetting,youcanlockyoursystemata specificthroughput,suchas11Mbps,ifyou’resureyouhavegoodenough signalstrengtheverywhere.(Accesspointscanlikewisebelockedintoafaster throughput.)Eliminatingthelowerspeedsincreasesoverallperformance,but makesyoumorelikelytoloseaconnectionentirelyifyoumovetoofarfrom theaccesspoint.
Channel Channelsareselectedautomaticallyinclientsoftware,becauseaccesspoints canbroadcastononlyasinglechannelatatime.Youselectachannelonly whencreatinganadhocnetwork.
ConfiguringYour CentrinoLaptop
7
Intel’sCentrinolaptopsaren’tjustaboutanotherlogoandaprettyname.In fact,whenyoubuyaCentrinolaptop,oranyPClaptopwithoneofIntel’s newerwirelessadapters,youhavetheoptionofusingacustomconfiguration toolthatstoresmultipleprofilesforallyourInternetandnetworksettingsand providesdetailed,graphicaltroubleshootingandfeedback. Thischapterwalksyouthroughthebasicsofconfiguringandtroubleshooting usingIntel’sConfigFreesoftware,whichmanageswirelessconnections,aswell assettingsforwiredandinfrarednetworking. Currently,CentrinoandtheIntelPro/Wirelessadapterssupportonly802.11b networkconnections.Aswewritethis,Intelsaysitexpectstooffer802.11gand dual-band802.11a/gadaptersforCentrinoaroundthebeginningof2004. NOTE IntelallowsuseoftheCentrinonameonlyforlaptopsthatincludeaPentiumMprocessor,anIntelPro/Wireless2100mini-PCIadapter(orlatersimilar adapters),andsomeofIntel’ssupportchips.Seewww.intel.com/products/ mobiletechnology/formoreonCentrino,andformoredetailsontheIntel Pro/Wireless2100NetworkConnectioncard’scapabilities,theonlycurrently availableWi-Fimodel,seewww.intel.com/products/mobiletechnology/ prowireless.htm?iid=ipp_a2z+p_281_prowire2100.
82
TheWirelessNetworkingStarterKit
TIP YoucanignoreIntel’ssoftwareentirelyifyouwantandstickwiththeWindows XPwirelessnetworkconnectionsoftware.Intel’spackageisjustanoptionthat providessomewelcomefeatures.
ManagingConnections AlthoughConfigFreehelpsmanage,troubleshoot,anddisplayinformation aboutaconnection,itdoesn’tactuallyhelpyoufindandconnecttonetworks atall.Instead,youusethebuilt-intoolsfoundinWindowsXP,described inChapter6,ConnectingYourWindowsPC,inthe“ConfiguringWindows XP”section.Wesuggestyoureturntheretoreadtheconfigurationstepsfor simple,intermediate,andadvancedconnections,andthencomebackherefor additionalinformationonwhatConfigFreecandoforyou. NOTE Aswewritethisinlate2003,WPAmaynotbeavailableonspecificlaptop models,suchasthosemadebyToshiba,eventhoughIntelsupportsWPAforthe Pro/Wirelessadapter.ForWPAsupport,eachmanufacturermustincludeanIntel driverupdate:IBMandafewothersdorightnow;someothersdonot.Read moreabouttheseWPAissuesinChapter6,ConnectingYourWindowsPC.
YoucanlaunchConfigFreebydouble-clickingitsiconintheSystemTrayor openingitfromtheStartmenu’slistofPrograms(Figure7.1). Figure7.1 Double-click ConfigFree’siconto launch.
ConfigFree’sicon
ConfigFreedoesoffersomeusefulfeatureswhenitcomestomanagingyour connections. Ifyoucheck“EnableWirelessWhenCableDisconnectOccurs”inConfigFree’s DeviceSettingstab,yourwirelessconnectionautomaticallykicksinwhenever youdisconnectyourwiredlink(Figure7.2).Sinceyourwiredlinkislikelyto befaster,youprobablywouldprefertouseitwhenit’savailable. ConfigFreealsohelpsyoudisableyourwirelessconnectionquickly,asyoumight wanttodowhenyou’reusingyourlaptoponanairplane.RunConfigFreeand clicktheDisablebuttoninConfigFree’sDeviceSettingstab(Figure7.2).
Chapter7| ConfiguringYourCentrinoLaptop
Figure7.2 Configuring selectsettings inConfigFree.
Checkingthisbox automaticallyenablesthe wirelessconnectionwhenyou unplugyourcomputerfroma wirednetwork. Clickthisbuttontodisable yourwirelessadapter immediately.
UsingProfiles ThemostusefulpartofConfigFreeisitscapabilitytocreateprofilesofsettings you’vemadeforindividualnetworkconnections.Mostoftheprofilesystems we’reawareofrequireyoutodefineaprofile,activateit,andthenedititifthe profiledoesn’twork.ConfigFree’sapproachmakesmuchmoresense.Follow thesestepstocreateanewprofile. 1. CreateyourvariousnetworkandInternetsettingsforbothwiredand
wirelessconnections. 2. ClicktheConfigFreeiconintheSystemTray,andfromthehierarchical
Profilesmenu,chooseOpentodisplaytheProfileSettingstab(Figure7.3). Figure7.3 ConfigFree’sProfile Settingstab.
83
84
TheWirelessNetworkingStarterKit
3. ClicktheAddbuttontodisplaytheAddProfiledialog(Figure7.4). Figure7.4 Nameand configureyour profileintheAdd Profiledialog.
4. Nameyourprofileandselectwhichofyoursettings(InternetSettings,
Devices,andTCP/IPSettings)shouldbeincluded.Youcanalsohavea particularapplicationlaunchwheneveryouswitchtothisprofile. TIP ClickChangeIcontoselectfromamongsometrulyhorribleiconstoidentify thisprofile(Figure7.5). Figure7.5 Whatsecondgrade artclassdrew these?
5. ClickOKtodismisstheAddProfiledialogandsaveyournewlycreated
profilesoitappearsintheConfigFreepop-upmenuandintheProfile Settingstab(Figure7.6). Toseeexactlywhichsettingsareencapsulatedinyourprofile,clicktheDetails buttonintheProfileSettingstab(Figure7.7). Toswitchtothisprofile,eitherchooseitfromtheConfigFreepop-upmenuor selectitintheProfileSettingstabandclicktheSwitchbutton(Figure7.8).
Chapter7| ConfiguringYourCentrinoLaptop
Figure7.6 Yourprofileappears inConfigFree’s ProfileSettingstab.
Figure7.7 TheDetailswindow revealsthesettings inyourprofile.
Figure7.8 Switchamong profilesbychoosing themfromthe ConfigFreepop-up menu.
Troubleshooting TheConfigFreesoftwareprovidesamarvelous,graphicalapproachtoshowing connectionproblems:theConnectivityDoctor,whichyouaccessfromthe ConfigFreepop-upmenu(Figure7.9).
85
86
TheWirelessNetworkingStarterKit Figure7.9 TheConfigFree Connectivity Doctor. Activelinksareshownwith solidlines. TheOff/Onswitchactually disablestheradiohardware.
ThelockindicatesWEP encryptionisactive.
TheConnectivityDoctordisplaysthestatusofeachelementofeachconnection it’smanaging,enablingyoutopinpointeasilythespecificlocationofanyfailure. Thetoolalsoprovidesspecificerrors,suggestions,andtests. InFigure7.10,forinstance,theaccesspointfailedtoprovideavalidIPaddress usingDHCP.Theconnectionisfine,asistheWEPkey,buttheadapterhasa yellowwarningsignoverit,andthetroubleshootingguideattherightshows whattheConnectivityDoctorthinksiswrong. Figure7.10 TheConnectivity Doctorgraphically displayslikely problemsand solutions.
TheConnectivityDoctoralsoprovidesprecisedetailsaboutanycomponent youhoveroverwiththepointer(Figure7.11).
Chapter7| ConfiguringYourCentrinoLaptop
Figure7.11 TheConnectivity Doctoralsoshows componentdetails.
Detailforanaccesspoint
WerecommendusingtheConnectivityDoctorwheneverpossiblebecauseit removessomuchoftheguessinggamewhentroubleshootingaconnection.
87
8
ConnectingYourMacintosh
BecauseApplehassupportedWi-FiforsolongviaitsAirPortandAirPort Extremetechnology,connectingtoanaccesspointhasalwaysbeenastraight- forwardprocessinallrecentversionsoftheMacOS. NOTE Luckily,mostAirPortandAirPortExtremecardscomepre-installedwhenyou buyyourMac;ifyouinstalloneafterthefact,followtheinstructionsthatcome withthecard,andworkcarefullyinsideyourMac.
SimpleConnection IfyouwanttouseanopenWi-Finetworkthatuseseithernoencryptionor AirPort’ssecuritysystem,youcanconnectwithoutanyfuss.Infact,theMac OSmayhavealreadyconnectedtothenetworkautomatically.Ifyoucanaccess theInternet,youdon’tneedtofollowanyadditionalsteps. Proceedto“IntermediateConnection”ifthesechoicesfailorifthenetwork youwanttoconnecttoiseitherclosedorreliesonanon-Appleaccesspoint andWEPorWPAencryption.
MacOS8.6or9.x TomakeasimpleconnectionwithApple’sControlStrip,followthesesteps : 1. ChooseyournetworkfromtheAirPortmenu(Figure8.1). 2. Ifprompted,enteryourAirPortpassword.
Otherwise, to make a simple connection using the AirPort application:
90
TheWirelessNetworkingStarterKit Figure8.1 IntheControl Strip,chooseyour networkorconfirm thatthecorrect networkwaschosen automatically.
1. OpentheAirPortapplication,typicallylocatedinanAirPortfolderinside
eitheryourApplicationsfolderortheAppleExtrasfolder. 2. ClicktheSettingsexpansiontriangletoshowadditionalcontrols. 3. ChoosethedesirednetworkfromtheChooseNetworkpop-upmenu,and
enteryourAirPortpasswordifoneisrequested(Figure8.2). Figure8.2 IntheAirPort application,choose yournetworkor confirmthatthe correctnetwork waschosen automatically.
TIP Ifyoudon’tuseControlStripcurrently,butfindyourselfusingtheAirPort applicationregularly,considerturningControlStripon(makesureit’sturned oninExtensionsManagerandenabledintheControlStripcontrolpanel), sinceitmakesswitchingamongAirPortnetworkssignificantlyeasier.
MacOSX 1. From the AirPort menu in the menu bar, choose your network
(Figure8.3). 2. Ifapasswordisrequested,enteryourAirPortpasswordandcheckAdd
toKeychaintostorethepasswordinyoursecuresystemkeychainsoyou neverhavetoenteritagain(Figure8.4).
Chapter8 | ConnectingYourMacintosh
Figure8.3 Choosingyour networkin MacOSX.
Figure8.4 Enteringyour AirPortpassword.
TIP Ifyoudon’tseetheAirPortmenu,openSystemPreferencesfromtheApplemenu, clicktheNetworkicon,selectAirPortfromtheShowmenu,clicktheAirPorttab, and—finally—checkShowAirPortStatusinMenuBar(Figure8.5). Figure8.5 SetAirPortstatusto showinthemenu bar.
IntermediateConnection Ifthenetworkyouwanttoconnecttodoesn’tappearinyourControlStripor AirPortmenu,youneedtotakejustafewextrastepstoestablishyourconnection.
91
92
TheWirelessNetworkingStarterKit
Also,ifthenetworkisrunbyanon-AppleaccesspointwithWEPorWPA encryptionturnedon,read“EnteringWEPandWPAKeysonaMac”fora fewsneakydetails.
MacOS8.6or9.x IfyouuseApple’sControlStriputility,followthesestepstoconnecttoa closednetwork:
EnteringWEPandWPAKeysonaMac Apple’sAirPortsoftwareexpectsthatyou’re usinganAirPortorAirPortExtremeBase Stationasyouraccesspoint.Whenitasks youtoenterthenetworkpassword,youtype inapasswordinsteadofanencryptionkey. Butifyou’reusinganAirPort-orAirPortExtreme-equippedMacintoshwithanyother kindofaccesspointthathasWEPencryption enabled,youmustinsteadentereither10or 26hexadecimalcharacters. MacOSX(post-10.2)offerschoicesforwhat you’reenteringinapop-upmenu(Figure8.6). ChoosingPasswordletsyouenteranAirPortstylepassword.Theotherfivechoicescorrespondtothekeylength(40or128bits)andthe encoding(ASCIIorhexadecimal),orletyou selectLEAP,anetworkloginsystem.Choose theappropriateASCIIoptiononlywhenyour WEPaccessisviaapassphrase.(TheseWEP passphrasesareconvertedintoactualWEP keys,butnotinthesamewaythatAppleturns AirPortpasswordsintoWEPkeys.) Entering a hexadecimal WEP key when promptedworksfinewithrecentversionsof theAirPortsoftwareforMacOS9andMac OSX.However,withcertainearlierversions oftheAirPortsoftwareinbothMacOS9 andMacOSX,andinthepasswordfieldof
Figure8.6 Optionsfor passwords inMacOSX 10.2andlater.
theNetworkpreferencespaneinMacOSX, enteringtheWEPkeybyitselfwon’twork. Thetrickwiththeseoldersystems?Entera dollarsign($)beforethehexadecimalWEP key,andallwillbewell.Thedollarsigntells theAirPortsoftwaretosendtheexacthexadecimalkeytotheaccesspointratherthan interpretingitasapasswordtosendtothe AirPortBaseStation. ToenteraWEP-styleASCIIkeyinearlier versionsoftheAirPortsoftwareorinMac OSX’sNetworkpreferencespane(evenupto 10.2.6),encloseitinstraightdoublequotation marks.We’vefoundthattheseWEPASCII keysaren’talwayscompatiblewithoneanother, andwerecommendusingactualhexadecimal WEPkeysinsteadoftheirASCIIversions wheneverpossiblewhensettingupaccesspoints otherthantheAirPortorAirPortExtreme BaseStation. Ifyou’reusingWPA(Wi-FiProtectedAccess), youenteryourpasswordexactlyasenteredon theaccesspoint.
Chapter8 | ConnectingYourMacintosh
1. ChooseOtherfromtheAirPortmenutodisplayadialogaskingforthe
networkname. 2. EntertheexactnameofthenetworkandtheAirPortpasswordorWEP
key,ifnecessary(Figure8.7). Figure8.7 IntheControlStrip, chooseOther.
NOTE ApplehasnotsaidifMacsrunningMacOS8.6or9.xwillbeabletoconnectto WPA-protectednetworks.Weanticipatethatsuchcompatibilitywouldrequire anupdatetotheAirPortsoftwareforthoseversionsoftheMacOS.
3. ClickOKandyou’redone!(Ifforsomereasonitdidn’twork,trystep1,
next.) Otherwise, you need to use the AirPort application: 1. OpentheAirPortapplication,typicallylocatedinanAirPortfolderinside
eitheryourApplicationsfolderortheAppleExtrasfolder. 2. ClicktheSettingsexpansiontriangletoshowadditionalcontrols. 3. CheckAllowSelectionofClosedNetworks. 4. ChooseOtherfromtheChooseNetworkpop-upmenu(Figure8.8). Figure8.8 IntheAirPort application,choose Othertoopenthe ClosedNetwork dialogbox.
93
94
TheWirelessNetworkingStarterKit 5. IntheClosedNetworkdialogbox,entertheexactnameofthenetwork
andtheAirPortpasswordorWEPkey(Figure8.9). Figure8.9 IntheClosed Networkdialog box,enterthe desirednetwork nameand password.
That’sallthereistoit—ifeverythinghasgonecorrectly,youshouldbeconnected totheAirPortBaseStationoraccesspoint,andifit’ssharinganInternet connection,youshouldbeabletoaccesstheInternetfromaWebbrowser.
MacOSX10.2(Jaguar) MacOSXoffersadditionaloptionsforchoosingWi-Finetworks,soifyou wanttoconnecttoaclosednetworkthat’snotadvertisingitsname,orifyou wanttoconnecttoanetworkotherthantheonewiththestrongestsignal, followtheseinstructions.
ConnectingtoClosedNetworks 1. FromtheAirPortmenuinthemenubar,chooseOthertoopentheClosed
Networkdialog. 2. Entertheexactnameofthenetwork,andifapasswordisrequired,choose
thepasswordtypefromthePasswordpop-upmenuandenterthepassword (Figure8.10). 3. ClickOKtoestablishtheconnection.
SettingAirPortNetworkOptions 1. ChooseSystemPreferencesfromtheApplemenu,orclickitsicononthe
Dock.OnceSystemPreferencesopens,clicktheNetworkicontodisplay theNetworkpreferencespane. 2. ChooseAirPortfromtheShowpop-upmenutodisplaytheAirPort
preferences.IfAirPortdoesn’tappearinthemenu,chooseNetworkPort Configurations,selecttheOncheckboxnexttoAirPort,andchoose AirPortfromtheShowpop-upmenu. 3. ClicktheAirPorttab.
Chapter8 | ConnectingYourMacintosh
Figure8.10 IntheClosed Networkdialog, enterthedesired networkname andpassword,if necessary.
4. OntheAirPorttab(Figure8.11),ifyouplantouseanopennetwork
withoutapasswordmostofthetime,selectJoinNetworkWithBestSignal. Ifyouwanttomakesureyoualwaysjointhenetworkyoulastused,select JoinMostRecentlyUsedAvailableNetworkandchecktheRemember NetworkPasswordcheckboxifithasapassword.Finally,ifyouneedtojoin aclosednetwork,selectJoinaSpecificNetworkandenter(orchoose)its nameintheNetworkfield.IfthenetworkhasWEPencryptionenabled, enterthepasswordinthePasswordfieldthatappears. 5. ClicktheApplyNowbuttontoactivateyourchanges.
TIP Ifyoutravelregularlyandfindthatyouneedtochangeyoursettingsoften, youcancreatemultiplelocationsusingtheNewLocationitemintheLocation Figure8.11 Selecthowyou wanttheMacto connecttowireless networks.
95
96
TheWirelessNetworkingStarterKit menuatthetopoftheNetworkpreferencespane.Eachlocationcanhaveits ownAirPortconfiguration,andyoucaneasilyswitchamongthemusingthe Locationmenu.
MacOSX10.3(Panther) MacOSX10.3movedaroundAirPortoptionswithoutfundamentallychanging howtheywork(Figure8.12).TheByDefault,Joinpop-upmenuoffersjust ASpecificNetworkandJoinNetworkwithBestSignal.Youshouldalsobe abletoenteraWPApasswordaseasilyasaWEPpassword. Figure8.12 Panther’s slightlydifferent configuration.
ConfiguringOtherClientSoftware Theonlytimeyoumightneedtousewirelessnetworkclientsoftwareother thanApple’sAirPortsoftwareisifyousetupathird-partywirelessnetwork adapter.Forinstance,earlierPowerBooks,PowerMacs,andiMacsrunning MacOS9mightbewirelesslyconnectedvianon-ApplePCCards,PCIcards, orUSBadapters(seeChapter3,WirelessHardware,fordetails).Also,802.11b PCCardsinMacOSXrequirethird-partydrivers,suchasthe$20IOXperts 802.11bDriverforOSX(www.ioxperts.com/80211b_X.html)ortheopensource WirelessDriver(http://wirelessdriver.sourceforge.net).
Chapter8 | ConnectingYourMacintosh
TIP TheWaveLANandOrinocoPCCardsworkwithApple’sAirPortsoftwarein MacOS9becauseAirPortcardsareactuallycustomOrinococards.
Luckily,althoughthird-partywirelessnetworkclientsoftwaremaylooka bitdifferentthanApple’sAirPortsoftware,itallrequiresbasicallythesame settingsasApple’sAirPortsoftware,thoughwithslightlydifferentinterfaces (Figure8.13andFigure8.14).Justselectnetworksorenternetworknames andpasswordsinappropriateplacesandyou’llbefine. Figure8.13 Themain preferencespane oftheIOXperts 802.11bDriverfor MacOSX.
Figure8.14 Thepreferences paneforthe opensource WirelessDriver.
97
9
ConnectingwithLinux andFreeBSD
Ifyouhavereadeventhisfarinthischapter,youundoubtedlyalreadyknow thatLinux,FreeBSD,NetBSD,andotherUnix-likeoperatingsystemsare varied,mysterious,andcomplicated,inexchangeforbeingpowerfuland customizabletoafault.Fortunately,there’sagrowingandever-improving bodyofWi-Fisupportforalloftheabove,andmostnotablythevariantsof LinuxandFreeBSD. Becauseofthemultiplicityofkernelversionsyoucouldhaveinstalled,wecan’t providethestep-by-stepinstructionsyouwouldneedtoconfigureaspecific versionofLinuxorFreeBSD.However,wecanpointyoutoresourcesthat shouldhelp.
Linux,FreeBSD,andWi-Fi SinceWi-Fiisrelativelynew(keepinmindthatUnix-likeoperatingsystems havebeenaroundforalotlongerthanWindowsortheMacOS),driversupport forWi-Fihardwarewasn’twidespreadamongnon-commercialflavorssuchas LinuxandFreeBSDuntilrecently.Fortunately,aswithalmosteverythingin theopen-source,free-software,andnon-commercialsoftwareworld,demand forWi-Fisupportproducedresults.Severalprojects,includingonefundedby Hewlett-Packard,haveresultedindriversthatworkunderalmostallofthe lastfewyears’kernelversionsandstandarddistributions.
100
TheWirelessNetworkingStarterKit
NOTE ForthemostcomprehensivelistofsupportresourcesrelatedtoWi-Fiandthe 802.11familyunderallflavorsofLinuxandFreeBSD,seewww.hpl.hp.com/ personal/Jean_Tourrilhes/Linux/Wireless.html,whichismaintained byJeanTourrilhes,theHPengineerwhohasledWi-Fidriver-writingefforts sincethelate90s.
Evenbetter,manyWi-Fidriversarefoundinstandarddistributions,soif youinstallFreeBSDorcertainflavorsofLinux,allyouneedtodotoaccessa wirelessnetworkisattachacompatiblenetworkadapterandconfigureyour networksettings. Beforeyoupurchasenewgearortrytorepurposeexistinghardware,we suggestyoureadthefollowingsections,whichwillhelpyoufocusontheright combinationofequipmentforyourflavorofUnix/Linux/BSD. Thetrickisthatspecificdriversgenerallyworkonlywithwirelessnetwork adaptersusingchipsmadebyaspecificcompany.Thatmaysoundproblematic, butthereareonlythreemainchip-setmanufacturers:Intersil,Orinoco,and Atheros.Wealsoofferafewpointersforpeoplewhoendupwithnetwork adaptersthatusechipsfromothercompanies.
Intersil Intersilwasoneofthefirstcompaniestomake802.11bchips,anditsPrism seriespoweredalmostalltheearlyconsumergearfromLinksysandothers. However,inmid-2003,Intersilleftthebusiness,sellingitsWi-Filineto GlobespanVirata(www.globespanvirata.com/prism.html).Sincecardscontaining Intersilchipsarestillinwideuse,theyenjoythebroadestsupport. YoucanfindextensiveinformationaboutthePrismlineat www.linuxwlan.com/linux-wlan/.Alsoavailableatthatsitearedriversformanyofthe Linuxdistributions. FormoreinformationonPrismsupportinFreeBSD(includingalargelistof supportedwirelessnetworkadaptersandthespecificchipsettheyuse),read www.freebsd.org/cgi/man.cgi?query=wi.
Orinoco TheOrinocolineofwirelessnetworkinggearwasoriginallycreatedby WaveLAN,andthenpurchasedbyLucent,spunoffwithAgere,andbought byProxim.Whew!TheearlyversionsofOrinocoequipment,startingbackin 1999,werefoundininexpensiveprofessionalgearforPCsandinApple’sAirPort
Chapter9 | ConnectingwithLinuxandFreeBSD
CardandAirPortBaseStation.Asaresult,eventhoughProximdoesn’tfocus asmuchontheconsumermarketaspreviousOrinocoownershave,Orinoco gearisextremelywidespread. TolearnmoreaboutsupportforOrinocogearinvariousUnix-likeoperating systems,loadJeanTourrilhes’sFAQat www.hpl.hp.com/personal/Jean_ Tourrilhes/Linux/Wireless.htmlandsearchfor“Orinoco”.
Atheros Atheroswasthefirstcompanytoship802.11a-basedchipsetsandlaterbranched outinotherareas.Unfortunatelyforuserswhowantedtodevelopdriversfor wirelessnetworkadaptersusingAtheroschipsets,Atheroswasalsoanearly developerofsoftware-definedradios,whichallowachip-basedradiotowork withallkindsofradiofrequencies.Beforesoftware-definedradios,allradios hadtobedesignedwithabasebandthatcouldspecificallycopewithcertain frequencies.ManyWi-Firadiosstillusethosekindsofbasebands. TheunfortunatepartisthatbecauseAtheros’shardwarecouldhandleahuge rangeoffrequenciesatdifferentpowerlevels,Atheroscouldn’tlegallyrelease sourcecodeforinclusioninvariousopen-sourcesystems,likeLinuxand FreeBSD.TheFCCwouldn’thavelookedkindlyonhackersbeingableto convertAtheros’shardwaretosendandreceiveinlicensedpartsofthespectrum oratillegalpowerlevels. Fortunately,SamLefflersolvedtheproblembybridgingthegapbetween Atheros’slegalandFCCconcernsandtheLinux/FreeBSDworld.Hemadea bindingdealwithAtherosthatallowedhimrestrictedaccesstotheinformation heneededtowriteabitofsoftwarethatactsasahardwareabstractionlayer (oftenreferredtoasaHALinthedocumentation).Developerswhowantto writedriversforAtheros-basedgearcanwritetothespecificationofSam’s hardwareabstractionlayer,whichlimitsthedriverfromaccessingthefull featuresoftheAtheroschipset.Inotherwords,thehardwareabstractionlayer ensuresthatalldriversuseAtheros’ssoftware-definedradiosonlyinlegalways, effectivelykeepingAtherosintheclearwhilemakingthecompany’stechnology availableforuseoutsideofdriversitwrites. Samcontinuestomaintainhishardwareabstractionlayeranddriversontop ofit,whichhavebeenintegratedintotheFreeBSDtreestartingwithversion 5.2,meaningthatithasbeenbuiltinbydefault(www.freebsd.org/cgi/man.cg i?query=ath&manpath=FreeBSD+5.1-current),andit’salsoavailableasaLinux port(http://www.sourceforge.net/projects/madwifi/).
101
102
TheWirelessNetworkingStarterKit
OtherChips Ifyouwanttousewirelessnetworkadaptersbuiltwithotherchipsets,you’re notentirelyoutofluck.Yourfirststepistodetermineexactlywhichchipset yourequipmenthas,andforthat,youshouldturntotheLinux-WLANproject, whichprovidesahugelistofwhichchipsetsareusedinwhichwirelessnetwork adapters(www.linux-wlan.org/docs/wlan_adapters.html). Yournextstepistolookfordrivers,andalthoughaGooglesearchisalways worthwhile,sometimesyoucanfindwhatyou’relookingformoredirectly.For instance,onegrouphasbuiltdriversforTexasInstruments’sACX100chipset (http://acx100.sourceforge.net/). Ingeneral,theopensourceworldhasspawnednumerousprojects,asdocumented inJeanTourrilhes’sFAQ(www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ Wireless.html).Findingtheappropriateinformationmaytakesomesearching withinthatpage.
10
ConnectingYourHandheld
Itwasinevitablethatthesimplehandheldpersonaldigitalassistant(PDA) wouldtransformitselffromadedicatedcalendarandcontactmanagerintoa full-scalecomputer.Today’shandheldshavenotonlythepowertorunprograms typicallyrunondesktopcomputersfiveyearsago,butalsothepowertohandle somecapabilitiesthatwereoutofreachformanyPCsfiveyearsago,suchas streamingaudioandvideo. In2003,ashandheldsgainedmultimediaandcommunicationscapabilities thatoutstrippedUSBsynchronizationorevenBluetooth’s1Mbpsspeed, movingdata—especiallyaudioandvideo—toandfromahandheldbecame necessary.Theconceptofusingaportablehandheldwhileconnectedtoawired Ethernetwas(andis)aslightlybizarreidea—wirelessistherightcounterpart toahandheld.AddingWi-Fitohandheldsmakesperfectsense:thedevices aresmallbutneedspeedywirelessconnections. Aswewritethischapter,twohandheldsystemscontrolthevastmajorityof themarketplace:thePalmOSfoundinPDAsmadebyPalm,Sony,andafew othercompanies;andthePocketPCplatform,runningwhatMicrosofthas dubbedWindowsMobile2003,thatrunsonequipmentfrommanycompanies, includingHP(formerlyCompaq),Dell,andToshiba. Inthischapter,wewalkyouthroughthebasicsofusingWi-Fiwiththelatest versionsofthePalmOSandWindowsMobile2003,andshowyouhoweasyitis toconnectwirelessly.Foreachplatform,weprovidethreesetsofinstructions:
• SimpleConnection,whichshouldbeallmostpeopleneedmostofthe time.
104
TheWirelessNetworkingStarterKit
• IntermediateConnection,whichcoversslightlymorecomplicatedtopics likeWEPandclosednetworks.
• Advanced Connection, which adds instructions on dealing with authenticationmethods,VPNs,andothermoreesoterictopics.
PalmOS TheTungstenCfromPalmwasthefirstofitskindtohaveintegratedWi-Fi capabilities:noadd-oncards,noslot-loadingconnections,justthenecessary wirelessnetworkinghardwareandantennabuiltintothehandheld.Also, PalmaddedwirelessconnectionsoftwaretoPalmOS5.1,whichcomeson theTungstenC.Unfortunately,inPalmOS5.1,youmustrunthroughasetup wizardeachtimeyouwanttoconnecttoanewnetwork,evenifthenetwork hasnoencryptionorotherloginrequirements. TIP Althoughwe’reusingtheTungstenCforourexamples,anyPalmOS-based handheldrunningPalmOS5.1willworksimilarly.Ifyou’reusinganolder PalmOS-basedhandheld,youmayhavetouseproprietarywirelessclient software,whichwilllookdifferentfromwhatweshowhere.
SimpleConnection IftheWi-Finetworkisn’tusingencryptionorothersecurityfeatures,follow thesestepstoconnect: 1. PresstheHomebuttonandtapWi-FiSetup. 2. TapNext(Figure10.1). 3. ThePalmsearchesfornetworksandliststhoseitfoundunderSelecta
Network.Ifalistednetworkisselected,thePalmdisplayssignalstrength barsnexttotheselection(Figure10.2). 4. SelectyournetworkandtapNext(Figure10.3).
TIP Ifyournetworkdoesn’tappear,tapOtherandenterthenetworkname(SSID). Thatshouldbeallthat’sneeded.
5. Thefinalscreenshowsthecurrentsignalstrength(Figure10.4).Tap
DonetoexitWi-FiSetup.
Chapter10 | ConnectingYourHandheld
Figure10.1 Gettingstarted.
Figure10.2 Searchingfor networks.
Figure10.3 Choosinga network.
Figure10.4 Finalizingsetup.
IntermediateConnection IftheWi-FinetworkusesWEPencryption,followthesestepstoconnect: 1. PresstheHomebuttonandtapWi-FiSetup. 2. TapNext(Figure10.1,above). 3. ThePalmsearchesfornetworksandliststhoseitfoundunderSelecta
Network.Ifalistednetworkisselected,thePalmdisplayssignalstrength barsnexttotheselection(Figure10.3,above). 4. Ifyournetworkislisted,selectitandtapNext.Or,ifyournetworkdoesn’t
appearinthelist: a. TapOther(Figure10.3). b. EnteryourNetworkNameorSSID(Figure10.5). c. CheckWEPEncryption. d. TapthefieldnexttoWEPKeys.
105
106
TheWirelessNetworkingStarterKit Figure10.5 Settingup advancedoptions.
Figure10.6 EnteringtheWEP key.
5. IfyouhaveaWEPkey,youcanenteritnow(Figure10.6).
a. Choosethetypeofkeyfromthepop-upmenu. b. EnterthekeyandtapOK. c. Ifyouchosealistednetworkinstep4,tapNext.Otherwise,tapOK
andthentapNext. 6. Thefinalscreenshowsthecurrentsignalstrength(Figure10.4,above).
TapDonetoexitWi-FiSetup.
AdvancedConnection Ifyouneedtocontrolmoredetailednetworksettingsorareusingthewireless networktoconnecttoaVPN,thesestepsprovideadditionaldetailsbeyondthose offeredin“IntermediateConnection.”Makethesechangesorenterthesesettings onlyifyoureceivedthedetailsyouneedfromanetworkadministrator.
NetworkingSettings ThePalmOSletsyouchoosewhetheryoucanconnectonlytowireless infrastructurenetworksoralsotowirelessadhocnetworks,andyoucanalso modifyyourTCP/IPsettingsifnecessary.Youperformthesemodifications inanesteddialogavailablebytappingtheDetailsbuttonthatappearsinstep 4ain“IntermediateConnection”previously.Followthesestepstoworkwith anadhocnetworkormodifyTCP/IPsettingswhileconnecting. 1. TapDetailsintheOtherscreenreachedthroughSelectaNetwork
screen. 2. Bydefault,anewnetworkconfigurationlooksonlyforaccesspointson
anetwork,notothercomputersrunningadhocnetworks.ChoosePeerto-Peer(Ad-Hoc)fromtheConnecttopop-upmenutoconnecttoanad hocnetwork,ortocreateone(Figure10.7).
Chapter10 | ConnectingYourHandheld
3. TapAdvanced. 4. YoucanmodifythreeTCP/IPsettingshere(Figure10.8).Youcanenter
aspecificIPaddressandaspecificsetofDNSservers.Finally,youcan checkwhetherornottouseashortpreamble,whichdisablesslowerWi-Fi speedsbutimprovesnetworkthroughput. 5. TapOKtosaveyourchangesandcontinueatstep4b. Figure10.7 Specifyinga differentkind ofnetwork architecture.
Figure10.8 SettingtheIP addressandDNS servers.
VPNSettings Afteryouconnecttoanetwork,thefinalWi-FiSetupscreenhasaVPNSetup buttonatthebottom(Figure10.9),whichprovidesaccesstothePalmOS’s VPNcapabilities.FollowthesestepstocreateaVPNconnection: TIP ThePalmOSsupportsonlytheMicrosoft-stylePPTP(Point-to-PointTunneling Protocol)formofVPNs,notthemoreadvancedIPsec-over-L2TP.
1. TapVPNSetupinthefinalWi-FiSetupscreen. 2. TapNext(Figure10.9). 3. Enteryouraccount,username,password,andserverdetails. 4. Ifyouneedtosetmorespecificparameters,tapDetails(Figure10.10).
•
IfRequiredischeckednexttoEncryption,theconnectionwillwork onlyiftheVPNserverenablesencryption.
•
UncheckingToVPN(nexttoSendAll)willcausethePalmtouse theVPNonlyforDNSrequestsandspecificprogramsthatrequesta VPNconnection.
•
YoucansettheDNSservernumbersortheIPaddressbyunchecking QueryDNSand/orAutomaticnexttoIPAddress.TapOK.
107
108
TheWirelessNetworkingStarterKit Figure10.9 StartingVPN configuration.
Figure10.10 SettingVPNdetails.
5. TapDoneinthefinalscreen,andyourVPNshouldbeenabled.
ModifyinganExistingNetwork ThePalmOSdoesn’tletyouchangethesettingsofanexistingWi-Finetwork viaWi-FiSetup.Thatwouldbetooobviousandsimple.Instead,youmust followanalternatepaththatleadstoidenticaldialogs. 1. PresstheHomebutton. 2. TapthePrefsicon. 3. IntheCommunicationsetofoptions,tapWi-Fi. 4. TapInfo. 5. TapEditNetwork.
Nowyouhaveaccesstoallthesettingsnotedforintermediateandadvanced connectionspreviously. Onceyousetupanetworkconnection,youcan’tdeleteit,thoughyoucan modifythesettings.
WindowsMobile2003 FormanyWindowsMobile2003users,connectingtoalocalWi-Finetwork involvesalmostnoconfiguration.Forapublichotspotnetworkorahome orofficenetworkwithnopasswordprotection,youcanfollowthe“Simple Connection”instructionsbelow.Fornetworksprotectedwithencryption,or ifthesimpleinstructionsfail,try“IntermediateConnection.”Ifyou’reusing corporateencryption,includingVPNsorspecialmethodsofnetworklogin, see“AdvancedConnection.”
Chapter10 | ConnectingYourHandheld
SimpleConnection Inmostcases,thefollowingstepswillbeallyouneedtoconnecttoanopen, unencryptedWi-Finetwork. 1. TaptheConnectivityiconinthemenubar. 2. IfthePocketPC(Figure10.11)liststhenetworkandshowsthesignal
strengthatright,thenyou’redone! Figure10.11 Simpleconnection.
IntermediateConnection IfyouneedtoaccessaclosedWi-Finetwork,enteraWEPkey,orrestrictthe listofaccessiblenetworkstothoseprovidedbyaccesspoints(andtoavoidad hocnetworks),followthesestepstoconnect. 1. TaptheConnectivityiconinthemenubar. 2. TaptheSettingslink(Figure10.11,above). 3. TaptheAdvancedtabatthebottomoftheSettingswindow(Figure
10.12). 4. TaptheNetworkCardbutton(Figure10.13). 5. Ifyournetworkissetupasanopennetwork,evenwithencryptionenabled,
itshowsupintheWirelessNetworkslist(Figure10.14).Ifit’sthere,and agreenhaloisaroundtheantennaattheleftand“Connected”appearsto therightofthenetworkname,thenyou’redone. 6. Ifyournetworkdoesn’tappear,fromNetworkstoAccess,chooseAll
Available.Ifitstilldoesn’tappear,followthe“AddingaNewNetwork” instructions,next.
109
110
TheWirelessNetworkingStarterKit Figure10.12 Advancedsettings.
Figure10.13 NetworkCard settings.
Figure10.14 WirelessNetworks list.
TIP Ifyou’reinanareawithmanynetworksandyouthinksomeofthemaread hocnetworks,chooseOnlyAccessPointsfromtheNetworkstoAccessmenu. WewishMicrosoftwouldaddthisoptiontoWindowsXP!
7. Selectthenetworkname,whichopenstheConfigureWirelessNetworks
dialog. 8. IfWEPencryptionisenabledonthenetworkyouwanttoaccess: a. TaptheAuthenticationtabatthebottomofthedialog(Figure10.15)
toopentheConfigureNetworkAuthenticationdialog. b. UncheckTheKeyisProvidedforMeAutomatically.(Ifthat’snot
true,see“AdvancedConnection,”next.) c. EnteryourhexadecimalWEPkey. 9. TapOktoconnecttoyourWi-Finetwork.
Chapter10 | ConnectingYourHandheld
Figure10.15 Authenticationtab.
AddingaNewNetwork 1. Followsteps1through6of“IntermediateConnection,”above. 2. TapAddNewSettings. 3. EnterthenetworknameintheNetworkNamefield(Figure10.16). Figure10.16 Enteringthe NetworkName.
4. ChooseWorkfromtheConnectsTopop-upmenuunlessyou’reusinga
VPN.IfyouareusingaVPN,see“AdvancedConnection”next. 5. Continuewithstep7in“IntermediateConnection”previously.
RemovingaNetwork 1. Followsteps1through4of“IntermediateConnection.” 2. Tapandholdthestylusoverthenetworkyouwanttodeleteuntilamenu
appears. 3. TapRemoveSettingsinthatmenu(Figure10.17).
111
112
TheWirelessNetworkingStarterKit Figure10.17 Removinga networksetting.
AdvancedConnection Corporationsmayrequireadvancedsecurityforemployeesusingwireless networks,andWindowsMobile2003offerstwounrelatedoptionsinthis field.ThefirstsupportsspecialkindsofloginsoverWi-Fi,thesecondisaVPN ofeithertheMicrosoft-stylePPTPorthemorestandardIPsec-over-L2TP. Youshouldmakethesechangesorenterthesesettingsonlyifyoureceivedthe detailsyouneedfromanetworkadministrator.
NetworkAuthentication Tologintoyournetworkusing802.1X,followthesesteps: 1. Followsteps1through8under“IntermediateConnection,”above. 2. IntheConfigureNetworkAuthenticationdialog,checkEnableNetwork
AccessusingIEEE802.1X(Figure10.18). 3. SelecttheappropriateEAP(ExtensibleAuthenticationProtocol)option.
Inbothcases,youmustalreadyhaveinstalledacertificate.Ifyoudon’t haveacertificate,consultyournetworkadministrator(Figure10.19). 4. TapProperties. 5. Enteryourusernameandpassword. 6. TapOk.
VPN TocreateaVPNtunneltoyournetwork,followthesesteps: 1. Followsteps1through3in“IntermediateConnection,”above. 2. TapSelectNetworks.
Chapter10 | ConnectingYourHandheld
Figure10.18 Enabling802.1X.
Figure10.19 Editing802.1X properties.
3. Fromthesecondpop-upmenu—“Programsthatautomaticallyconnect
toaprivatenetworkshouldconnectusing”—tapEdit(Figure10.20). 4. TaptheVPNtabatthebottomofthewindow(Figure10.21). Figure10.20 GettingtotheVPN settings.
Figure10.21 TheVPNstart screen.
5. TapNew. 6. EnterthenameofyourVPNanditshostnameorIPaddress,andthen
selecttheVPNprotocoltype(Figure10.22). 7. TapNext. 8. ChoosewhethertouseacertificatealreadyinstalledonthePocketPCor
apresharedkey(Figure10.23). 9. TapNext. 10. Enteryourusername,password,anddomain(Figure10.24).
113
114
TheWirelessNetworkingStarterKit 11. IfyouneedtosetyourIPaddressorDNSserversmanually,tapAdvanced
(Figure10.25).
a. SettheIPaddress,ifneeded.
b. TaptheServerstabatthebottomofthewindow.
c. SetyourDNSserveraddresses,ifneeded.
d. TapOk.
12. TapFinish. 13. IntheMyWorkNetworkdialog,tapandholdthestylusoverthename
oftheVPNuntilamenuappears. 14. TapConnectfromthatmenu. Figure10.22 Namingthe VPNconnection.
Figure10.23 Enteringakey orchoosinga certificate.
Figure10.24 Enteringa usernameand password.
Figure10.25 Configuring IPsettings,if necessary.
11
ConnectingviaBluetooth
Asashort-rangewirelesscablereplacementtechnology,Bluetoothholdsgreat promiseincreatingsmallwirelessnetworksofsmallbattery-powereddevices likecellphones,handheldpersonaldigitalassistants,andinputperipherals (keyboards,mice,joysticks,andtouchpads,forinstance). WithBluetooth,youfirstassociatedeviceswithoneanotherinaprocess knownaspairing.Oncepaired,multipledevicescanformnetworks,often withaBluetooth-capablecomputerasthecoordinatinghub.Forinstance,the computercandialnumbersforyouonaBluetooth-enabledcellphoneoract asamodeminordertoconnecttoanISPviaitsmodembanks;thehandheld PDAcansynchronizedatawithyourcomputerviaBluetoothinsteadofUSB; orthecomputercanstreamaudiotoasetofBluetoothheadphones. Inthischapter,wewalkthroughthebasicsofpairingandthenshowyouhowto setupBluetoothconnectionsonthemajoroperatingsystems.Wealsoexamine howsomecommonBluetoothdevicesworktogether.
Pairing WhenyoupairasetofBluetoothdevices,youperformtwotasks:
• Pairingenablesthedevicestoprovetheiridentitytoeachother,which
isanimportantsecuritystep,becauseotherwiseanyBluetooth-enabled computerwithinrangeofyourBluetoothcellphonecouldcauseittodial out.Youcanthinkofpairingasintroducingtwodevices;afterthey’ve beenintroduced,theycancommunicatewitheachother.
116
TheWirelessNetworkingStarterKit
• Pairingmakesavailableasetofcommonservices,likeprinting,filetransfer,
ordial-upnetworking.Inessence,throughthepairingstep,thedevices agreeonwhattheycandowitheachother.
Youcansetuppairingtoworkbothways(ifappropriate)orinonlyone direction.Asanexampleofbidirectionalpairing,youcouldsetyourPDA andyourcomputertosynchronizecontactandcalendarinformationinboth directions.You’duseone-waypairingforyourcomputertouseBluetoothto accesstheInternetviayourcellphone,sincethecellphonedoesn’taccessthe Internetviayourcomputer. NOTE Insomecases,youmaybeallowedtosetuppairinginonlyonedirection;in othercases,eventhoughitmaynotmakesense,youmightberequiredtoset uppairingbothways.ReadthedocumentationthatcomeswithanyBluetooth deviceforthespecifics.
PairingBasics Here’showpairingworksingeneral—wetalkaboutspecificplatformsnext (Figure11.1). 1. Turnondiscoveryononedevice.Bluetoothusesdiscovery,orscanning
foravailabledevices,tofindotherequipment.Withdiscovery,youdon’t havetoenteranyidentifyinginformation(suchasanIPnumber)about yourdevices.Differentequipmentturnsdiscoveryonindifferentways. Forinstance,tomakeaJabraBluetoothheadsetdiscoverable,youhold downitspowerbuttonforatleast10seconds.Acellphonemighthide discoverabilitydeepinanestedmenu,whilemostcomputeroperating systemsofferdiscoveryasatop-levelmenuitem. 2. Havetheotherdeviceselectthediscoverabledevice.Adevicethatneeds
accesstoresourcesonanotherpieceofBluetoothgearselectsitthrough someoptionthatscansforavailableBluetoothadaptersandpresentsthem inalist. 3. Enterapassphrase.Thepassphraseisasmallpieceoftext.Youenterthe
passphraseonthedevicethat’sdiscoverable,andthenthedevicerequesting thepairingpromptsyoutoenterthesamepassphrase. TIP Often,youduplicatethesesteps,runningthemonceineachdirectionsothat eachdevicediscoverstheother.
Thedevicesarenowpairedandcancommunicatewitheachother.
Chapter11| ConnectingviaBluetooth
Figure11.1 Bluetoothpairing. 1.Acomputerlisteningfor discoverabledevices.Theuser decidestopairwiththePDA.
2.Theuserentersa passphraseonthe computer,whichqueries thePDAforaresponse. 3.Theuser entersthesame passphraseon thePDA. Thetwodevices arenowpaired andcan exchangedata.
NOTE SimplerBluetoothdevicesusuallyhavepassphrasespresetbythemanufacturer, like0000fortheJabraheadsets.Thisisn’tasecurityriskbecauseyouturn ondiscoveryonlyoncethroughaspecialmechanism,afterwhichthepairing iscomplete.PairingisuniquebasedonaBluetooth’sadapternetwork identificationnumber.
NOTE There’saneaseofuseinBluetooththatwe’dliketoseeinWi-Fi,andthere’s somehopeitcouldhappen.TheZeroconfprotocol,designedbyaworking groupoftheInternetEngineeringTaskForce(IETF),providesdiscoveryto devicesusingTCP/IP,muchasAppleTalkdidforearlyMacsandNETBIOS didforWindows-basedPCs.ApplecallsitsimplementationoftheZeroconf protocolRendezvous,butsinceit’sanopenstandard,anycompanycandevelop Zeroconf-compatibledevicesforwired,Wi-Fi,orotherTCP/IPsystems.Infact, AppleusesRendezvoustohelpitsAirPortAdminUtilityfindAirPortExtreme BaseStations.
PairingUnderWindowsXP Microsoftdoesn’tofferauniformbuilt-inBluetoothconfigurationtoolasitdoes forWi-Fi.Instead,itgavehardwaremakersapackagethatenablesthemtouse astandardinterface.Fewthatwe’veseenhavechosenMicrosoft’ssoftware.
117
118
TheWirelessNetworkingStarterKit
Inpracticalterms,thismeansthateveryBluetoothadapteryoupurchasecould haveitsowndriversthatyoumustinstall,anditsownsetofstepstopairwith otherdevices.Evenworse,ifyouweretoswitchtoadifferentadapterfrom anothercompany,youwouldhavetoredoallyourpairingsbeforeyoucould useyourBluetoothdevicesagain. NOTE We’vealsofoundthatsomeBluetoothsoftwarecan’tco-existwithother Bluetoothsoftware,requiringafulluninstalloftheolderdriversbeforeworking withthenewerones.
Forthestepsbelow,weusedtheActiontecBTM200USBBluetoothadapter, whichreliesontheWidcommBluetoothclientsoftware.Itcloselymimics howWindowsXPhandlesfilesandnetworkdevices. TIP YourmileagemayvarywithotherBluetoothadaptersandclients,although we’vefoundthemalltobequitesimilar.
SettingaWindowsXPPCtoBeDiscovered TheWidcommsoftwareplacesaBluetoothiconintheSystemTray(Figure 11.2).Tosetyourcomputertobediscovered,installtheBluetoothadapter andthenfollowthesesteps: Figure11.2 Bluetoothiconin theSystemTray.
Bluetoothicon
1. Right-clicktheBluetoothiconandselectAdvancedConfigurationto
opentheBluetoothConfigurationdialog. 2. IntheGeneraltab,enteranameforthecomputerandchoosetheComputer
Typefromthepop-upmenu(Figure11.3). 3. ClicktheAccessibilitytab,andconfirmthatLetOtherBluetoothDevices
DiscoverThisComputerisselected(Figure11.4). 4. ClickApplyorOKtoapplythesettings.
TheWindowsmachineremainsdiscoverableaslongastheLetOther BluetoothDevicesDiscoverThisComputercheckboxintheAccessibility tabisselected.
Chapter11| ConnectingviaBluetooth
Figure11.3 Settingthe computer’sname andtype.
Figure11.4 Turning discoverabilityon.
DiscoveringOtherDevices Onceyou’vemadethedeviceorcomputeryouwanttopairwithdiscoverable, thenextstepistodiscoverotherdevices.Followthesesteps: 1. Double-clicktheSystemTrayBluetoothicontoopentheMyBluetooth
Placeswindow(Figure11.5). 2. ClicktheBluetoothSetupWizardlinkunderBluetoothTasks. 3. IntheBluetoothSetupWizard,selecttheseconditeminthelist—“I
wanttofindaspecificBluetoothdevice...”—andclickNexttomakethe Bluetoothadaptersearchforavailabledevices(Figure11.6).
119
120
TheWirelessNetworkingStarterKit Figure11.5 TheBluetooth SetupWizard’slink.
Figure11.6 Choosingthe Bluetooth configurationtask.
4. WaitforthesoftwaretocompleteitssearchforBluetoothdevices.The
flashlightwillstopwaving.Choosethedeviceyouwanttoconfigurefrom thelistandclickNext(Figure11.7). 5. Checktheservicesyouwanttoattachtothedevice(Figure11.8).You
canselectdial-upnetworking(forcellulardata),OBEXFileTransfer (toexchangefiles),andBluetooth-PDA-Sync(forPalmOS/PocketPC synchronization).Foreachservice,clicktheConfigurebuttontoconfigure itssettings(Figure11.9). 6. ClickFinish.
Youcanchangesettingsbyrunningthroughthesestepsagain,makingthe desiredchangesasyougo.
Chapter11| ConnectingviaBluetooth
Figure11.7 Selectingavailable Bluetoothdevices.
Figure11.8 ChoosingBluetooth services.
Figure11.9 Configuring services.
NOTE Forconcreteexamples,read“PracticalBluetooth,”laterinthischapter.
121
122
TheWirelessNetworkingStarterKit
PairingUnderMacOSX Applenowoffersbuilt-inBluetoothadapterswithmanyofitsnewdesktop MacsandPowerBooks,oryoucanbuyaninexpensiveBluetoothadapter.Once youhavethenecessaryhardware,youconfigureBluetoothinMacOSXinthe BluetoothpreferencespaneavailableinSystemPreferences.
SettingaMactoBeDiscovered IfyouhavetheBluetoothmenuturnedoninthemenubar,justchoose Discoverablefromthatmenu(Figure11.10). Figure11.10 Choosing Discoverablefrom theBluetooth menu.
TIP ToturnontheBluetoothmenu,selectSystemPreferencesfromtheApple menuandclicktheBluetoothicontoopentheBluetoothpreferencespane. ClicktheSettingstab,andthencheckShowBluetoothStatusintheMenu Bar(Figure11.11).
Ifyoudon’twanttodevotemenubarspacetotheBluetoothmenu,youcan turnondiscoverabilitybyopeningSystemPreferences,clickingtheBluetooth icontoopentheBluetoothpreferencespane,andselectingDiscoverableinthe Settingstab(Figure11.11). NOTE IfBluetoothisturnedoff,asitcanbeonsomePowerBooksandPowerMacs,click theTurnBluetoothOnbuttonintheBluetoothpreferencespanetoturniton.
TheMacremainsdiscoverableforaslongasDiscoverableisselectedonthe BluetoothmenuortheDiscoverableboxischeckedintheBluetoothpreferences pane.ItsBluetoothnameisthesameasthenameofyourcomputerinthe Sharingpreferencespane.
DiscoveringOtherDevices AftermakingthedeviceyouwanttopairwithaMacdiscoverable,youcan usetheBluetoothSetupAssistanttohelpyouconnecttoit.
Chapter11| ConnectingviaBluetooth
Figure11.11 Enablingthe Bluetoothmenu.
1. OpenSystemPreferencesandclicktheBluetoothicontoopentheBluetooth
preferencespane. 2. SelecttheDevicestab(Figure11.12). 3. ClickSetUpNewDeviceandfollowtheBluetoothSetupAssistant’s
prompts(Figure11.13). Figure11.12 TheDevicestab.
123
124
TheWirelessNetworkingStarterKit Figure11.13 TheBluetooth SetupAssistant.
Ifyou’remoreinclinedtohandlethedetailsyourself,orifthedevicerequires manualconfigurationforsomereason,followthesesteps: 1. OpentheBluetoothpreferencespane. 2. SelecttheDevicestab. 3. ClickthePairNewDevicebutton. 4. SelectthedeviceyouwanttopairwithfromtheDevicelist(Figure11.14).
(Ifitdoesn’tappear,tryresettingtheotherdeviceandclickingSearch Again.) Figure11.14 Choosingadevice fromalist.
Chapter11| ConnectingviaBluetooth
5. ClickPair. 6. TheMacpromptsyouforapassphrase(whichApplecallsa“passkey”),if
needed(Figure11.15). Figure11.15 Enteringthe passphraseona Mac.
7. Iftheotherdevicerequiresapassphrase,enterthesamepassphrasewhen
prompted(Figure11.16). Figure11.16 Enteringthe passphraseon anotherdevice(a WindowsPCinthis case).
PracticalBluetooth Pairingdevicesislikeintroducingyourselftosomeoneatadance:anecessary firststep,butnotexactlythegoal.Weofferthreepracticalscenariosforhow youmightuseBluetooth:synchronizingaPalm,exchangingfiles,andadding awirelessmouse. TIP CellphonesareincreasinglysoldwithBluetoothsupportbuiltin,andmore applicationsaretakingadvantageofthissupport.Sowhyaren’twegivinga cellphoneexamplehere?Becausewetalkaboutusingacellphoneforcellular datainChapter30,UsingCellularDataNetworks,whereweshowhowto setupanInternetconnection.
125
126
TheWirelessNetworkingStarterKit
TIP WealsorecommendthatyoulookattheextensiveBluetoothcoveragein RobFlickenger’sbookWirelessHacks,whichdemonstratesusingavarietyof interestingapplications,includingSallingClicker(http://homepage.mac.com/ jonassalling/Shareware/Clicker/),aMacOSXprogramthatletsyou controlyourMacviaacellphone!
PalmSynchronization Thereare,ofcourse,twosidestoaPalmsynchronization:youmustfirstpair yourcomputertothePalm,afterwhichthePalmwillacceptconnectionsfrom thecomputer.Makeyourcomputerdiscoverableasdescribedearlierinthis chapter.ThenfollowtheseinstructionsforPalmOS5.2.
PairingwiththeComputer 1. TapthePrefsiconinApplicationsLauncher. 2. TapCommunication;thentapConnection(Figure11.17). 3. IntheAvailableConnectionsdialog,taptheNewbutton(Figure11.18). 4. EnteranamefortheconnectionintheNamefield(Figure11.19). 5. TapthearrownexttoConnectToandchoosePC. 6. Tapthearrownextto“Via:”andchooseBluetooth. 7. NexttotheDevicelabel,taptheboxmarked“TaptoFind.”TheDiscovery
Resultsdialogappears,listingalltheavailabledevices(Figure11.20). 8. Selectyourcomputerfromthelist.
TIP Ifyoudon’tseeyourcomputerintheDiscoveryResultslist,makesureyou’ve madeitdiscoverable.
9. ChooseNowhenthePalmpromptsyoutoaddthePCtotheTrusted
DeviceList.(PalmsaystochooseNo;we’renotsurewhyitmatters.) 10. BackintheEditConnectionscreen,tapOK,andthentapDone.
WindowsXPSetup WiththePalmDesktopandHotSyncsoftwareinstalled,followthesesteps: 1. Right-clicktheHotSyncManagericonintheSystemTrayandchoose
LocalSerialifitdoesn’talreadyhaveacheckmarknexttoit(Figure 11.21).
Chapter11| ConnectingviaBluetooth
Figure11.17 ThePalm’s Communication preferences.
Figure11.18 Startinganew connection.
Figure11.19 Settingupyour newconnection’s details. Figure11 .20 Choosinga computerto syncto.
Figure11.21 MakingsureLocal Serialischecked.
2. Right-clicktheHotSyncManagericonagainandchooseSetuptoopen
theSetupdialog. 3. ClicktheLocaltab. 4. ChoosetheCOMportthat’sbeenassignedbytheBluetoothsoftwareto
theserialport(Figure11.22). 5. ClickOKtofinishthesetupandclosetheSetupdialog.
127
128
TheWirelessNetworkingStarterKit Figure11.22 Selectingthe assignedCOMport.
MacOSXSetup WithPalmDesktopandthePalm’sHotSyncManagersoftwareinstalled, followthesesteps: 1. OpenHotSyncManager(likelyinthePalmfolderinyourApplications
folder). 2. SelecttheEnabledradiobutton(Figure11.23). 3. ClicktheConnectionSettingstab. 4. Checktheboxnextto“blueto…nc-port”,whichisshortfor“bluetooth-
pda-sync-port”(Figure11.24). 5. QuitHotSyncManager.
PalmHotSync You’refinallyreadytosynchronizedataafterallthosesteps—rememberthat youmustsetBluetoothsynchronizationuponlyonce,andthenitshouldwork untilyouswitchtoanewcomputerorPalmhandheld. Figure11.23 EnablingHotSync.
Chapter11| ConnectingviaBluetooth
Figure11.24 Enablingthe BluetoothPDA synchronization port.
1. FromtheApplicationsLauncher,tapHotSync. 2. TaptheMenuiconintheGraffitiarea.IftheOptionsmenudoesnotdrop
down,tapOptions. 3. ChooseLANSyncPrefsfromtheOptionsmenutoopentheLANSync
Preferencesdialog(Figure11.25). 4. TapLANSync. 5. TapOKtoreturntotheHotSyncscreen. 6. TapLocal. 7. TaptheboxbelowtheHotSynciconandchoosetheBluetoothconnection
youcreatedinthe“PairingwiththeComputer”steps(Figure11.26). 8. TaptheHotSyncicontostartsynchronization. Figure11.25 SettingLANSync.
Figure11.26 Selectingthe Bluetooth connection.
129
130
TheWirelessNetworkingStarterKit
ExchangingFiles Bluetoothisn’tidealfortransferringfiles,becauseofitslowspeed:after subtractingnetworkoverhead,itshootsdataatwellunder1Mbps.Butthere aremanycasesinwhichyouwanttomovesmallerfilesaroundwithoutthe overheadofenablingWi-Fi,settingupadhocnetworking,andconnectingto anetwork.Onceyou’vepairedtwocomputersorahandheldandacomputer, transferringfilesisabreeze. First,followtheinstructionsearlierinthischapterunder“Pairing”toconnect twodevices.Youmayhavetopairinbothdirectionsforafileexchange.Then runthefileexchangeutilityappropriatetotheplatformyou’reusing.
WindowsXP InWindows,youshouldopenyourBluetoothsoftware.UsingtheWidcomm softwarewediscussedearlier,followthesestepstoexchangefiles: 1. Right-clicktheBluetoothiconintheSystemTrayandchooseMyBluetooth
PlacestoopentheMyBluetoothPlaceswindow(Figure11.27). Figure11.27 Openingapaired deviceforfile transfer.
2. UnderFileTransferLinks,double-clicktheiconforthedeviceyouwant
totransferfileswithtoopenanormaldirectorywindowdisplayingthe filesontheotherdevice(Figure11.28). 3. Dragfilesinorout—justasyouwouldwhenmovingorcopyingfiles
normally—totransferthembetweenthetwodevices.
Chapter11| ConnectingviaBluetooth
Figure11.28 Viewingsharedfiles.
MacOSX FollowthesestepstoexchangefilesbetweenaMacrunningMacOSXand anotherBluetoothdevice. 1. LaunchBluetoothFileExchangeintheApplicationsfolder’sUtilities
folder. 2. Theprogramimmediatelypresentsyouwithastandardfilebrowsingdialog.
SelectafiletotransferandclickSend(Figure11.29).Thisdoesn’tsend thefile,butqueuesthefileupforthenextstep. Figure11.29 Choosingafileto send.
131
132
TheWirelessNetworkingStarterKit 3. Selectthepaireddevicetoreceivethefile(Figure11.30). Figure11.30 Selectingthepaired devicetoreceive thefile.
4. ClickSend.
NOTE Ifyouchooseafilethatthereceivingdevicewon’tunderstand,youshouldsee anerrormessageliketheoneinFigure11.31. Figure11.31 Anerrormessage appearswhen youtrytosendan unsupportedfile type.
TIP Youcanalsobrowseandcopythefilesinashareddirectoryontheotherdevice bychoosingBrowsefromtheFilemenuinBluetoothFileExchange,andthen choosingadevice(Figure11.32).
AddingaBluetoothMouse ThereareseveralBluetoothmiceonthemarketnow,includingmodelsoffered byAppleandMicrosoft.Wethoughtwe’dshowyoutheeasewithwhichyou couldaddtheAppleWirelessMousetoaMac. NOTE WefailedtomaketheAppleWirelessMouseworkwithaWindowsmachine. Applesaidthemousewasn’tdesignedtobeentirelycompatiblewithWindows,
Chapter11| ConnectingviaBluetooth
Figure11.32 Browsingfilesin achosenpaired device’sshared directory.
andthecompany’sengineershadn’ttweakedittoworkwiththemanydifferent BluetoothadaptersanddriversavailableforWindowsasofthiswriting.
1. Ifnecessary,installtheBluetoothsoftwarethatcomeswiththemouse. 2. Turnthemouseonusingitspowerswitch. 3. RuntheBluetoothSetupAssistantprogramfoundintheApplications
folder’sUtilitiesfolder,andatthefirstscreen,clickContinue. 4. IntheSelectDeviceTypescreen,chooseMouseandclickContinue
(Figure11.33). Figure11.33 Selectingthemouse asthedevicetype.
133
134
TheWirelessNetworkingStarterKit 5. FromtheBluetoothMouseSetUpscreen,selectyourmousefromthe
MicelistandclickContinue(Figure11.34). 6. MacOSXautomaticallypairswithyourmouse(Figure11.35).Click
Continuetodisplaythefinalscreen,andthenclickQuit. 7. OpentheKeyboard&Mousepreferencespane,andthenclicktheBluetooth
tab.Fromthistab,youcannamethemouse(oranAppleWirelessKeyboard), andkeeptrackofthelifeleftinitsbatteries(Figure11.36). Figure11.34 Selectingyour wirelessmouse.
Figure11.35 Automaticdevice pairing.
Figure11.36 AdjustingWireless Mousesettings.
Chapter11| ConnectingviaBluetooth
135
12
CreatinganAdHoc WirelessNetwork
Wi-Fidevicessupporttwonetworkingmodes:theinfrastructuremodeinwhich clientsassociatewithaccesspointsactingascentralroutingpoints,andamore informalmodecalledadhoc,whichmeans,inthiscontext,“foraparticular purposeathand.”Adhocnetworksarecreatedamongtwoormoremachines thatthenactasifthey’reonthesametinynetwork. TIP Windowsadhocnetworkscanberoutedtoanothernetwork,suchasan Internet-connecteddial-uporEthernetnetwork.WediscussthisinChapter 19,CreatingaSoftwareAccessPoint.Ifyou’reconnectingMacs,youdon’t needtocreateanadhocnetworkbeforeturningonSoftwareBaseStation (MacOS9)orInternetSharing(MacOSX).
Noonemachinemaintainsthenetwork,butitremainsineffectaslongasany machineisinadhocmode.Anetworkofoneisprettylonely,though. TIP Adhocnetworkingmaynotworkcorrectlyamongwirelessnetworkadapters soldbydifferentcompaniesbefore2002.SeeChapter2,WirelessStandards, formoreonthistopic.
Howyouenableadhocmodeonyourcomputervariesdependingontheoperating systemandsoftware.Typically,youenableasettingintheclientsoftwarethat turnson“computer-to-computernetworking”or“adhocmode”(different manufacturersusedifferentnames).Youmustalsopickachanneloverwhich
138
TheWirelessNetworkingStarterKit
thetwocomputerswillconnect,butonceyousetachannel,othercomputers willfinditautomatically.YoucanalmostalwaysenableWEPencryptionover anadhocconnection,althoughit’sprobablynotworththeeffortunlessyou believethereareotherpeoplenearbywhocanconnecttoyouradhocnetwork, youbelievetheyhaveillintent,andyouwillbetransferringsensitivedataover youradhocnetwork. NOTE Luckily,youdon’thavetoconfigureyournetworksettingswhenallyou’redoing isconnectingapairofcomputerstoeachotherinadhocmode.That’sbecause bothWindowsXPandMacOS8.6andlatersupportastandardmethodof choosingIPaddressesinthe169.254.x.xrangethatdon’tconflict.
CreatinganAdHocNetworkinWindowsXP TheprocessofcreatinganadhocnetworkinWindowsXPrequiresanumber ofsteps,butthey’renotdifficulttocarryout. TIP Ifyou’reusinganotherversionofWindows,theprocessofsettingupanad hocnetworkisusuallyperformedinsidetheconnectionutilitybundledwith yourWi-Fiadapter.
1. FromtheControlPanel,chooseNetworkConnections,andthenopen
theWirelessNetworkConnectiondialog. 2. ClickProperties. 3. ClicktheWirelessNetworkstab. 4. ClickAdvancedatthebottomofthewindow. 5. SelectComputer-to-Computer(AdHoc)NetworksOnly,anddeselect
AutomaticallyConnecttoNon-PreferredNetworks(Figure12.1). 6. ClickClose. Figure12.1 Creatinga computer-tocomputernetwork inWindowsXP.
Chapter12 | CreatinganAdHocWirelessNetwork
7. ClicktheAddbuttonunderPreferredNetworks. 8. Enteranetworknameforyouradhocnetwork(Figure12.2).(Notethat
Windowsidentifiestheconnectionasadhocinthebottomofthewindow usingastrangemethodofacheckboxoptionthat’sselectedbutdimmed anddisabled.) Figure12.2 Configuringa computer-tocomputernetwork inWindowsXP.
9. SetanyWEPoptionsyouwant. 10. ClickOK.
InthePreferredNetworkslist,younowseeyournetworkwithaPCCardicon nexttoittoindicateit’sanadhocnetwork.AredXbrandontheiconindicates noothercomputersareyetconnected. OtherWindowsXPclientsseethisnetworkintheirlistofAvailableNetworks withthesamePCCardicon,andcomputersrunningotheroperatingsystems seeitastheywouldanyotherwirelessnetwork.
CreatinganAdHocNetworkinMacOS8.6/9.x UnderMacOS8.6and9.xcreatinganadhocnetworkisasimpleoperation. 1. IfyouuseApple’sControlStriputility,chooseCreateNetworkfromthe
AirPortmenuontheControlStripandthenjumptostep5. 2. Otherwise,opentheAirPortapplication,typicallylocatedinanAirPort
folderinsideeitheryourApplicationsfolderortheAppleExtrasfolder.
139
140
TheWirelessNetworkingStarterKit 3. ClicktheSettingsexpansiontriangletoshowtheextrasettings. 4. IntheAirPortNetworksection,fromtheChooseNetworkpop-upmenu,
chooseCreateComputertoComputerNetwork(Figure12.3). Figure12.3 Creatinga computer-tocomputernetwork intheMacOS9 AirPortapplication.
5. IntheComputertoComputerdialogboxthatappears,nameyournetwork
(Figure12.4). Figure12.4 Namingyour computer-tocomputernetwork.
6. Ifyouwanttoassignapasswordorchangethedefaultchannel,clickMore
Optionsandsetthedesiredinformation.(Figure12.4showsaFewer Optionsbuttonbecausewe’vealreadydisplayedtheextraoptions!) 7. ClickOKwhenyou’redone.
Onceyou’vecreatedanadhocnetwork,otherpeopleconnecttoitjustasthey wouldtoanyotherwirelessnetwork,whetherthey’reusingMacsorPCs.
Chapter12 | CreatinganAdHocWirelessNetwork
CreatinganAdHocNetworkinMacOSX CreatinganadhocnetworkinMacOSXiseveneasierthaneitherofthe otheroperatingsystems. 1. ChooseCreateNetworkfromtheAirPortmenuinthemenubar.
TIP YoucanalsoopentheInternetConnectapplicationandchooseCreateNetwork fromtheNetworkpop-upmenu,butthat’smoreeffortanddoesn’tgiveyou theoptionofenablingWEP.
2. Eitherway,intheComputertoComputerdialogthatappears,entera
nameforyournetworkandpickachannel(Figure12.5). Figure12.5 Creatinga computer-tocomputernetwork inMacOSX.
3. Ifyouwanttopassword-protectyouradhocnetwork,checktheEnable
Encryption(UsingWEP)checkboxandenteryourpassword. 4. ClickOKwhenyou’redone.
Onceyou’vecreatedanadhocnetwork,otherpeopleconnecttoitjustasthey wouldtoanyotherwirelessnetwork,whetherthey’reusingMacsorPCs.
141
13
SharingFilesandPrinters
Formostpeople,theprimarygoalinsettingupawirelessnetworkistoshare anInternetconnection.Secondonlytothatissharingfileslocally,oroverthe Internetusinglocalfileserversonyourendorremotely.Youcansetupfile sharingonbothWindowsandtheMacintoshwithrelativeease,andyoucan evensharefilesbetweenoperatingsystems,asTable13.1showsbelow.You needaprogramcalledDavefromThursbySoftwareSystems(www.thursby.com/ products/dave.html)tosharefilesbetweenMacOS9andWindows. NOTE WeincludeUnixinTable13.1(andweusethetermlooselytomeanUnix, Linux,BSD,andothervariants)forcompleteness,sinceUnixisremarkably adeptattalkingtooldandnewMacandWindowssystems.Infact,with SambaorNetatalkrunning(seetablefootnote),mountingaUnixvolumeis identicaltomountingaWindowsorMacvolume.
Let’slookathowyousetupbasicfilesharing. TIP BothWindowsandtheMacOSofferinstructionsforsettingupfilesharingin theirhelpsystems,incaseyouneedhelpbeyondwhatweprovidehere.
WindowsXP Thespecificinstructionsforsharingfilesvariesamongdifferentversionsof Windows,althoughthebasicsarethesame.WeconcentrateonWindowsXP asthesimplestandnewestversion.
144
TheWirelessNetworkingStarterKit Table13.1
FileSharingCompatibilityataGlance Connecting Platform
Connectsto WindowsXP FileServer
Connectsto MacOS9 FileServer
ConnectstoMac OSXFileServer
ConnectstoUnixFile Server*
WindowsXP
Yes
Requires DaveinMac OS9
Yes,ifWindowsFile Sharingisturnedon inMacOSX
Yes,iftheSMB(Samba) serviceisrunningonthe Unixmachine
MacOS9
Requires DaveinMac OS9
Yes
Yes
Yes,ifNetatalkorsimilar packageisinstalledon theUnixmachine
MacOSX
Yes
Yes
Yes
Yes,ifSambaorNetatalk isinstalledontheUnix machine
Linux
Yes
Yes
Yes
Yes
*MostUnixvariantsshippedinthelastseveralyearseitherincludeorcaneasilyhaveinstalledWindows-styleSamba servers(www.samba.org),NetatalkforAppleTalkandAppleShare(http://netatalk.sourceforge.net/),andother packagesforWindowsandMaccompatibility.
NOTE Ifyou’reusingWindows2000ServerorWindowsServer2003(otherthan theWebEdition),youcanalsoturnonAppleTalkandServicesforMacintosh, whichenableMacs(eventhoserunningMacOS9orearlier)toconnectto sharedfolders.CheckMicrosoft’shelpsystemforadditionalinstructions.
SharingFiles FollowtheseinstructionstoshareafolderinWindowsXP. 1. FromControlPanel,openNetworkConnections,openWirelessNetwork
Connection,andclickthePropertiesbuttontoopentheProperties dialog. 2. CheckbothClientforMicrosoftNetworksandFileandPrinterSharing
forMicrosoftNetworks,andthenclickOK(Figure13.1). 3. Locatethefolderyouwanttoshare,right-clickit,andchooseSharingand
Security. 4. IntheNetworkSharingandSecuritypartoftheSharedDocument
Propertiesdialog,checkShareThisFolderontheNetwork,enteraname forthesharedfolder,andifyouwantpeopletobeabletoaddandmodify filesinthesharedfolder,checkAllowNetworkUserstoChangeMyFiles (Figure13.2).
Chapter13 | SharingFilesandPrinters
Figure13.1 Enablingfile sharing.
Figure13.2 Sharingafolder.
5. ClickOK.
That’sallthereistoit;thefilesinthesharedfoldershouldnowbeaccessible toanyothercomputeronyournetworkthatcanaccessaWindowsshared folder.
AccessingSharedFiles FollowtheseinstructionsonacomputerrunningWindowsXPtoaccessshared networkfolders. 1. FromtheStartmenu,chooseMyNetworkPlaces.
145
146
TheWirelessNetworkingStarterKit 2. ClickViewWorkgroupComputers.Bydefault,Windowsshowsyoujust
themachinesinyourownworkgroup(Figure13.3).Toreachcomputers inotherworkgroups,usethelocationbaratthetopofthewindowto navigateupalevel. Figure13.3 Accessingashared folder.
3. Double-clickthenameofthecomputertowhichyouwanttoconnect. 4. Typically,Windowspromptsyoutoentertheusernameandpasswordfor
access;it’snotwisetohaveunprotectedfolders,butsomepeoplestilldo. Thesharedfolderisnowmounted,andshowsupinlistsofavailablevolumesin MyComputerandotherviews.Youcanopenandbrowseitjustasyouwould anyothervolume. TIP YoucanusetheMapNetworkDriveoptionintheToolsmenutoseta remotevolumetomountautomaticallywiththesamedrivelettereachtime yourestart.
MacOS9 SharingandaccessingfilesinMacOS9isrelativelyeasy,butrememberthat youneedDavetointegrateMacOS9withWindows. NOTE Daveprovidesitsowncontrolpanelforsettingupfilesharing,althoughit integratesintotheChooserforaccessingsharedfolders.
SharingFiles InMacOS9,ifyou’retheonlypersonusingfilesharingamongyourcomputers, youcanskipsomeoftheconfigurationsteps.Otherwise,youmustworkthrough allthestepsbelow.
Chapter13 | SharingFilesandPrinters
1. FromthehierarchicalControlPanelsmenuintheApplemenu,choose
FileSharingtoopentheFileSharingcontrolpanel. 2. IntheStart/Stoptab,makesureyouhaveanownernameandcomputer
nameentered.Ifthere’sanychancesomeoneelsecouldaccessyourMac overthenetwork,enteranownerpassword(Figure13.4).Alwaysenter apasswordifyouenableTCP/IPfilesharinginthenextstep. Figure13.4 Configuringthe FileSharingcontrol panel.
3. ClicktheStartbuttonintheFileSharingsectionofthecontrolpanel,and
ifyouwantFileSharingtobeavailableoverTCP/IPaswellasAppleTalk, checkEnableFileSharingClientstoConnectoverTCP/IP.Ifyouarethe onlypersonwhoconnectstoyourcomputerfromothermachines,you’re done,becauseyouneedonlyyourownernameandpasswordtoconnect. TIP EnablingfilesharingoverTCP/IPisnecessaryifyouwanttosharefilesover theInternet.ItalsosimplifiesconnectionswithMacOSXmachines,sincethey mustotherwisehaveAppleTalkturnedonfortheactivenetworkadapter.
4. ClicktheUsers&Groupstab.Youcancreateusersandgroupsifyou
wantfine-grainedcontroloverwhocanaccesswhichfolders,butforthis situation,justdouble-clickthedefaultGuestuser,selectSharingfrom theShowmenu,andcheckAllowGueststoConnecttoThisComputer (Figure13.5).ClosetheFileSharingcontrolpanel. 5. Selectadiskorfoldertoshare,Control-clickit,andfromthehierarchical
GetInfomenu,chooseSharingtoopentheGetInfowindow’sSharing view(Figure13.6).
147
148
TheWirelessNetworkingStarterKit Figure13.5 Enablingaguest usertoconnect.
Figure13.6 Sharingadisk.
6. CheckShareThisItemandItsContents,andfromthepop-upmenunext
totheEveryoneline,choosetheprivilegesyouwanttogivetopeoplewho connect. NOTE Read&Writeprivilegesletuserssee,copy,add,change,anddeletefiles.Read Onlyprivilegesletthemseeandcopyfiles.WriteOnly(DropBox)letspeople copyfilestothefolderwithoutbeingabletoseeanythingelsethat’sthere. And,ofcourse,Nonepreventsthemfromseeingortouchinganyfiles.
7. ClosetheGetInfowindow.
You’redone!
Chapter13 | SharingFilesandPrinters
AccessingSharedFiles Onceyou’vesharedadiskorfolderononeMac,youcanaccessthemfrom otherMacs,thoughnotWindows.FollowthesestepsonaMacintoshrunning OS9. 1. FromtheApplemenu,chooseChooser. 2. IntheChooser,clicktheAppleShareicon.
IfanyofyourMacsuseAppleTalktosharefiles,theyappearinthelist underSelectaFileServer(Figure13.7). Figure13.7 Browsingfor sharedMacsinthe Chooser.
3. Eitherdouble-clickaMacinthelistorclicktheServerIPAddressbutton
and,inthedialogboxthatappears,entertheIPaddressoftheservertowhich youwanttoconnect,andclicktheConnectbutton(Figure13.8). Figure13.8 EnteringtheIP addressofa sharedMac.
4. Inthedialogboxthatappears,enteryourusernameandpasswordforthe
Macthat’ssharingthefilesyouwanttoaccess,andthenclickConnect (Figure13.9). TIP CheckAddtoKeychainintheConnectdialogboxifyoudon’twanttotype yourpasswordeachtimeyouaccessthisMac.
Adialogboxappearswithalistofaccessiblevolumes(Figure13.10). 5. SelectthevolumeyouwanttoaccessandclickOK.
149
150
TheWirelessNetworkingStarterKit Figure13.9 Enteringyour usernameand password.
Figure13.10 Selectingavolume toaccess.
Theshareddiskorfoldertowhichyou’reconnectingappearsonyour Desktoplikeanyotherdiskicon,andyou’redone. TIP Youcanmakeanaliastoanyfileorfolderonthesharedvolumeanddoubleclickittomountthevolumeautomaticallyinthefuture.Ifyouwantaparticular networkvolumeavailableallthetime,putanaliastotheserverintheServers folderintheSystemFolder.
MacOSX Applesimplifiedtheprocessofsharingfilesandconnectingtosharedfolders inMacOSX,andaddedthecapabilitytosharefileswithWindowscomputers andtoaccessWindowssharedfolders.DaveworkswithMacOSX,butitmay beneededonlytoreplaceMacOSX’sbuilt-incapabilitiesinspecificsituations, suchasoncertainlargenetworks.
SharingFiles TosharefileswithMacsandWindows-basedcomputers,followthesesteps:
Chapter13 | SharingFilesandPrinters
1. OpenSystemPreferences,andclicktheSharingicontodisplaytheSharing
preferencespane. 2. IntheServicestab,selecttheOncheckboxnexttoPersonalFileSharing.
IfyouwanttosharefileswithWindowsusersorviaFTP,selecttheOn checkboxesnexttothoseservicesaswell(Figure13.11). Figure13.11 Configuringthe Sharingpreferences pane.
3. Tosharefiles,puttheminthePublicfolderinyourHomefolder,atwhich
pointanyonecanaccessthemwithoutneedingaspecialusernameor password. TIP Oncefilesharingisturnedon,anyonewhohasanaccountonyourMacOSX machinecanaccessitremotelyusingtheirnormalusernameandpassword, butthey’llbelimitedtoseeingthefilesthattheycanseewhenloggedinto themachinenormally.
TIP IfyouwanttosharefilesoutsideofyourPublicfolderwithspecificusers,check outHornWare’sSharePoints,whichmakesMacOSXworkabitmorelikeMac OS9intermsofsharingfilesandworkingwithusersandgroups.Youcanfind itatwww.hornware.com/sharepoints/.
AccessingSharedFiles InMacOSX10.2,followthesestepstoaccessfolderssharedviastandard Macintoshfilesharing(AppleTalkFileProtocol,orAFP),Windowsfilesharing (SMB),FTP,orWebDAV.
151
152
TheWirelessNetworkingStarterKit
TIP Appleprovidesadditionalhintsaboutthisprocessathttp://docs.info. apple.com/article.html?artnum=106471.
1. FromtheFinder’sGomenu,chooseConnecttoServertobringupthe
ConnecttoServerdialog(Figure13.12). Figure13.12 Accessingshared foldersinthe ConnecttoServer dialog.
2. Ifthesharedfolder(ortheworkgroupthatcontainsit,forWindows
machines)youwanttoaccessappearsinthelistofservers,double-click ittomountit.Ifitdoesn’tappear,typetheserver’sURLintheAddress fieldatthebottomofthedialogandclickConnect. TIP Youdon’thavetotypeafp://atthestartoftheaddressifyou’reconnectingto anotherMacsharingfilesviapersonalfilesharing(AFP);however,toconnect toWindows,FTP,andWebDAVservers,youmustprefixtheIPaddressor domainnamewithsmb://, ftp://,orhttp://,respectively.
TIP InMacOSX10.3Panther,Applesimplifiedthisprocesssignificantly.Justopen anewFinderwindowandclicktheNetworkicontoseeavailableservers.
AConnectTodialogappears,askingforyournameandpassword(Figure 13.13). 3. Enteryournameandpassword,andclickConnect.
TIP ClickOptionsandcheckAddPasswordtoKeychainifyoudon’twanttotype yourpasswordeachtimeyouaccessthisparticularsharedfolder.
Chapter13 | SharingFilesandPrinters
Figure13.13 Enteringyour usernameand password.
Adialogthatlistsaccessiblevolumesappears(Figure13.14).Ifyou’re connectingtoaMacOSXmachinewithanadministratoraccount,you seeatleasttwovolumes:onefortheharddiskandanotherforyourHome directory. Figure13.14 Selectingavolume toaccess.
4. SelectthevolumeyouwanttoaccessandclickOK.
Thesharedfolderordisktowhichyou’reconnectingappearsonyour Desktoplikeanyotherdiskicon,andyou’redone! TIP AswithMacOS9,youcanmakeanaliastoanyitemonasharedvolume andthendouble-clickittomountthevolumeautomaticallyandopenthe item.Toconnecttoaserveratstartup,justdragitsiconintoyourLoginItems preferencespane.
SharingPrinters Sharingfilesbetweencomputersrunningdifferentoperatingsystemsisrelatively straightforward.Sharingprinters,particularlythosethataredirectlyconnected toacomputer,isanotherstoryentirely,whichiswhyweofferthesenotesrather thanstep-by-stepinstructions.
153
154
TheWirelessNetworkingStarterKit
• YourbesthopeforsharingprintersbetweenMacsandPCsistousea
PostScriptlaserprinterthatconnectsdirectlytoyourwiredEthernet networkorplugsintotheEthernetportofawirelessgateway.Every operatingsystemversionshouldbeabletoprinttosuchaprinter.
• IfyouwanttoprintfromClassicapplicationsinMacOSX,youmust configuretheprintersetupfromwithinClassicaswell.
• IfyoushareaUSB-basedinkjetprinterfromaMacrunningMacOS
X,otherMacsrunningMacOSXwillhavenotroubleprintingtoit. However,ifyouwanttosharethesameprinterwithMacsrunningMac OS9,youmustlaunchtheClassicenvironment,withtheUSBPrinter SharingExtensionenabled.
• TomakeaUSBprinterconnectedtoaMac—eitherMacOS9orMacOS
X—availabletoWindows-basedcomputers,youneedDavefromThursby SoftwareSystems.
• Similarly,tomakeaUSBprinterconnectedtoaPCrunningWindows accessibletoMacs,youneedDave.Sensingthethemehere?
• Youcanconnectaprintertotheparallelportofawirelessgatewaythatalso offersaprintserver,butMacswon’tseetheprinterunlessit’saPostScript printer.ItshouldbereadilyavailabletoPCs.
• SharingaUSBprinterbyconnectingittotheUSBportonanAirPort ExtremeBaseStationworksonlyforMacsrunningMacOSX10.2.3or later.Also,notallprintersarecompatible;seealistofcompatiblemodels atwww.apple.com/airport/printcompatibility.html.
• Ifallelsefails,youmightbeabletoworkaroundnotbeingabletoshare
aprinterbyprintingtoPDFfiles,transferringthemtothecomputerthat canprint,andprintingfromthere.Youcan,ofcourse,createPDFswith Adobe’sfullAcrobatpackage,butthat’softenoverkill.Forfastandeasy(and cheap)PDFcreationinWindows,trypdfFactory(www.pdffactory.com)or activePDFComposer(www.activepdf.com).InMacOS9,checkoutJames Walker’sPrintToPDFutility(www.jwwalker.com/pages/pdf.html),andin MacOSX,justclicktheSaveAsPDFbuttoninanyPrintdialog.
14
TroubleshootingYour Connection
Forthemostpart,connectingtoawirelessnetworkisfairlyeasyandtrouble-free. However,that’snottosaythatyou’llneverrunintotrouble,particularlywhen yousetupanewwirelessnetworkadapter,movetoanewwirelessnetwork, orchangeasetupthatwaspreviouslyfunctional. Inthischapter,we’vebrokendowncommonproblemsyoumayexperience whilemakingaconnectiontoawirelessnetworkintobroadcategories.In eachcase,weoffersuggestionsfortestsyoucanrunorquestionsyoucanask toshedlightonyourproblem.Theresultofoneofthesetestsortheanswerto oneofthequestionsshouldpointtoyoursolution. NOTE WestronglyrecommendthatyoureadAppendixC,HowtoTroubleshoot, beforeyoureadfarther.Thatappendixhasbasicadviceandstepsforworking throughanyproblem,notjustthoseyoumightencounterwhentroubleshooting arecalcitrantwirelessnetworkingconnection.
NOTE Thischapteraddressesproblemsfromthestandpointofmakingaconnection workinasituationwhereyoumayormaynothavecontrolovertheaccess pointorwirelessnetwork.Forsuggestionsonhowtotroubleshootproblems relatedtosettingupandrunningawirelessnetwork,readChapter23, TroubleshootingYourWirelessNetwork.
156
TheWirelessNetworkingStarterKit
TIP Evenifyoudon’tuseaMac,it’sworthreadingApple’sdetailedtroubleshooting guideforAirPortwirelessnetworkingtechnology—AirPortisjust802.11bso theguidecoversmorethanjustMac-relatedinformation.Finditathttp:// docs.info.apple.com/article.html?artnum=106858.AlsotrytheWireless NetworkTroubleshootingpageatwww.practicallynetworked.com/support/ troubleshoot_wireless.htm.
TIP In the Windows XP help system, you’ll find an interactive, network troubleshootingguidethatincludessomewirelessadvice(Figure14.1).It canwalkyoustep-by-stepthroughcommonproblemsandadviseyouon configuringorreconfiguringyoursettings. Figure14.1 TheWindows XPNetwork Troubleshooter offersadviceabout wirelessnetwork problems.
Problem:Can’tSeeWirelessNetwork Q: Mywirelessnetworkclientsoftwarecan’tseeawirelessnetworkthat Iknowexists.WhatcanIdotoconvinceittoconnect? A: Thisis,unfortunately,abroadproblem,withmanydifferenttypesoftests torun:
• Thismayseemobvious,butmakesureyourwirelessnetworkadapteris
turnedon.PCCardsandApple’sAirPortandAirPortExtremecardscan beturnedoffthroughasoftwaresettingtosavepowerinlaptops.
Chapter14 | TroubleshootingYourConnection
• DoestheactivityLEDflashorcomeonatall?Ifnot,thecard,orperhaps
theslotorportintowhichyou’repluggingthecard,couldbedead.It’s alsopossiblethatexternalpowerisrequiredinthecaseofaUSBoran Ethernetadapter.
• Disconnectandreconnectyourwirelessnetworkadapterandanycables
thatconnecttoit.You’dbeamazedhowmanyproblemsaresolvedby re-establishingphysicalconnections.And,yes,werealizehowannoying thiscanbetodowithaninternalcard.
TIP IfyouradapterisaPCCard,youmayhavetotellthesystemtohaltthecardso itcanberemoved.However,ifyoursystemwon’tevenrecognizethecard,you mustremoveitwhileit’stechnicallystillactive.Triple-checkbeforeremovingan activecard,or,betteryet,shutdownthecomputerentirelyfirst.InWindows, youtypicallyhaltacardbyright-clickingitsSystemTrayiconandchoosing theappropriatemenuitem;ontheMac,youmayneedtoControl-clickthe card’sDesktopiconandchooseEject.
• Ifpossible,plugthenetworkadapterintoanothercomputerandseeifit
worksthere.Ifitdoesn’t,itmaybedead,andyoushouldcheckthewarranty. (Tryitinathirdmachine,ifyoucan,justtobeonthesafeside.)
• Asktohavetheaccesspointresetorpowercycled(turnitoff,waitabout
30seconds,turnitbackon).It’squitecommonforinexpensivewireless gatewaystobecomewedgedandneedtobereset.Pressingaresetbutton maynotbeaseffectiveascyclingthepower.
NOTE Makesureotherusersaren’tinthemiddleofsomethingimportantbeforeyou cyclethepower.Powercyclinganaccesspointdisableseveryone’saccess,and itcanshuffleoutnewDHCP-assignedaddresses.
• Makesureyouhavethelatestwirelessnetworkclientsoftware(which residesonyourcomputer)andfirmware(whichresidesontheadapter itself).Ifyoudon’thavethelatestappropriateversions,updatethemas necessary.Sometimesaninabilitytoupdatedriversorfirmwareindicates deeper,non-wirelessproblemswiththesystem.Visitthemanufacturer’s Websitefordownloads.
TIP Mostwirelessadaptersandaccesspointshadoneormoremajorfirmware updatesin2003tosupportavarietyofsecurityandotherchanges.Ifyou’ve neverupdatedthefirmware,youshould.
157
158
TheWirelessNetworkingStarterKit
• Ifyou’reusingthird-partywirelessnetworkclientsoftware,reinstallit fromtheoriginalCD-ROMorinstaller.
• UnderWindows,tryuninstallingallwirelessadapterdrivers,andthen reinstallingjusttheoneyouneed.
• UnderWindows,youcantrytobootin“SafeModewithNetworking,”
whichcanhelpbydisablingotherservicesandsubsystems.Restartthe computer,andthen—oncethetext“StartingWindows”appearsinthetext partofthestartupprocess—holddowntheF8key.Iftheproblemgoes away,youcanconcludethattheproblemmostlikelyrelatestosomething thatdidn’tloadunder“SafeModewithNetworking.”Yournextstepmight betoreinstalltheoperatingsystemortotestothernetworkingsoftware toseeifitiscausingtheproblem.
• InWindowsXP,makesureyourWirelessZeroConfigurationserviceis
started.Evenifit’srunning,tryrestartingitbyclickingtheStopbutton andthentheStartbutton(seethesidebar“WindowsXPWirelessNetwork ConnectionsDimmed,”laterinthischapter).
• InMacOS9orearlier,rebootusingthe“MacOSAll”setofextensions
toruleoutaconflictwithathird-partyextension(Figure14.2).Ifthe networkadapterworksunderthe“MacOSAll”setofextensions,youmust figureoutwhichthird-partyextensionisconflicting.Onceyouidentifythe conflict,youcanturnofftheoffendingextensionorfindoutifanupdate totheextensionsolvestheproblem.
Figure14.2 Extensions Manager’s“MacOS All”set.
Chapter14 | TroubleshootingYourConnection
• IfyouhavebothMacOS9andMacOSXinstalled,testinbothoperating systemstodetermineifthewirelessnetworkadapterworksinonebutnot theother.
• InMacOSX’sNetworkpreferencespane,usetheLocationpop-upmenu eithertoswitchtoanotherlocationortocreateanewlocationandswitch toit.Thenswitchback.ThisprocesssometimesletsyouchooseTurn AirPortOnfromtheAirPortmenu,convincesapreviouslyunresponsive networktoappearintheAirPortmenu,andforcesAirPorttodisplayin theShowpop-upmenuifitwasn’tappearingbefore.
• AlsointheMacOSXNetworkpreferencespane,chooseNetworkPort
ConfigurationsfromtheShowpop-upmenuanddragtheAirPortentry tothetopofthelist.ThattellsMacOSXtouseitinfavorofanyother portsthatmightbeavailable.
• OnaMac,ifyouhaveanexternalharddiskthatcanbootthecomputer,
trybootingfromtheexternalharddisktoseeiftheproblemrelatesto somethingonyournormalbootdiskorifithappensnomatterwhichdisk youbootfrom.
• Ifpossible,verifythattheportorslotintowhichyou’repluggingthewireless networkadapterworks.Youcandothisbytryinganothernetworkadapter inthatportorslot.
• Ifyou’repositivethatallthehardwareisfunctional,considerreinstalling
youroperatingsystem.Becarefulthatyoudon’teraseanyofyourdata intheprocess,andalwaysmakesureyouhavearecentbackupbefore proceedingwithsuchamajorstep.
Problem:NoWirelessConnectivity Q: Mywirelessnetworkadapterseemstoseetheaccesspoint,butwon’t letmeconnect.Anyideas? A: Inthissituation,theproblemisoftenrelatedtoover-enthusiasticsecurity settings,althoughtherecanbeotherproblemstoo:
• Ifpossible,seeifothercomputerscanconnect.Ifso,theproblemisspecific
toyourcomputer.Knowingthattheproblemrelatesonlytoyourcomputer shouldnarrowthefieldoffuturetestsandsolutions.
• It’spossiblethatyou’retoofarawaytoconnectreliablydespiteyouradapter’s softwarereportingthatitcanseetheaccesspoint.Manysignal-strength
159
160
TheWirelessNetworkingStarterKit
WindowsXPWirelessNetworkConnectionsDimmed Glennoncehadanannoyingprobleminwhich hisWindowsXPlaptop,aSonyVaio,stopped workingwithhiswirelesscardsfromLinksys andProxim(Orinoco). Afterworkingthroughstandardtroubleshooting,Glenncontactedtechsupportatevery companyinvolved:Sony,Linksys,Proxim, andevenBoingo,whosesoftwarehewas runningandwhichcouldn’trecognizeeither card.Hedidn’tcallMicrosoft,whichmayhave beenamistake,butheuseditsonlinehelp,as wellastheextensivestep-by-stepNetwork TroubleshooterinWindowsXP.Nonewere abletohelpinitially. Eventuallyhediscoveredthatuninstallingall theLinksysandOrinocodriversallowedhim toinserthisOrinococardandhaveitcome uponanetwork. ButtheLinksyscardstillwouldn’twork. Then,hereceivedafinalemailfromProxim thathintedattherootoftheproblem.There’s apieceofsoftware,a“service”inWindows parlance,thathandlessettingupwirelessconnectionswhenacardisinstalledoranadapter added.Thatserviceneededtobestarted;why itwasstopped,Glennstillhasnoidea,butit stillhappensfrequentlyonthatmachine.
Shouldyourunintoasimilarsituation,follow thesesteps: 1. OntheDesktop,right-clickMyComputer
andselectManage. 2.Inthelistofitemsthatappearsinthe
ComputerManagementwindow,expand ServicesandApplicationsattheleft,and thenselectServices(Figure14.3). 3. Intheright-handpane,scrolldownto
WirelessZeroConfigurationanddoubleclickitsicon. 4. IntheGeneraltabofthedialogthatap-
pears,makesurethatStartupTypeisset toAutomatic,andServiceStatusissetto Started. 5. IfServiceStatusisnotsettoStarted,click
theStartbutton(Figure14.4).(Youcan alsoclickStop,andthenclickStarttorestart theservice.) GlennhastostarttheWindowsZeroConfigurationserviceregularlyonthissystemnow, althoughhedidn’tbeforeinstallingmultiple wirelessdrivers.HiscolleagueJeffhadthe sameproblemwithanewPC:certaincards requirethisintervention;othersdon’t.
indicatorsinsoftwaredon’tcorrespondproportionatelytosignalquality.Try movingcloserandcheckiftheproblemgoesaway,ordownloadNetStumbler (www.netstumbler.com)orMacStumbler(www.macstumbler.com)togather moredataonsignalstrength.
• Recheckthatyou’veenteredyourWEPorWPAkeycorrectly.Especially whenyoutypealongWEPkeyof26characters,it’seasytomakeamistake,
Chapter14 | TroubleshootingYourConnection
Figure14.3 Computer Management window.
Figure14.4 WirelessZero Configuration dialog.
andasingleerrornegatestheentirekey.Somesoftwaredoesn’talertyouthat theWEPorWPAkeyisincorrect,makingdata-entry-relatedproblems hardertotroubleshoot.
• SeeifthepersoninchargeofthenetworkcanturnoffWEP/WPAandMAC addressfilteringintheaccesspointtemporarilytofindoutifthesesettings arepreventingyoufromconnecting.
• Makesurethenetworknameisshortandhasnospacesorspecialcharacters init.
161
162
TheWirelessNetworkingStarterKit
• Asktohavetheaccesspointresetorpowercycled(turnitoff,waitabout
30seconds,turnitbackon).It’squitecommonforinexpensivewireless gatewaystobecomewedgedandneedtobereset.Notethatpressinga resetbuttonmaynotbeaseffectiveascyclingthepower.
• IfcomputersrunningWindowsXPcanconnect,butthoserunningother
operatingsystemscannot,theproblemmayrelatetoanadministrator enabling802.1Xauthentication.802.1Xauthentication,thoughagood toolforlargeorganizations,issupportedonlywithsoftwareinstalledon eachwirelesslyconnectedcomputer.
Problem:SignalStrengthIsPoor Q: Ihavetroublereceivingwirelessconnectionsinavarietyoflocations. IsthereanythingIcandotoincreasethesignalstrength? A: Yes,therearequiteafewwaysyoucanimprovesignalstrength:
• Turnyourcomputer90degrees.Seriously,sometimesthat’sallyouneed
todotoimprovesignalstrengthenoughtokeepworking.It’sliketheold dayswhenpeoplewouldgetupontheirroofsandfiddlewiththeirTV antennastoimprovetelevisionreceptionforthebigfootballgame.
• Tryotheranglesinotherplanes.Evenwell-designedaccesspointantennas
sendsomesignalinalldirections.ToquotethewiseMr.SpockonRicardo Montalban’scharacterinStarTrekII:TheWrathofKhan,“Heisintelligent, butnotexperienced.Hispatternindicatestwo-dimensionalthinking.”
• Ifyourcomputerhasaninternalantenna,makesuretheantennaisplugged intothewirelessnetworkcard.
• Thisispainfullyobvious,butwehavetosayit.Trymovingclosertothe
accesspoint.Asasolution,it’scheap,it’seasy,andyes,weknowyoushould beabletoworkanywhereyouwant.Ifyoudon’twanttolettheevilradio demonswin,moveontothenextsuggestions.
• Considerbuyinganewwirelessnetworkadapterwithahighersignal
strength,ratedinmilliwatts(mW).Mostcardsareabout30mW,but youcanfindcardsthatpushout100mWandeven200mW(suchasthe EnGeniuscardsoldbyNetGateatwww.netgate.com).
• Werealizeit’sanawkwardsolution,butconsideraddinganexternal
antennathatwillboostyoursignalstrength.Thissolutionisn’tjustfor desktopmachines;manyPCCardshavetinyantennajacks(usually
Chapter14 | TroubleshootingYourConnection
protectedbylittleplasticplugs),andthereareevenantennasforinternal AirPortcardsinApple’sTitaniumPowerBookG4fromQuickerTek (www.quickertek.com).
• SpeakingofTitaniumPowerBookG4s,whichhavenotablypoorwireless
networkreception,thereareafewwaystohelpthem.First,seeifyoucan massagethelittlerubberplugsoneithersideofthePowerBook’sbase suchthatthey’reflushwiththesurfaceratherthanpushedin.They’rethe radio“windows”fortheantenna,whichApplefoolishlyranaroundthe baseofthatparticularmodel.Ifthat’snotsufficient,youcantryeithera QuickerTekantennaoranexternalPCCard.
Problem:NoRoamingNetwork/InternetAccess Q: WhenI’mtraveling,Icanconnecttoaccesspointsandamassignedan IPaddressbytheDHCPserver,butIcan’tactuallyseethenetworkor reachtheInternet.Whichsettingisaskew? A: Iftheseareaccesspointsthatyoudon’thaveadirectconnectionto,there areonlyafewprobableexplanations:
• Ifyou’revisitingacollegecampusorabusiness,itmaynotoffervisitor
access.Yourwirelessadaptermightassociate,butlackingcredentials,it can’tsendorreceivetraffic.Someofthesenetworksmayhavevisitor accesscodes,butyoumightneedtoaskforaccessorhavespecialsoftware installed.
• Ifyou’reatafreeorpaidhotspot,youmayhavefailedtoclickthroughan
acceptableusepolicyorpayforaccess.Quitandrelaunchyourbrowser, andthentrytovisitanyWebpagetoseeifacaptiveportalpageappears advisingyouonhowtogetaccess.
• Theaccesspoint’sconnectiontotherestofthenetworkorthenetwork’s
connectiontotheInternetmightbedown,andthere’snothingyoucan do,exceptcalltechsupport(ifsuchathingexistsatthenetworkyou’re tryingtouse).
• Ifyou’regambolingabout,dowsingforaccess,stopit!You’renotgetting realaccessforagoodreason,darnit!
163
III
BuildingYourWirelessNetwork Buildingyourownwirelessnetworkisprettyeasy,withtheeffortnecessary tosetupasimplewirelessnetworklimitedtounpackingawirelessgateway, pluggingitin,andturningiton.Butitcangetmorecomplicated—afterall, howdoyouknowifagivenwirelessgatewaywillmeetyourneeds?That’s wherethechaptersinthissectioncometotherescue. Chapter15,PlanningYourWirelessNetwork,isamust-read:itoffersacrash courseinhowtoplanyourwirelessnetworkbeforeyouevenbuythehardware. Chapter16,BuyingaWirelessGateway,addressestheissueofexactlywhatto buy,notwithinstantlyobsoleteproductrecommendations,butbyofferinga featurechecklistyoucanusetomakesureagatewaymeetsyourneeds.Once you’veboughtyourgateway,it’stimetoreadChapter17,SettingupaWireless Gateway,forspecificinstructionsonthreepopularwirelessgateways,plus generichelponothers. ThenwetakeasharpleftturninChapter18,WirelessGadgets,andlookata varietyofunusualwirelessdevicesyoucanaddtoyournetwork.Chapter19, CreatingaSoftwareAccessPoint,explainshowyoucanturnyourcomputerinto awirelessgateway.AnotheradvancednetworktopicfollowsinChapter20, BridgingWirelessNetworks,whichdiscusseshowtoextendtherangeofyour networkwithawirelessbridge.Chapter21,IndoorAntennaBasics,provides backgroundinformationonhowanantennacanextendtherangeofyour wirelessnetwork,andChapter22,SmallOfficeWi-FiNetworking,examines topicsofinteresttothosesettingupsomewhatlargerandmorecomplexwireless networks(includingauthenticationandadditionalsecurity).
PlanningYour WirelessNetwork
15
It’stemptingwhenyou’resettingupanetworktoskiptheplanningstepand justbuythepiecesyouthinkyouneedandplugthemalltogether.Resistthat temptation! Thefirsttaskyoushouldperformwhencontemplatingcreatinganewnetwork ormakingamajorchangetoanexistingnetworkistodrawanetworkdiagram, whichisapictureofhowyouexpectallthepiecesofyournetworktofittogether. Puttingalittleeffortupfrontintoanetworkdiagramclarifiesexactlywhatyou needtobuy,revealsmistakesyoumightbeabouttomake,ensuresyouwon’t forgetsomeessentialpiece,andsmoothestheentireprocess. Don’tthinknetworkdiagramsarejustfornovices.Wehavefriendswhoinstall networksforaliving,andtheyalwaysmakeanetworkdiagramfirst.Themain differenceisthattheirnetworkdiagramsaregorgeous,whereasours(well,at leastAdam’s)lookliketheyweremadeforpreschoolartclass(thediagrams inthischaptercomecourtesyofprofessionalillustratorJeffTolbert).Luckily, noonewillgradeyouontheaestheticsofyournetworkdiagram—it’ssimply areferencetool. Onefinalwordbeforewediveintothestepsofcreatinganetworkdiagram:if youhaveadrawingprogramonyourcomputer,it’sbesttouseit,notsomuch becauseyourdiagramwilllookbetter,butbecausehavingthediagramasafile onyourharddiskmakesiteasytokeeparound.Ifyoudrawbyhandonpaper,
168
TheWirelessNetworkingStarterKit
makeanefforttofilethatpieceofpaperwhereyoucanfindit.Havingyour networkdiagramaroundlaterreducesyourworkifyouwanttomakeamajor changetothenetwork,andmoreimportant,itcanhelpintroubleshooting shouldsomethinggowrong. TIP TryMicrosoftVisioforWindows(www.microsoft.com/office/visio/),orfor MacOSXtryConceptDraw(www.conceptdraw.com)orOmniGraffle(www. omnigroup.com/applications/omnigraffle/)ifyouwanttocreateprofessionaldrawingsthathavesomesmarts:asyoumoveobjectsaroundina networkdiagram,theconnectionsbetweenthemmoveautomatically.
DrawingaNetworkDiagram Considerthefollowingsituation,which,althoughinvented,isbynomeans exaggerated.AmandaandBobQuigglebothworkathome,sheasafreelance bookkeeperandheasaprogrammer.Amanda’saccountingprogramsrunon adesktopPC,whileBobwritesandtestscodeonaPowerMacG4,adesktop PC,andanAppleiBook.Theyhavethreechildren,Sam,Chloe,andNick, eachofwhomhasacomputer.AlthoughSamisafreshmanatcollege,helives athomeandhasaPClaptopthatheusesconstantly,whereasChloeandNick arestillingradeschoolanduseanolderMacintoshQuadraandaPowerMac handeddownfromtheirfathertodohomeworkandplaygames. TheQuiggleshavejustmovedintoanewhouse,andtheywanttonetworkall theircomputerstoshareacable-modemInternetconnectionandtheirtwo printers,acolorUSBprinterattachedtoBob’sdesktopPCandanelderly, LocalTalk-basedLaserWriter.Theywanttheirlaptopstoconnecttoawireless network,andbothBob’siBookandSam’slaptopPChavewirelessnetwork adapters.Thefamily’sdesktopcomputerswillneedtoconnecttooneanother viaEthernet,althoughChloe’sandNick’sMacsaren’tanywherenearBob’s PowerMacanddesktopPC,soanadditionalhubwillbenecessary. ThemajoroddityisAmanda’sPC,which,becauseofbeinginherotherwise inaccessiblebasementoffice,willconnecttotherestofthenetworkviaHomePlug bridges.ShethoughtaboutinstallingaHomePlugnetworkadapterinherPC, butshewantedtoleaveopenthepossibilityofconnectingadditionalcomputers withoutbeingforcedtobuyadditionalHomePlughardware. TheQuigglesdecidedtobemodernanduse802.11g,thefastercompatible flavorofWi-Fi,becausealltheirdesktopsandlaptopsalsohave100Mbps wiredEthernetbuilt-in,andtheyplaygames,streamaudio,andtransferfiles overtheirhomenetwork.
Chapter15 | PlanningYourWirelessNetwork
NOTE Inaccessibleroomsarecommoninhouses.Glennhelpedafriendsetupa networkinhisthree-storyhouse,andtheyfoundanimpenetrablebarrierat theground-floorkitchen.Signalstrengthwasfinetothatpoint,evenwith theaccesspointonthetopfloor(wherethecablemodemwaslocated).Step throughthekitchen’sentrance,however,andthesignaldisappeared.
Doesthatseemlikealottokeepinyourhead?Good,becauseit’sexactlyhow networkingintherealworldworks.Fortunately,anetworkdiagrammakesit easytoseeataglancehoweverythingshouldgotogether. YournetworkwillundoubtedlylookdifferentthantheQuiggles’network,but theirnetworkdiagramshouldgiveyouanideaofwhat’sinvolved.Don’tfeel theneedtodrawanythingfancierthanlabeledboxes,though,andthat’swhat we’llassumeyou’redrawingintheinstructions. Ifyou’resketchingthenetworkonpaper,werecommendreadingthroughthese instructionsbeforestartingsoyouhaveanideaofwheretoleavetheappropriate amountoffreespacebeforeyoustart.Weprovidethefinisheddiagramfirst, soyoucanseehowitallcomestogether(Figure15.1). NOTE We’renotattemptingtooverlaythisnetworkonapictureoftheirhouse—that levelofdetailissimplyunnecessaryandcan,infact,causeconfusionbecause thephysicalpositionofthecomputersmayhavenorelationshiptowherethey fitintothenetwork.
1. Foreachhuborwirelessgateway(which,aswenoteinAppendixA,
NetworkingBasics,isessentiallyahub),drawasmallrectangularbox(Figure 15.2).Leaveplentyofroomaroundeachbox.TheQuiggles’networkwill needfourhub-likedevices—twowiredhubsandawirelessaccesspoint withawiredhubbuiltin—butsincetheirwirelessgatewaycombinesboth anaccesspointandanormalhub,wedrawonlythreedevices. 2. Neareachofthehubboxes,drawsquaresthatrepresenteachcomputer,
andnexttoeachsquare,writethenameofthecomputersoyoucantell whichsquaregoeswithwhichcomputer(Figure15.3).Ifyouhaveadevice likeawirelessgatewaythatcombinesawiredandwirelesshub,drawthe computersthatwillconnectviawiresononesideoftheaccesspointand thecomputersthatwillconnectwirelesslyontheotherside.Drawthem ondifferentsidestoorganizethemseparatelyonthediagram. 3. Ifyouhaveaprinterthatyouwanttoshareviathenetwork,drawanoval
(Figure15.4).Wheretopositiontheprinterdependsontheprintertype.
169
170
TheWirelessNetworkingStarterKit Figure15.1 Thecompleted diagram.
Chapter15 | PlanningYourWirelessNetwork
Figure15.2 Startbydrawing thenetworkhubs.
Figure15.3 Addinthe computersonthe network.
Ifit’saUSBprinterconnectedtoacomputerthatsharesitonthenetwork, drawtheprinternearthatcomputer’ssquareandconnectitwithasquiggly linetoindicatethatthey’reconnectedinsomewayotherthanEthernet. Ifit’sanetworkdeviceinitsownrightthatwillplugintoahub,drawit nearthehubinquestion.Iftheprinterusesanetworkingtechnologylike LocalTalkthatrequiresabridgetoconnecttoyournetwork,drawthe printeratthesideofthehubitwilleventuallyconnectto,andbetween theprinterandthehub,drawasmallarchtorepresentthebridge.The QuiggleshaveaUSBprinterandanold,LocalTalk-basedLaserWriter, sowedrawtheminFigure15.4,connectingtheLaserWritertoitsbridge withasquigglyline. 4. Offtothesideofthepage,roughlynearthedeviceyouplantouseasyour
gateway,drawacloudshapetorepresenttheInternet.Thendrawasmall
171
172
TheWirelessNetworkingStarterKit Figure15.4 Next,drawthe printersandtheir connectingcables.
circletorepresentthecablemodem,DSLmodem,orwhateverdevice connectsyournetworktotheInternet.Labelitappropriately,aswe’ve donewiththeQuiggles’cablemodem(Figure15.5). Figure15.5 Expandthediagram byaddingthe Internetandthe devicethatyouuse toconnecttoit.
TIP SomecableorDSLmodemscanconnectdirectlytoanyEthernethub,but others,mostnotablythosefromthelarge,cableISPRoadRunner,mustconnect directlytoagatewaydeviceoracomputer,asshownhere.
5. If,likeAmanda,youneedtoconnectacomputertotherestofthenetwork
usingHomePlugbridges,drawasmallarchforeachbridge,anddrawa squigglylinebetweenthebridgestoshowtheconnection(Figure15.6). 6. Lastly,connectallthewiredcomputerstotheirhubswithsolidlinesthat
representEthernetcables,andconnectallthewirelesscomputerstotheir accesspointswithdashedlines(Figure15.1,earlierinthischapter).
Chapter15 | PlanningYourWirelessNetwork
Figure15.6 Showanynecessary bridges.
NOTE It’sentirelypossibleforacomputertohavetwonetworkadapters,onefor wiredEthernetandoneforwirelessEthernet,andtoswitchbetweenthem dependingonthesituation.Ifthat’sthecase,drawthecomputerbetweenthe appropriatehubs,andconnectitwithbothasolidandadashedline.Bob’s iBookfallsintothiscategoryinoursamplenetwork.
That’sit!Thebeautyofanetworkdiagramisthatyoucanuseittodetermine thenexttwostepsinactuallycreatingyournetwork:compilingyourshopping listandconfiguringyournetwork.
ShoppingandConfiguring Tocreateyourshoppinglist,firstlookatyournetworkdiagramanddetermine whatnetworkdevicesyou’llneedtobuy.Forinstance,theQuiggleswillneeda wireless802.11ggateway,aLocalTalk-to-EthernetbridgefortheirLaser-Writer, apairof10/100MbpsEthernethubs,andapairofHomePlugEthernetbridges. Thenlookateachcomputeranddetermineifyouneedtobuyanetworkadapter forit,andifitwillbeconnectingviawiredEthernet,ifyou’llneedacable.You mayhavesomeofthehardwareandcablesalready,butmakesureanyexisting cablesarelongenoughtoreachbetweenthedesiredlocations.It’sfaster,easier, andcheaperifyoucanordereverythingyouneedatthesametime,ratherthan piecingthenetworktogetherslowlyasyoufigureoutwhatcomesnext. TIP Takeourwordontheutilityofplanningbeforeyoubuyandconfigure equipment—becauseofwantingtosharetwoInternetconnectionsamong allhiscomputers,Adamsetupaparticularlycomplicatednetworkwhenhe movedintohiscurrenthouse.Sincethediagramforhisnetworkwassocomplex, andbecausehewasswappingdifferentdevicesinandout,hewentforthe evolutionaryprocess.Althoughitworkedoutfine,ittookmonthstofinish.
173
174
TheWirelessNetworkingStarterKit
Onceyouhaveallthepieces,it’stimetoconnectthewiresandconfigureyour computersanddevices.Gothrougheachitemonthediagramagain,andconnect themtooneanotheraccordingtothediagram.Thenconfigureyourwireless gateway,withoutwhichtherestofthenetworkisunlikelytoworkproperly. (InstructionsandadviceforconfiguringyourgatewaycomeinChapter17, SettingupaGateway.)
LocatingAccessPoints Wesaidearlierthatthere’snopointinoverlayinganetworkdiagramontopofapictureof yourhouseorofficebecauseitmakesthediagramunnecessarilycomplicated.That’strue, butyoudoneedtotranslateittoyourhouseor officeatsomepoint.Thisprocessrequiresfew resources,butgearborrowedfromafriendcan helpyoumakesmartpurchasingdecisions. Fornetworksinwhichalldevicesarewithin lineofsightofanaccesspoint,youmightnot needtogivethestructureofthenetworkany thoughtatall:justplugeverythinginandit works.Butformorecomplicatedsituationsin which,forinstance,yournetworkmightcross severalwallsandfloors,orrunseveralhundred feet,planningiscritical. Startwithawalkingtourofthelocation.
• Ifyourlocationisahouse,berealisticabout
whereyoumightwanttowork.Willyou reallyworkinahammockinthebackyard? AreyouusingonlydesktopPCs?Ifyou’re aReplayTVuser,wouldyouwanttoadd awirelessEthernetadaptertoavoiddrillingholesandrunningalongwirethrough severalwallstoyourEthernetswitch?
• Ifyourlocationisanofficebuilding,think
abouttheinteriorwallsandthedensityof users.Howmuchdistance,withandwithout
walls,willthenetworkneedtocover?Can youaddanaccesspointtothenetworkwith existingwiredconnections,orwillyouneed topullwireorsetupbridges?
• Alsothinkaboutmultiplesites.Mightyou
wanttoconnectyournetworktoothers, perhapsindifferentofficesuitesorbuildings,oreveninyourneighbor’shouse?
Mostsmallersitesneedonlyasingleaccess point,butonceyouintroducedistanceor walls—especiallybrickwalls,whichcanabsorbwaterandthusabsorbWi-Fisignals—you mustconsiderthepossibilityofneedingmultipleaccesspointsacrossyournetwork. Here’showborrowedequipmentcanhelp:plug anaccesspointintoalikelylocation,andthen walkaroundwithawireless-enabledlaptop whilewatchingthesignalstrengthindicator inyourwirelessnetworkclientsoftware.With stumblingtools,youcanalsoseeanindicationofsignalstrengthasyouwalkaround (see“StumblingontoWi-Fi,”Chapter25, PreventingAccesstoYourNetwork,formoreon thesetools).Iftheinitialaccesspointlocation doesn’tprovidethecoverageyouwant,move itandrepeattheprocessofmappingsignal strengthuntilyoufindtheideallocationfor theaccesspoint.
Chapter15 | PlanningYourWirelessNetwork
Afteryouhaveyourgatewayworking,configureeachcomputertoaccess theInternetthroughyourgateway.Forthat,referbacktotheappropriate chapterinSectionII,ConnectingYourComputer.Settingupfilesharingis next,followedbyensuringthateachoftheothercomputerscanconnecttothe filesharingmachines.Ifyouhaveprintersthatyouwanttoshare,makesure they’resetuptobeshared,andconfigureallthecomputerssotheycanprint tothesharedprinters.Ifyouhavetrouble,refertoChapter14,Troubleshooting YourConnection,andChapter23,TroubleshootingYourWirelessNetwork,for troubleshootingadvice. TIP Inourexperience,connectingtotheInternetiseasy,whereasgettingshared printersworkingrequiresmoretrialanderrorinvolvingdriverinstallation andotherunpleasanttasks.Luckily,evenifittakessometimetosharethe printersproperly,youcanusuallyprintfromacomputerdirectlyconnected totheprinterinquestion.
MultipleAccessPoints Ifyournetworkneedsmultipleaccesspointsto reachmorelocationsorusers,someadditional planningandconfigurationisinorder:
• Don’tassumeyoucanmixandmatchac-
cesspoints.Itmightwork,buttheonlysafe approachistoverifythataspecificaccess pointsupportsroamingandbuymultiple unitsofthataccesspoint.Forinstance,we knowApple’soriginalAirPortBaseStationsupportsroamingwithnotrouble, but the Asanté FR1004AL does not (particularlywhenpairedwithaLinksys BEFW11S4).
• Makesureyouhaveelectricalpowertoeach
locationwhereyouwanttoaddanaccess point.YoucanalsousePoweroverEthernet (PoE),awayofputtingDCpowerintoa modifiedEthernetcable.Youcouldmake thesecablesyourselfwithadvicefound onlineorinRobFlickenger’sbookWire-
lessHacks,butit’smucheasiertopurchase prefabricatedcablesandadaptersfromonlinesourceslikeHyperLinkTechnologies (www.hyperlinktech.com)orMacWireless (www.macwireless.com ).PoEallowsyou toavoidrunningelectricitytorooftopsor hard-to-reachplaces.(Solarpowercanalso beanoptionforoutsideinstallations!)
• Connectalltheaccesspointstoacommon
networkusingEthernetcablesorwireless bridges.AlltheaccesspointsneedthisinterconnectiontoallowaccesstotheInternet fromanyclientanywhereonthenetwork. (WetalkaboutwirelessbridginginChapter 20,BridgingWirelessNetworks.)
• Nameeachaccesspointusingthesame
SSIDornetworkname.TheSSIDisthe identifierthatclientsusetoassociatewith anaccesspoint;agroupofaccesspointswith (continuedonnextpage)
175
176
TheWirelessNetworkingStarterKit
MultipleAccessPoints(continued) thesameSSIDaresaidtohaveanESSIDor ExtendedServiceSetIdentifier.Innetworks withtwoormoreaccesspoints,aslongas alltheaccesspointssharethesamename,a clienttypicallyconnectstowhicheverunit hasthemostsignalstrength.
• Choosenon-overlappingchannelsforad-
jacentaccesspoints.Channels1,6,and11 havenooverlappingfrequenciesfor802.11b and802.11g:youcouldstackthreeaccess pointswiththosechannelsontopofeach other,andtheywouldworkjustfine.Which ofthethreechannelsyouchooseforeach pointisirrelevant,aslongasthey’redifferent (Figure15.7).Twosidenotes:first,outside theU.S.,channels1,6,and11maynotall beavailableforlegaluse,oryoumighthave channels1through14available;second,if you’reworkingwith802.11a,youhaveeight indoornon-overlappingchannels.
• EnableDHCPserviceonjustoneofthe
accesspoints.MostDHCPserverscan (asanoption)bridgeDHCPserviceonto thewirednetworktowhichtheyconnect aswellasprovideaddressestowireless clients.There’snoadvantagetorunning DHCPserversoneveryaccesspoint,and havingmultipleDHCPserverscancause confusion.UsingasingleDHCPserver withNATenabledcreatesasingle,local privatenetwork. Figure15.7 Laying outnonoverlapping channels.
Differentchannels preventinterference inoverlappingareas.
1 11
6
16
BuyingaWirelessGateway
InWi-Fiterms,anaccesspointisjustthehardwareandbuilt-insoftwarethat enableswirelessadapterstoconnectandexchangedata.Butanaccesspointisn’t veryusefulunlessyou’reusingitonanetworkthatalreadyhasresourcesinstalled thatshareconnections,restrictaccess,andhandleamyriadoftinydetails. Whereasinstitutionalnetworksoftenhaveserversforeachofthesetasksand more,homeusersandsmallofficescanrelyinsteadonawirelessgateway, sometimescalledahomegatewayorwirelessrouter,whichdoesn’tdojusticeto mostofthesedevices’hiddenpower. Awirelessgatewayisasinglepieceofequipmentthatprovidesallthefeatures ofafullWi-FiaccesspointaswellasassignsIPaddresses;protectslocal machines;preventsaccessbyoutsiders;andbridgestrafficacrosswired,wireless, andbroadbandconnections.Manywirelessgatewaysofferfeaturessufficient fornetworksofupto50users. Let’sexaminethecommonfeaturesfoundinwirelessgatewaysandwhatyou needtoconsiderbeforebuyingone. NOTE Weusuallydon’trecommendspecificmodelswhentalkingabouteachof thesefeaturesbecauseequipmentanditsinternalsoftwareisupdatedso frequentlythatoursuggestionswouldbeoutofdatebythetimethisbook appearsinprint.
NOTE Allthenetworkprotocolsandservicesmentionedhere,likeDHCP,NAT,PPPoE, andAppleTalk,arecoveredinmoredetailinAppendixA,NetworkingBasics.
178
TheWirelessNetworkingStarterKit
NOTE Inexpensiveaccesspoints,suchastheLinksysWAP54G,lackanygateway features.They’redesignedtoextendanetwork’srangeandrelyonthe networkingfeaturesinagateway(theycanalsobeusefulforprovidingjust wirelessconnectivityinalarger,existingwirednetwork).Ifyoutrytousetwo wirelessgatewaysonthesamenetwork,youmustusuallyturnoffallthe gatewayfeaturesinonedevicetoavoidconflictingservices.
HardwareOptions BecauseWi-FiissouniformlycompatibleamongdevicessportingaWi-Fi label,yourhardwareoptionstendtobefew,butcritical:whattypeofWi-Fi doyouwant,whatdoyouwanttoplugintoyourgateway,andhowwill youextendyournetwork?Thesechoicesareimportantbecauseinexpensive networkinghardwarecanalmostalwaysbeupgradedonlybyswappingin newequipment. TIP Ontheplusside,mostofthishardwareissufficientlycheapthesedays, soswitchingtoanewwirelessgatewaydoesn’tinvolveamajorfinancial investment.
SpeedandCompatibility Theoldstandbyis802.11b,theoriginalWi-Fiflavor.Gatewaysthatwork withjustthisstandardhavebecomecheapersincetheintroductionof802.11g. Ifyou’reusingonlyolderequipmentthatalreadyhas802.11bbuilt-in,ifyou havenoneedtomovealotofdataaroundyournetwork,andifyouhavea broadbandconnectionslowerthan3Mbps,buyingawirelessgatewaythat supportsafasterstandardlike802.11gwon’tprovideanybenefits. Ifyouplantomovelargeamountsofdataaroundyournetwork(network backupsareacommonexample),orifyoualreadyhavean802.11gadapter, thenyoushouldspendasmallamountmoreandbuyan802.11g-basedgateway. Rememberthatbecause802.11gisbackwardcompatiblewith802.11b,youcan stilluseolderequipmentwithit.Ifyouwindupusingonly802.11ggear,many gatewaysletyouturnoffbackwardcompatibilityintheinterestofspeed. While802.11aoperatesasfastas802.11g,onlycorporationsandafewuniversities seemtohavedeployedit.It’snotaterriblechoiceforastandalonenetwork thathasnovisitors,asit’sresistanttothekindofinterferenceyoumightfind inthehomeorworkplace,includingmicrowaveovensandcordlessphones. However,802.11aequipmenttendstobemoreexpensiveandmoreoriented towardsinformationtechnologyprofessionals.
Chapter16 | BuyingaWirelessGateway
Ifyouthinkyoumighthaveamixofvisitorsorlocaluserswhocouldcome bearing802.11a-or802.11b/g-compatiblelaptops,acombinationgateway mightbeanidealsolution.Manymanufacturersoffergatewaysthatcanwork withaandborb/gatthesametime.However,theseoftencosttwiceasmuch asagatewaythatsupportsonlyoneoftheWi-Fiflavors. NOTE Ifyouwanttouse802.11aathomeorintheofficewhilebeingableto connectwith802.11b/gnetworksontheroad,analternatechoicewould betodeployjust802.11agateways,butpurchaseacombination802.11a/b oreven802.11a/b/gnetworkadapter,whichcostsonlyslightlymorethana single-modeadapter.
Pointstoconsiderwhenbuying:Buythefastestaccesspointyoucanafford thatsupportsthestandardsyouneed.Theamountofdatayou’llsendaround anetworkwillonlyincreaseovertime.
AntennaJack Many,butbynomeansall,wirelessgatewaysoffereitheranantennajackor removabledipoleantennasthatcanbereplacedbyahighergainantenna.You mightwanttoaddasmallantennatoincreasesignalstrengthandcoverage areawithinyourhomeoroffice,or,ifyouwanttonetworkbetweenseparate buildings,anantennawilllikelybenecessarytodistributethesignaltoother remoteaccesspoints. TIP Justbecauseawirelessgatewayhasavisibleantennadoesn’tmeanthatyou cannecessarilyremoveitandreplaceitwithonethathashighergain.Make sureyoucanbuyacompatibleantennaorpigtail(aconvertercable)before buyingagivengateway.
TheFCCrequireseverywirelessmanufacturertouseadifferentconnectortype toreducethechancethatnoviceswillcombineanaccesspointwithapowerful antennainsuchawayastoexceedlegalsignalstrengthlimits.Asaresult,it’s ofteneasiesttobuyantennasfromthemakerofyourwirelessgateway,although somecompanies,likeHyperLinkTechnologies(www.hyperlinktech.com),offer productswithavarietyofconnectortypes. Formoreinformationaboutantennatypes,necessarycables,andaddingan antennatoawirelessgateway,seeChapter21,IndoorAntennaBasics,and Chapter34,Long-RangeAntennaBasics.
179
180
TheWirelessNetworkingStarterKit
NOTE Mostlong-rangewirelessInternetconnectionsconnecttoawirelessclient (likeawirelessEthernetbridge)onyourend,andmostwirelessgateways can’toperateinclientmode.Soyouwouldn’taddanantennatoawireless gatewaytoestablishalong-rangewirelessInternetconnection,thoughyou wouldtoextendtherangeofyourownnetwork.
Pointstoconsiderwhenbuying:Ifyoubelieveyoumightneedtoincreasethe coverageareaofyourwirelessgatewayorifyouplantosetupmultipleaccess pointsinfar-flungbuildings,makesuretobuyagatewaytowhichyoucan addanexternalantenna.
Ethernet AgatewaymusthaveatleasttwoEthernetports:onefortheWANconnection toabroadbandmodem,andoneormorefortheLANconnection,eitherto connectcomputersdirectlyortoconnecttoahub. Mostnewergatewaysofferafull100MbpsconnectionontheWANport, eventhoughtherearefewwaystobringmorebandwidththan10Mbpsinto thehomeoroffice,becauseyoumightconnectyourgatewaytoaswitchand notdirectlytoaDSLorcablemodem. TheLANEthernetportscanacteitherasahuborasaswitch,andmostare switches.Ahubisapoolofsharedbandwidth,whereasaswitchseparatestraffic, allowingeachporttohavethefullavailablebandwidth.Thisdistinctionis importantifyourlocalnetworkoftenhasalotoftraffic,asisthecasewithan activefileserverorevenjustanetworkbackupprogramthattransfersgigabytes ofdatawhenperformingfullbackups. TheLANEthernetportsarenormally10/100Mbpsauto-switchingports. (Auto-switchingletstheportdetermineiftheconnecteddevicesupports10 Mbps10Base-Tor100MbpsFastEthernet.)Mostgatewayswithmultiple LANportsalsoofferatleastoneportthatcanworkasanuplinkconnection, whichisawaytoconnecttoanotherhuborswitchwithoutaspecialcable. Someevenautomaticallysensethecabletype,avoidingtheneedforanuplink portortoggleswitch. Gatewaysalsomaketheirnetworkservices—DHCP,NAT,andfirewall features—availabletocomputersconnectedtotheLANports,justlikeany computersconnectedwirelessly.Somegatewaysofferanoptionthatletsyou turnoffthesefeaturesontheLANside.Lookforacheckboxlabeled“Bridging DHCP”orsomethingsimilar.
Chapter16 | BuyingaWirelessGateway
Pointstoconsiderwhenbuying:Eventhemostwire-freewirelessnetworkwill likelywindupwithoneortwowireddevices,andeventhecheapestgateways includeoneormoreLANEthernetports.Ifperformanceonthewiredside isimportant,makesurethegatewayoffersaswitchratherthanjustapassive hub.
Modem NoteveryoneissofortunateastohavebroadbandInternetaccess,andfor thoseofyourelyingondial-upaccesstoreachtherestoftheworld,agateway withabuilt-inmodemisagodsend.Afewaccesspointssporteitherabuilt-in “56K”modemoranRS-232Cserialportintowhichyoucanpluganexternal modemorISDNmodem. Wedon’tknowofanymodem-equippedgatewaysthatsupportthenewerV.92 modemstandard,whichhasoptionsforfasterconnections,sensingincoming voicecalls,andsuspendingcalls.Still,keepyoureyespeeled,asit’slikelythat V.92willbecomemorecommonlysupportedintime. TIP Becauseyoucanshareadial-upconnectionthroughanaccesspoint,Glenn intendstocarryanaccesspointtohisin-laws’housethisholidayseasonto avoidhavingtoplugandunplugtelephonecablesfrequently,andsohecan workonthe(warmer)groundfloorofthehouse!
NOTE Aswithallothermodems,the“56K”modemsinwirelessgatewayscanreceive dataonlyatuptojustabove50Kbps,andthatlevelofperformanceisunlikely inreal-worldconditionswherephonelinesaren’tperfect.Plus,“56K”modems senddataatonly33.6Kbps.
Pointstoconsiderwhenbuying:IfyoueverneedtoaccesstheInternetviaa dial-upconnection,findagatewaywithamodemorserialport.Ifithasa serialport,verifywiththemanufacturerwhichmodemsworkwithit;there’s usuallyalonglistonthemaker’sWebsite.
ConfigurationInterfaces MostgatewaysofferaWeb-basedinterfaceforconfiguringsettings,rebooting thedevice,andinstallingfirmwareupdates.(Firmwareisthegateway’sbuilt-in software.)AfewgatewaysrequireproprietaryMacintoshorWindowssoftware tomanagethem,limitingtheirmarketsbutmakingthemeasiertoconfigure fromthoseplatforms.
181
182
TheWirelessNetworkingStarterKit
Linksys,forone,requiresaWindows-onlyprogramthathuntsdownthe defaultshippingIPaddressofagatewayinordertoconnecttoit,afterwhich youcanconfigureitentirelyviaaWeb-basedinterface.Weprovideinstructions inChapter17,SettingupaGateway,onhowtobypassthisprograminfavor ofLinksys’sWebinterface. SomeWeb-basedgatewaysuseWindowstoolsforfirmwareupgradesorhave limitationsthatunnecessarilypreventWeb-basedtoolsfromperformingupgrades underLinuxorMacOS. Pointstoconsiderwhenbuying:MacandLinuxusersmusteithermake surethegatewaythey’reconsideringcanbeentirelyconfiguredfromthose platforms,ormakesuretheyhaveaccesstoaWindowsmachineforatleast initialconfiguration.
NetworkServices Networkservicesarefeaturesthatthewirelessgatewayoffersforindividual computersorthenetworkasawhole.Gatewaysalwaysofferavarietyofthese services,whichincludesharingaconnectionamongmultiplemachines,routing specialprotocols,andmore.
DHCPServer Allgateways,practicallybydefinition,includeaDHCP(DynamicHost ConfigurationProtocol)serverthatprovidesIPaddressestocomputersand otherdevicesonthelocalareanetwork.TheseDHCPserversalmostalways workinbridgemodeaswell,whichenablesthemtoprovideDHCPservice tobothwiredandwirelessclients. SomegatewayslimithowyoucanconfigureaDHCPserver.Forinstance, theLinksysWRT54G,apopularmodel,canbeconfiguredtoprovideupto acertainnumberofaddressesbeginningataspecificIPaddressonthelocal network.Ifyouhavethreecomputersonthenetwork192.168.1.0,youcan haveyourDHCPserverhandoutuptofiveDHCPaddresses(whichmight benecessary,forinstance,ifyouhavethreecomputersinuse,andthentwo guestswiththeirownlaptopsvisitandwishtoconnecttotheInternet)from 192.168.1.10through192.168.1.14. Unfortunately,noneoftheDHCPserversinthemodestlypricedgatewayswe’ve seenofferausefuloption:linkingaparticularIPaddresstoanetworkadapter’s MAC(MediaAccessControl,notMacintosh)address,whichisuniquefor everyEthernetandWi-Fiadapter.Thisoptioncanprovehelpfulwhenyouwant
Chapter16 | BuyingaWirelessGateway
toconnecttoaspecificcomputerviafilesharing.WithlinkedIPandMAC addresses,youcanknow,forinstance,thatyouriBookisalways192.168.1.10 andyourWindows2000boxis192.168.1.11withouthavingtocheckwhatIP addressthey’vemostrecentlyreceivedfromtheDHCPserver. HavingtheDHCPserverassignthesameIPaddresstoaparticularcomputer isalsousefulincombinationwithportforwardingortriggerservices(see laterinthischapter).Wehopethisoptionwillappearinmoregatewaysin thefuture. TIP YoucanworkaroundtheproblemofIPaddresseschangingbysettingthe DHCPleasetimetothelongestpossibleperiodinsomecasesandtozeroin others.Theleasetimeisthelengthoftimebeforewhichacomputermust obtainanotherIPaddressfromtheDHCPserverorrenewtheexistingaddress. Alongorinfiniteleasetimecanoftenensurethatamachinekeepsthesame IPaddress.
TIP ThosewiththetechnicalchopsandinterestcanruntheirownDHCPservers underMacOSX,Linux,Unix,andmanyflavorsofWindows(rememberto turnofftheDHCPserverinyourwirelessgatewayifyoudothis).Whenyou runyourownDHCPserver,youcansetoptionsthatallowdirectlyconnecting aMACaddresswithanIPaddress.
Pointstoconsiderwhenbuying:Ifthegatewaydoesn’thaveaDHCPserver, don’tbuyit:it’snotagateway,butratheranaccesspointthatlacksnetwork servicesyouneed.
NAT GatewaysalsobytheirnaturesupportNAT(NetworkAddressTranslation), anetworkservicethatmakesitpossibletoshareasingleIPaddresswith manycomputers.NATandDHCPworkhandinhand:DHCPassignsprivate addressesthatcan’tbereachedfromtheInternettolocalcomputers,andNAT thenreroutesincomingandoutgoingtraffictothecorrectmachines.Sinceonly theIPaddressofthegatewayisvisibletotheoutsideworld,NATprovidesan extralevelofsecurity. NATserverscanbeconfiguredinseveralways,butmostgatewayslack sophisticationinthisarea.Atbest,youcanspecifyonlythemaximumnumber ofaddressesthataDHCPservercanoffer. NATisparticularlyhelpfulforhomeusersbecausemostbroadbandISPsoffer justasingleIPaddressattheirlowestmonthlyrate.Ironically,manyconsumer
183
184
TheWirelessNetworkingStarterKit
DSLandcableISPsuseNATthemselves:thesingleaddresstheyassignto youisitselfaprivateaddressinsidetheISP’snetwork.NestedNATcancause problemswithsomesoftware,butincreasinglycompaniesarelearningtocope withmultiplelevelsofNAT.It’sjusthowtheInternetworksthesedays. Pointstoconsiderwhenbuying:IfyouneedtoshareasingleIPaddress,you needaNATserver.EvenifyourISPprovidesyouwithanumberofaddresses, youmaywantagatewaywithNATforadditionalsecurity.
SpecialProtocols Differentoperatingsystemshavedifferentproprietaryprotocolsforcommunicating amongfileserversandprinters.WhereasTCP/IPisauniversallanguage,these otherprotocolsrequiresomerepackaging.EverygatewaysupportsTCP/IP,but notallofthemworkwithproprietaryprotocolslikeMicrosoft’sNetBEUI. EvenlesscommoniscompletesupportforApple’sAppleTalk,whichcanstillbe usefulwhencommunicatingwitholderMacsorAppleprinters.Eventhough mostgatewayspassAppleTalkproperlyamongwiredcomputersoramong wirelesscomputers,mostgatewaysdon’tbridgeAppleTalkbetweenwiredand wirelesscomputers.Whenbuyingagateway,lackofsupportfortheprotocols youneedisashowstopper. Pointstoconsiderwhenbuying:Checkthenetworkingprotocolsyouuse—and it’slikelythatyouuseonlyTCP/IP—andthenconfirmthatthegateway supportsallofthem.AppleTalk,inparticular,issupportedbyonlyaveryfew gatewaysfromMac-savvycompanieslikeAsantéandProxim(andApple,of course),butunlessyouhaveolderMacsorAppleprinterstowhichyouwant toconnect,AppleTalksupportisn’timportant.
DynamicDNS NormalDNS(DomainNameService)mapsdomainnamestothepermanent IPaddressesofcomputersthatactasInternetservers.Thismappingallows peopletoconnecttoserversusingjustthedomainnames,withoutevenknowing thecrypticIPaddresses.ButifyourISPprovidesonlyadynamicIPaddress andyoustillwanttorunaserverthatpeopleontheInternetcanfind,youneed dynamicDNS.DynamicDNSallowscomputersthathaveIPaddressesthat changetobefoundthroughanunchangingdomainname.Eachtimeyour computer’sIPaddresschanges—whenitconnectstotheInternet,forexample, oritsDHCPleasetimerunsout—asmallprogramtriggersaDNSserverto resetthedomainnametopointtoyourcomputer’snewIPaddress.(Youcan alsotriggerthischangemanuallythroughaWebsite.)Formoreinformation aboutdynamicDNS,visitwww.technopagan.org/dynamic/.
Chapter16 | BuyingaWirelessGateway
Afewgatewaymanufacturershaverecentlyincorporatedthisfeaturedirectly intotheirfirmware,eliminatingtheneedforadditionalsoftware.Forinstance, severalmodelsofD-Linkgatewayshaveaconfigurationoptiontoenteradynamic DNSprovider(http://support.dlink.com/faq/view.asp?prod_id=1280). IfyoucoupledynamicDNSwithportforwarding(discussedlaterinthis chapter),youcanmaintainapermanentWebsiteevenwithanISP-assigned dynamicIPaddressandnetworkaddresstranslation! Pointstoconsiderwhenbuying:Ifyouwantapermanenthostaddress(likewwwadam.dyndns.org),you’llfinditeasiertouseagatewaythatsupportsdynamic DNSinternallythantouseseparatedynamicDNSsoftware.
SecurityandFilters Youcansecureyournetworktopreventmalefactorsfromstealingpasswords, snoopingthroughyourtraffic,oreventakingoveryourcomputers.Forsignificantly moredetaileddiscussionsofsecurity,readSectionIV,WirelessSecurity.
Firewall Firewallsaredesignedtoblockmalevolenttrafficthatmightendangerthe computersonyournetwork.Theyworkbyexamininginboundtraffictosee whetheritmeetscertainpatternsorisaimedatvulnerableresources.Traffic thatmatchesthepresetpatternsisdroppedsoitdoesn’treachitsdestination, andsomefirewallskeeparunninglogofwhattheydetectsoyoucantellifthe firewallisworkingproperly. Mostgatewaysofferfirewallfeaturesthatletyoufilterspecifiedkindsof traffic,likethataimedforagivenInternetservice.Afewcanfilterinboth directions.Mostofthesefirewallsaresimple,enablingyouonlytolimiteither allunsolicitedincomingtrafficthat’snotinresponsetoanoutgoingrequest youmadeorspecificInternetservices,likeFTP. BecausemanygatewaysalsoincludemultipleEthernetports,youcancreatea firewallnotjustbetweenyourbroadbandInternetconnection—connectedto theWANport—andyourwirelesscomputersanddevices,butalsobetween thewirelessnetworkandanymachinesconnectedtotheLANEthernetports onthegateway. Generally,puttingyourcomputersbehindNAT,turningoffunusedservices, andenablingthebuilt-infirewallcapabilitiesoneachcomputerrunningrecent versionsofcommonoperatingsystemscanprotectyouaswellasagateway firewall.(SeeChapter27,ProtectingYourSystems,formoreonfirewalls.)
185
186
TheWirelessNetworkingStarterKit
Pointstoconsiderwhenbuying:Afirewallinagatewaycanhelpprotectyour network,whilestillallowingfullaccessforlegitimateusers.
PortForwardingandTriggers Ifyou’reusingNATorafirewall,itcanbetrickyforcomputersoutsideyour localnetworktoconnecttoyourcomputerswhenyouactivelywantthemto. Manygatewaysofferanoption—calledportforwarding,portmapping,passthrough,orpunch-through—toalleviatethisproblem. Portforwardingworksbyassociatingtrafficdestinedforaspecificporttoa computerontheinternalnetworkthatisn’totherwiseaccessiblefromtheoutside. Forexample,ifyouwanttorunapublicWebsiteononeofyourmachines,you cansetyourgatewaytoforwardtrafficarrivingatport80(theportreserved bydefaultforWebservers)onthestaticIPaddressassignedtothegatewayto port80ononeoftheprivateIPaddressesonthelocalnetwork. TIP Keepinmindthatgatewaysallowonlyaone-port-to-one-machinemapping: thatis,youcan’trunWebserversonmultiplelocalmachinesallatport80. Youcanworkaroundthislimitationbyconfiguringsoftwareonadedicated computerbehindthegateway,butyoumightbebetteroffusingadedicated Webhostingserviceinsteadofjury-riggingasolution.
NOTE Ifyouwanttoforwardallincomingtraffictoaspecificmachine,youcanusea broaderversionofportforwarding,calledDMZ(awildlyinappropriateuseof theterm“demilitarizedzone”)orvirtualserver.DMZletsyouexposeasingle machinetotheoutsideworld;it’sreachablejustasifitwereontheInternet, eventhoughNATistranslatingalltraffictoandfromit.
Gameplayersoftenrunintoarelatedproblem,whichisthatsomenetwork gamesrequireincomingtrafficonarangeofports.Thesolutionisafeature calledtriggers.Whenalocalmachinetriestoconnectoutonatriggerport,the gatewaynoticestheoutboundrequestandreconfiguresitselftoallowinbound traffictoarangeofportsbacktothatlocalmachine.Triggersthusallowfull interactivitywithmulti-playerInternetornetworkedgames.Ifyou’reagamer, searchonGoogle(www.google.com)forsetupinstructionsfordifferentgateways anddifferentgames.We’vealsonoticedthatmoreandmoregatewayshave specialgamersettingsforusewiththeXboxandotherconsolesthatcanbe turnedonwithasinglecheckbox. Pointstoconsiderwhenbuying:Ifyouwanttoexposecertainservicesoncertain machinesorwanttoplayInternet-basedgames,youneedagatewaythatsupports portforwardingandtriggersorhasspecialgamingsupport.
Chapter16 | BuyingaWirelessGateway
WEPandWPA Becauseanymachinethat’sintherangeofaWi-Finetworkcanviewall thetrafficpassingoverthenetwork,wirelessgatewaysfeatureencryption optionsthatpreventpassersbyfromeasilysniffingandextractingyourdata. Unfortunately,thefirststandardbuiltintoallgatewayswasdeeplyflawed;a newerstandardfixesitsflawsandreducestheefforttoturnthisencryptionon inthefirstplace.(WetalkabouttheflawsandfixesinChapter25,Preventing AccesstoYourNetwork.) WEP(WiredEquivalentPrivacy)istheoriginalstandard,andwedevote spacethroughoutthebooktocopingwithitsobscuresettingsandhexadecimal keys.AllolderadaptersandgatewayssupportWEP,eventhoughsome,like Apple’sAirPortandAirPortExtremesystems,maskthecomplexitywitha friendlierface. WhenusingWEP,youcanenteronetofourkeysinyourgatewaythatare usedtoencrypttraffic.Oneachwirelessclientthatwantstoconnecttothe gateway,youmustlikewiseenteratleastoneoftheseWEPkeys.(Someadapters supportuptofourkeys,too.) WEPcomesintwoforms:ashorterkeyformknownas40,56,or64bits(all ofwhichareactuallythesame)andalongerformcalled128bits;thedifference isinthelengthoftheencryptionkey.Alldevicesonanetworkmustusethe samekeylength. Fortunately,startinginmid-2003,WEPwasgraduallyreplacedwithWPA (Wi-FiProtectedAccess).WPAnotonlyaddressesWEP’snumerousproblems, butitalsosupportsasimplepasswordinterface:youcanenterjustoneplaintext passwordintothegatewayandusethesamepasswordonallyouradapters.We highlyrecommendbuyingonlynewequipmentthatsupportsWPAorpromises aWPAupdateinthenearfuture.Althougholderequipmentissupposedto beupgradeabletoWPA,wehaven’tyetseenasingleupgradeforanydevice thatcameoutbefore2003. AllWPA-capablegatewayscanhandleWEPjustfine.However,ifevena singleWEPdeviceisusedonaWPAnetwork,theentirenetworkreverts backtoWEP’sinadequacies. Pointstoconsiderwhenbuying:WEP’stimehascomeandgone;buyonly gatewaysthathandleWPAoutoftheboxorthatpromisesimplefirmware upgrades.
187
188
TheWirelessNetworkingStarterKit
VPN VPNs(virtualprivatenetworks)useend-to-endencryptiontomakesurethat trafficcan’tbesniffedorinterceptedinlegibleformbetweenauser’smachine andtheendpoint—aVPNserver—insideacompanynetwork.Therearetwo protocolsforVPNinwideuse:PPTP(Point-to-PointTunnelingProtocol) andIPsec(IPsecurity)overL2TP(Layer2TunnelingProtocol),commonly calledjustIPsec. IfyouneedtouseaVPNviayourgateway,makesurethegatewaycanpass theprotocolyourcompanyuses.Supportvarieswidelyandchangesconstantly. Manyconsumer-levelwirelessgatewaysdidn’tofferpass-throughIPsecsupport justayearago,butmostnowdobecauseofitsincreasinguse. Arelatedproblemisthatifyou’reusingNATtotranslatebetweenthegateway’s publicIPaddressandtheprivateaddressesofmachinesonyourlocalnetwork, youmayhavetroubleusingaVPN.Checkwithyourorganization’sHelpDesk toseeifithassuggestedconfigurationsthatworkaroundtheproblem. Pointstoconsiderwhenbuying:Ifyou’reusingaVPNtoconnecttoyourcompany’s internalnetwork,makesurethatthegatewayyoubuycanhandlethenecessary protocolandaskyourorganization’sHelpDeskforrecommendations.
NetworkAuthentication Forsmallofficeandinstitutionalnetworks,thesecurityoptionsofferedin consumer-levelwirelessgatewaysgenerallyaren’trobustandflexibleenough torestrictaccesstoawirelessnetworktoonlythosepeoplethatanetwork administratorwantstohaveaccess.Foranadditionallevelofsecurity, gatewaysmustsupportoneofseveralmethodsofrequiringthatuserslogin toawirelessnetworkusingstandardslikeLEAPfromCisco(Lightweight ExtensibleAuthenticationProtocol),RADIUS(theacronymnolongermeans anything),or802.1X/EAP. Foralltheseprotocols,thegatewayprovidesaconfigurationareathatenables youtoentertheinformationabouttheserverthathasuseraccountsstoredon it.Forinstance,theAirPortExtremeBaseStationhasatabinitsadvanced configurationthatallowsyoutopunchintherequisitedetails. Wetalkmoreaboutthesefeaturesandhowtobuildasimplenetworkemploying theminChapter22,SmallOfficeWi-FiNetworking.
Chapter16 | BuyingaWirelessGateway
ISPInteraction ManybroadbandISPsrequiresomekindofloginorauthenticationcheck tomakesureyou’reusingonlyasinglecomputeroronlyacomputerthat youregisteredwiththeISP.Inresponsetothisannoyingandunnecessary limitationmanygatewaymakershaveaddedfeaturesthatenableyoutoshare yourconnectionbysimulatingaspectsofasinglecomputer’sconnectiontothe broadbandprovider.
DHCPClient AlmostallgatewaysfeatureaDHCPclientthatcanrequestanIPaddressfrom abroadbandprovider’sDHCPserver.That’sgood,becausewithoutsupportfor pickingupanIPaddressviaDHCP,gatewayswouldn’tworkwithISPsthat handoutdynamicIPaddresses.OnceyourgatewayhasanIPaddress,itcan useNATtoprovideInternetaccesstotherestofyournetwork. TIP AdamoncehadtroubleconvincinganAsantéFR1004ALwirelessgatewayto holdontoaDHCP-assignedIPaddressfromhiscableISP.Aftermuchhair pulling,afirmwareupgradesolvedtheproblem.
SomeISPsusetheDHCPClientID,aproprietaryfieldaddedtoDHCPby Microsoftyearsago,andnowsupportedbyeveryoneforparity.TheClient IDisanextrabitoftextsentaspartofarequestforanaddressbyaDHCP client.ISPsthatusetheClientIDfieldoftenrequiresomespecifictexttobe entered,whichhelpsthemconfirmyouridentity. Pointstoconsiderwhenbuying:IfyourISPassignsyouasingledynamicaddress, youmusthaveaDHCPclientinyourgateway,andifyourISPrequiresthe useofaDHCPClientID,makesurethegatewaysupportsit.
PPPoE ManybroadbandISPsrelyonatechnologycalledPPPoE(PPPoverEthernet) asasecuritymeasureandtocontrolsessionlength.Inessence,PPPoEtreats analways-onEthernetconnectionasthoughitweretravelingoveramodem. WithInternetaccountsthatusePPPoE,yourgatewaymustloginwithauser nameandpasswordbeforetheISP’sDHCPserverwillprovideanIPaddress andstartpassingtraffic. ISPslikePPPoEbecauseitenablesthemtotrackwhichoftheircustomersare connectedatanygiventimeandthelengthoftimeanygivencustomerhas beenconnected.PPPoEalsointegrateswiththeauthenticationserversmany
189
190
TheWirelessNetworkingStarterKit
ISPsalreadyrunfortheirdial-upcustomers.InternetpuristshatePPPoE becauseit’sasubversionoftheconceptthatbroadbandconnectionsshouldbe availableatalltimes. Pointstoconsiderwhenbuying:NotallgatewayssupportPPPoE,sodetermine whetheryouneedittoconnecttoyourISPbeforebuyingagateway.
CloningMACAddresses AfewbroadbandprovidersuseMACaddresses(theuniqueEthernetMedia AccessControladdressassignedatmanufacturetoeverynetworkadapter)to limitaccesstoasinglemachine.Somecablemodems,forinstance,lockonto thefirstMACaddresstheyseewhenthey’returnedon,andworkonlywith thatoneunlessthey’repowereddownandstartedupagain.Moreproblematic aretheISPsthatactuallyrecordtheMACaddressofasinglecomputerand refusetoworkwithanyotherMACaddresseveragainunlessyouasktheISP tochangetheallowedMACaddress. Thesolutiontothisproblemistoclone,orreplicate,theMACaddressofthe acceptablemachineinthegateway,afterwhichtheISP’sequipmentthinks thegatewayistheacceptablecomputer. Pointstoconsiderwhenbuying:It’srarethatyou’llneedcloning,butifyour ISPworksthisway,supportforMACaddresscloningisinvaluable.
FirmwareandFirmProblems BewareoneproblemGlennfacedwhenhelpinghisfriendPatricksolveanetworkproblem. Patrick’sISPhadtoldhimthatheneededto bothsetastaticIPaddressforhisgateway,a Linksysgateway,andusePPPoEtoconnect totheISP’snetwork.Afteranhourormore ofmessingwithsettingsontherouter’smain configurationpage,Glennwasflummoxed. Hecouldconvinceasinglemachinetoconnect directly,butnotthegateway. Finally,hedidwhatheshouldhavedonefirst: visitedLinksys’sWebsiteanddownloaded
thelatestfirmware,orinternalsoftware,for thegateway.Ashortinstallandrebootofthe routerlater,GlennhadanewmainconfigurationscreenthatcorrectlyseparatedstaticIP selectionfromPPPoE.Youcan’tdoboth,and theISPhadmisledGlenn’sfriend.Heneeded tousejustPPPoEwhich,inturn,assignedan addresstothegateway. Thethingswelearninhindsightalwaysseem soobvious,eventhoughatthetimewewere poundingourheadsrepeatedlyagainstthe table.
Chapter16 | BuyingaWirelessGateway
Miscellaneous Therearesomeadditionalvariablesthatdon’tfitintoanyexistingcategory, butwhichmightplayaroleinwhichgatewayyouchoose.
WirelessDistributionSystem(WDS) In2003,wirelessgatewaysstartedofferinganewfeaturecalledWDS,or WirelessDistributionSystem,whichletsyouextendawirelessnetworkby addingadditionalwirelessaccesspointsthatactasgo-betweensbetweenwireless clientsandamasterwirelessgateway.Althoughrelativelyfewwirelessgateways supportWDSrightnow,weexpectittobecomeincreasinglycommon. ThosemanufacturersthatdosupportWDSexplicitly,suchasAppleand Buffalo,aren’ttestingtheirequipmentwithoneanother,soit’salwayssafest tobuygearfromasinglemanufacturer.Thatsaid,ourtestinghasshown thatApple’sAirPortExtremeBaseStationandBuffalo’sWLA-G54access point(it’snotagateway,justanaccesspoint)areinfactcompatible.Formore informationaboutWDS,seeChapter20,BridgingWirelessNetworks. Pointstoconsiderwhenbuying:Ifyouthinkyoumaywanttoextendyour networkwirelesslyinthefuture,makesuretobuyawirelessgatewaythat supportsWDS.
PrinterSharing Afewgatewaysincludeprintservers,whichletyouconnectaprinterdirectly toaparallelportonthegateway.Youthensendprintjobstothegateway’s printserver,whichpassestheprintjobstotheprinter.Havingtheprintserver hiddeninsideyourgatewayletsyouavoidhavingtheprinterpermanently connectedtoacomputerthatmustbeturnedonwheneveryouwanttoprint. Apple’sAirPortExtremeBaseStationallowsyoutopluginandshareaUSB printer,currentlyauniqueoption,butoffersconnectionsonlyviaRendezvous, Apple’simplementationofZeroconf(www.zeroconf.org),makingitcurrently incompatiblewithotheroperatingsystems. NOTE Printersharingisdifferentfromprintspooling.Withprintersharing,theprinter mustbeconnectedtotheprintserver,andbothdevicesmustbeturnedon andaccessible.Withprintspooling,iftheprinteritselfisn’tonoraccessible, theprintspoolerholdsthejobuntiltheprinteristurnedon.We’renotaware ofanywirelessgatewaysthatofferprintspooling,inpartbecauseaprint spoolerrequiresafairamountofstoragespacetostoreprintjobswhenthe printeristurnedoff.
191
192
TheWirelessNetworkingStarterKit
MostoftheseprintserversworkonlywithWindows-styleprinting.Theywon’t workwithMacsunlessyouuseextrasoftwarelikeThursbySoftwareSystem’s Dave(www.thursby.com/products/dave.html)ortheopensourceGimp-Print (http://gimp-print.sourceforge.net/MacOSX.php3).AfewalsohandleUnix LPR-styleprinting,whichisaccessibletobothMacsandPCs(andanyUnixor Linuxbox).SeeChapter13,SharingFiles&Printers,formoreinformation. Pointstoconsiderwhenbuying:Ifyouhaveaprinterthatmustbeconnected toacomputerthroughwhichprintjobsaresent,youcanoffloadthetasktoa gateway,butmakesureyouknowwhichplatformsyouneedsupportfor.
SimultaneousUsers The number of computers supported by each gateway varies, and you can’tnecessarilybelievemanufacturers’recommendations.There’sasharp distinctionbetweenthemaximumnumberofIPaddressesaunitcanfeedout viaDHCP(usually253atmost)andthenumberofusersitcanactuallycope withsimultaneously. Manycompaniesclaimthattheirgatewayscansupportthenumberofaddresses theDHCPservercandoleout,nottheactualnumberofusersthatcanusethe wirelessgatewaysimultaneously.Ifyouseeanumberlike35to50,it’smore likelytobeatruecountofusers,whereasalimitof100or250isunrealistic forconsumerequipment. Enterprise-gradeaccesspointsusedinlargeorganizationscansometimescope withseveralhundredsimultaneoususers,buttheyalsocost$400to$800. Pointstoconsiderwhenbuying:Countthenumberofmachinesthatneedtobe connected,andifyou’reneartheedgeoftheuserlimit,consideraddingextra accesspointsratherthanoverloadingasingle$100device.
AmericaOnline TensofmillionsofpeopleconnecttoAmericaOnline(AOL)everyweek,but there’sonlyonewirelessgatewaythatcanconnecttotheInternetviaAOLand makethatconnectionavailablewirelessly:Apple’sAirPortExtremeBaseStation. Youcanalsousetheprevious802.11b-basedAirPortBaseStationwithversion 2.0orlateroftheAirPortsoftwareforthosemodels.Alsonecessaryisversion 5.0oftheAOLsoftwareforMacintosh.KeepinmindthatsharingyourAOL connectionamongmultiplecomputersrequiresmultipleAOLaccounts. Pointstoconsiderwhenbuying:Ifyou’reaMacintoshAOLuser,yourdecision iseasy,sinceonlytheAirPortBaseStationwillhelp.Unfortunately,Windows
Chapter16 | BuyingaWirelessGateway
AOLusersareoutofluckbecausetheAOLWindowsclientsoftwaredoesn’t supporttheAppleAirPortBaseStationappropriately.
Cost Thepricebandforgatewaysdroppedquiteabitduring2003,withthecheapest gatewaysavailablefor$50to$75afterrebates,andthemostfull-featuredunits costingnomorethan$250to$300,evenfordevicesthathandle802.11a,b, andgatthesametime. It’sdifficulttodrawconclusionsbasedonprice,sincemostwirelessgateways arequitesimilar.However,therearetwotimeswhenyoushouldbesuspicious ofatoo-cheapgateway: • Someinexpensivegatewayscutcornersinwaysthatmaynotbeobvious
initially.Forinstance,aparticularlycheapgatewaymightcomewithan externaldipoleantenna,butonethatcan’tbereplacedwithahighergain antenna. • Sometimesyoumayfindinexpensivedevicesthatarejustplainwireless
accesspoints,notfull-fledgedwirelessgateways.Ifyou’relookingfora wirelessgateway,makesurethedevicecomeswithNATandDHCP support,Ethernetports,andtheotherfeaturesdiscussedinthischapter. Pointstoconsiderwhenbuying:Cheapgatewaysaren’tnecessarilybad,but makesuretheverycheapestoneshavethefeaturesyouneed.
193
17
SettingupaGateway
Mostwirelessgatewayshavealotincommondespiteminorcosmeticand organizationaldifferencesintheirinterfaces.Inthischapter,welookatthree populargateways:theLinksysEtherFastWirelessAP+Cable/DSLRouterw/4PortSwitch(modelnumberBEFW11S4),theLinksysWRT54GWireless-G BroadbandRouter,andApple’sAirPortExtremeBaseStation.Foreachone, we’llprovidetwosetsofinstructions,oneforasimple,openwirelessnetwork andanotherforamoresecurewirelessnetwork. NOTE LinksysmakesseveralEtherFastmodels,butwhenwesayEtherFastinthis chapter,wemeanspecificallytheBEFW11S4.TheWeb-basedinterfacesofthe othermodelslookmuchthesame.Anewerversion,theWRT54G,supports 802.11gnetworking,andwealsocoveritsdifferencesinthischapter.
Ifyouuseagatewayfromanothermanufacturer,theinstructionsshouldbe relativelysimilar;alsoseeTable17.1attheendofthischapterforacomprehensive listingofstandardsettings.
LinksysBEFW11S4 TheLinksysEtherFastWirelessAP+Cable/DSLRouterw/4-PortSwitch (BEFW11S4)wasoneofthemostpopular802.11bgatewayssoldformany months,makingitagoodexampleofaccesspointsthatuseaWeb-based interface.Web-basedinterfacesusedbyothergatewaysallrelyonthesame setofinformation.
196
TheWirelessNetworkingStarterKit
NOTE The newer 802.11g-based Linksys WRT54G has an almost identical configuration.Wecoveritsdifferencesinthenextsection.
ToconnectviatheEtherFast’sWeb-basedinterface,yourcomputermustbeon theprivate192.168.1.0network;seethesidebar,“ConfiguringYourComputer toPerformInitialSetup,”tosetyourcomputerupproperly.TheEtherFastis settobeattheIPaddress192.168.1.1outofthebox,anditsdefaultpassword isadmin(nousernameisnecessary).
ConfiguringYourComputertoPerformInitialSetup Toconfigureanaccesspointwithabuilt-in WebserverthathasitsdefaultIPaddresson aprivatenetwork(usuallythe192.168.1.0 network),youmustsetyourcomputer’snetworkingoptionssoit’sonthesamenetwork. Youtypicallymakethisinitialconnectionover anEthernetcableconnectingthecomputer andthegateway,notwirelessly,thoughyou canperformallsubsequentconfigurationvia thewirelessconnection.
6. SettheIPaddressto192.168.1.49,subnet
ToconfigureWindowsXP:
2.ClicktheNewbutton,selectBuilt-InEth-
1. OpenControlPanel,openNetworkCon-
nections,andopentheLocalAreaConnectiondevicecorrespondingtoyourEthernet adapter. 2.ClickPropertiesintheGeneraltab. 3. SelectInternetProtocol(TCP/IP)andclick
Properties. 4. Toavoiddisturbinganexistingconnection,
selecttheAlternateConfigurationtab. 5. SelecttheUserConfigurationradiobutton.
maskto 255.255.255.0 ,andgatewayto 192.168.1.1.Youmayleavetheotherfields blank(Figure17.1). 7. ClickOK.
ToconfigureMacOSX: 1. OpentheNetworkpreferencespane,and
chooseNetworkPortConfigurationsfrom theShowpop-upmenu. ernet,andenterPrivateConfigurationas thename. 3. MakesuretheboxnexttoPrivateCon-
figurationischecked,andselectPrivate ConfigurationfromtheShowmenu. 4. IntheTCP/IPtab,settheIPaddressto 192.168.1.49,subnetmaskto255.255.255.0,
andgatewayto192.168.1.1 (Figure17.2). Youmayleavetheotherfieldsblank. 5. ClickApplyNow.
Youcanlaterdisableordeletethesenetwork configurationsifyoudesire.
Chapter17 | SettingupaGateway
Figure17.1 Configuring WindowsXPto connecttoa gatewayforthefirst time.
Figure17.2 ConfiguringMac OSXtoconnectto agatewayforthe firsttime.
SimpleSetup Followtheseinstructionstosetupasimplewirelessnetworkthatsharesyour cable-orDSL-basedInternetconnection. 1. Onceyou’veconfiguredyourcomputerappropriately,openaWebbrowser
andintheAddressfield,type192.168.1.1,andthenpressEnter. YourbrowserconnectstotheEtherFast’sbuilt-inWebserverandpresents youwithapassworddialog. 2. Enteradmin asthepassword(youcanleavetheusernamefieldblank),and
pressEnteragaintoconvincetheEtherFastthatyouareindeedallowed toconfigurethegateway. TheEtherFastpresentstheSetuptab.
197
198
TheWirelessNetworkingStarterKit
TIP IfyouhavethesamemodelofEtherFastthatwe’reconfiguringhere,butits interfacelooksquitedifferent,visitLinksys’sWebsiteandseeifthere’sanewer versionofthefirmware.Asyoucansee,we’reusingversion1.42.7,fromApril 23,2002,butearlierversionslookeddifferent.
3. ChangetheSSIDfieldfrom“linksys”towhateveryouwanttonameyour
network. 4. FromtheWANConnectionTypepop-upmenuatthebottomofthe
screen,choosetheappropriateconnectiontype.Inmostcases,itwillbe ObtainanIPAutomatically(whichmeansyourISPassignsyouadynamic IPaddress)orStaticIP(whichmeansyourISPhasgivenyouasetIP addressthatneverchanges).OtheroptionsincludePPPoE,RAS,and PPTP(Figure17.3). Figure17.3 Configuringbasic settingsinthe EtherFast’sSetup tab.
5. ClicktheApplybutton,andwhentheEtherFastreports“Settingsare
successful”clicktheContinuebutton. 6. ClickthePasswordlinkatthetopofthescreentoswitchtothePassword
tab(Figure17.4). 7. EnteryourdesiredpasswordinbothRouterPasswordtextfields. 8. ClicktheApplybutton,andwhentheEtherFastreports“Settingsare
successful”clicktheContinuebutton.
Chapter17 | SettingupaGateway
Figure17.4 Changingthe EtherFast’sdefault password.
TIP AlthoughtheEtherFastdefaultstonotallowinganyoneoutsideofyourlocal privatenetworktomanagethegateway,eveniftheyhavethepassword, youshouldstillchangethedefaultpasswordinthePasswordtabtoprevent someonefromconnectingviaawirelessconnectionandmessingwithyour settings.Ifthisweretohappen,youronlyrecoursewouldbetoresetthe EtherFasttoitsfactorydefaultsandreconfigureit.
9. VerifythatyoucanconnecttothewirelessnetworkandouttotheInternet.
YoumaywishtoresetyourcomputertouseDHCPtodothis. That’sit—youshouldhaveaworkingwirelessnetworkthatsharesyourInternet connectionandassignsIPaddressesviaDHCP.
SecureNetworkSetup Ifyouwantyourwirelessnetworktobemoresecure,youmustconfiguresome additionalsettings: 1. Performtheinstructionsin“SimpleSetup,”andmakesureeverything
worksproperlybeforeenablingsecuritysettings. 2. IntheSetuptab,changeAllowBroadcastSSIDtoAssociatetoNo.That
closesyournetworksopassersbywon’tautomaticallyseeitlistedwith availablenetworks. 3. SetWEPtoMandatory,andclickContinuenexttotheWEPoptions.
TheEtherFastdisplaystheWEPKeySettingwindow. 4. Chooseeither64Bitor128Bitfromthefirstpop-upmenu.128Bitisslightly
moresecure,assumingallyourequipmentsupportsit,butrequiresthat youenteramuchlongerWEPkeyeachtimeyouwanttoconnect.
199
200
TheWirelessNetworkingStarterKit 5. EitherenterapassphraseandclicktheGeneratebutton,orenterWEP
keysmanually.Theadvantageofthepassphraseisthatthekeysaremore random;thedisadvantageofthepassphraseisthatrandomkeysaremuch hardertorememberandtype(Figure17.5). Figure17.5 Configuringbasic settingsinthe EtherFast’sSetup tab.
6. ClickApplytosaveyourWEPkeysettings,andclickContinuewhenthe
EtherFastreports“Settingsaresuccessful.” 7. BackintheSetuptab,clicktheApplybutton,andwhentheEtherFast
reports“Settingsaresuccessful”clicktheContinuebutton. 8. Verifythatyoucanstillconnecttoyournetwork,whichrequiresthat
youenterthenetworknamemanually,alongwiththeWEPkeythatyou entered. TIP Ifyouscrewsomethingupandcan’tconnect,rememberthatyoucanalways resettheEtherFasttoitsfactorydefaultsbypressingtheresetswitchonthe backfor3to5seconds.Youshouldthenclosethenetworkandverifythatyou canconnect,andthenenableWEPandverifythatyoucanconnectagain.
OtherInterestingControls TheEtherFast’smanualisgoodandrichwithdetail,butlet’sdiscussafew ofthemoreinterestingthingsyoucandowiththeEtherFastthatmaynotbe obviousinitially.
• InthePasswordtab,youcanresettheEtherFasttoitsfactorydefaults, whichmaybeeasierthanholdingdowntheresetbuttonforafewseconds, dependingonwhereyou’vepositionedtheEtherFast.
Chapter17 | SettingupaGateway
• IntheStatustab,youcancheckontheEtherFast’sIPsetup,whichis usefulifyou’retroubleshootingaconnectionproblemwithyourISP.
• IntheDHCPtab,youcannotonlyenable,disable,andconfigureDHCP
settings,youcanalsochecktoseewhatcomputerstheEtherFasthas assignedIPaddressestobyclickingtheDHCPClientsTablebutton.This couldhelpyoudetermineifoutsidersareusingyournetwork.Remember thatthenumberofaddressesyousetheredoesn’taffecthowmanyclient computerstheEtherFastcanactuallyhandleatthesametime.
NOTE BecausetheEtherFastroutesthewholelocalnetworkouttotheInternetwhether ornotaddressesareassignedbyDHCP,youcanalsosetstaticIPaddresses onthelocalnetworkbelowthestartingaddressyoudefine.Forinstance,if youstartDHCPataddress192.168.1.100,youcouldassignstaticaddressesto machinesthatuseportforwardingorotherfeaturesrequiringafixedaddress to192.168.1.2through192.168.1.99.Adamalwaysdoesthissohecaneasily connecttoallthecomputersonhislocalnetworkbyIPaddress.
• ClicktheorangeAdvancedbuttontoswitchtoadifferentsetoftabswhere youcanconfiguremoreadvancedsettings.
• Mostpeoplearen’tlikelytowanttousetheEtherFast’sfilterstoprevent
computersonanetworkfromgettingoutviacertainpoints,butitmight beusefulforpreventinganaddictedteenagerfromplayinggamesfortoo manyhourseachday.
• IfyouwanttomakeInternetservicesonalocalmachineavailableto
computersontheInternet,youhavetwochoices.Youcanenterthat computer’sIPaddressintheDMZHosttab,whichexposesallportson thatcomputertotheInternet,oryoucanmakespecificportsavailablein theForwardingtab(Figure17.6).Herewe’veforwardedtrafficforport 80(whichistheWeb)tothecomputerat192.168.1.11,whichisrunninga Webserver.ThePortTriggeringbuttonletsyousettriggersforgaming.
• IfyourISPallowsonlyonespecificMACaddresstoconnect,youcanhave theEtherFastusethatMACaddressintheMACAddr.Clonetab.
LinksysWRT54G TheLinksysWRT54G,aswenotedatthestartofthischapter,isnearlyidentical inconfigurationtoitsearliercousin,theBEFW11S4.Wewantedtohighlight afewdifferences,though,whichrelatetoitsmoreadvancedfeatures.
201
202
TheWirelessNetworkingStarterKit Figure17.6 Configuringport forwardingforthe EtherFast.
SecurityOptions IntheSetuptab,selectingtheEnableradiobuttonnexttoWirelessSecurityand thenclickingEditSecuritySettingsletsyouchoosemoremodernencryption options(Figure17.7). Figure17.7 Securitysettings.
Theencryptionand authenticationoptions (above)fortheWRT54G.
TheencryptionoptionsavailablefromtheSecurityModepop-upmenunow extendwaybeyondWEP.Theyinclude:
• WPAPre-SharedKey.ThemostlikelyoptionyouwouldchooseisWPA Pre-SharedKey,whichletsyouemploythestrongestandsimplestform ofencryptionavailable.(WediscussitindepthinChapter26,Securing DatainTransit.)WhenusingWPAPre-SharedKey,chooseTKIPfrom theWPA,themostcompatiblekeyusedwithWPA,andenterakeyof8 to26characters,includingpunctuation,spaces,andnumbers.Thegroup keyrenewalfeatureisn’twellexplained:it’sunclearwhetheritimproves securityatall.
Chapter17 | SettingupaGateway
• WPARADIUS.ThisoptionenablesyoutouseWPAwithaback-end authenticationserver(seeChapter22,SmallOfficeWi-FiNetworking).
• RADIUS. You can select RADIUS for WEP encryption with an
authentication server (again, see Chapter 22, Small Office Wi-Fi Networking).
• WEP.Useold,brokenWEPwiththisoption. AdvancedWireless ClicktheAdvancedtabattheupperrightoftheWRT54G’sWebconfiguration screen,andthenclicktheAdvancedWirelesstabtosetoptionsthattuneyour high-speedperformance(Figure17.8). Figure17.8 AdvancedWireless options.
Theoptionsthataremostimportantwhenrunningan802.11g-basednetwork include:
• TransmissionRate.Usethispop-upmenutolockaspeedonyournetwork. ChoosingavalueotherthanAutopreventssomeremotedevicesfrom connectingatall.Forinstance,ifyousetavalueof12Mbpsorhigher, 802.11badapterscan’tconnect.
• FrameBurst.Enablingthisoptioncanimprovethroughputenormously
on802.11b/gand802.11gnetworks.(See“802.11e:QualityofService” inChapter4,OtherWirelessStandards,formoredetailsonframeorpacket bursting.)Frameburstingisentirelycompatiblewithotheradapters:even thosethatdon’tofferframeburstingasafeaturecanstillinterpretframes thathavebeenrewritten(orburst).
203
204
TheWirelessNetworkingStarterKit
DynamicDNS TheLinksysWRT54GsupportsdynamicDNS,soyoucanmapahumanreadabledomainnametothedynamicIPaddressassignedtoyourcomputerby yourISP(seeChapter16,BuyingaWirelessGateway).ClicktheAdvancedtab attheupperrightandthenselecttheDDNStabtoaccessthedynamicDNS features(Figure17.9).Youcanchooseoneoftwoproviders,DynDNS.org orTZO.com. Figure17.9 DynamicDNS options.
AirPortExtremeBaseStation Apple’sAirPortExtremeBaseStationisajoytoconfigure—itssettingsare clearlylabeledandhavedistinctpurposes,anditprovidesadedicatedpieceof Macintoshsoftware,theAirPortAdminUtility,insteadofaWebinterface. (Ifyoudon’thaveaMac,youhaveseveralotheroptions;seethesidebar.)
ConfiguringwithoutanAirPortCardorMacintosh IfyoulackaMacintosh,aMacwithanAirPort card,oraMacrunninganewenoughMacOS toruntheAirportAdminUtility,youcanstill useoneoftwotoolstoconfigureanAirPort orAirPortExtremeBaseStation:
• AJava-basedconfigurationprogramthat runsonseveralplatforms.Downloaditfrom http://edge.mcs.drexel.edu/GICL/people/ sevy/airport/.
• Apple’s unsupported AirPort Extreme
AdminUtilityforWindows.Download itfromhttp://docs.info.apple.com/article
.html?artnum=120226.Thisutilitysupports onlytheAirPortExtremeBaseStationand thenewersnowAirPortBaseStation,not theoriginalgraphiteAirPortBaseStation. Atthiswriting,it’snotjustunsupported, it’salsoabetaversion.
Ofcourse,youcanalwaysdowhatWindows usersdidbeforetheseutilitiesappeared:invite afriendwithaniBookorPowerBookoverto dinner.Onceyou’veconfiguredabasestation, youusuallydon’tneedtouseApple’sAdmin Utilityagain.
Chapter17 | SettingupaGateway
NOTE YoucannotconfigureanAirPortExtremeBaseStationifyourMacrunsMac OS9orearlier.
NOTE Manyofthesettingsdiscussedinthissection—exceptforWDSandthe802.11g choices—areidenticalfortheoldergraphiteandsnowAirPortBaseStations thatsupportonly802.11b.
NOTE OftenafterinstallinganAirPortsoftwareupdate,thenexttimeyouconnectto yourAirPortBaseStation,theAirPortAdminUtilitywillpromptyoutoupdate theunit’sfirmware.Beforeupdatingfirmware,it’sagoodideatosavethe unit’sconfigurationjustincasetheupgradeerasesanyofyoursettings.
SimpleSetup AirPortAdminUtilityhidesmostsettingsfromyouonyourfirstconnection, presentingyouwithjustthecriticalsettingsyouneedtosetupastraightforward Wi-Finetwork. 1. OpenAirPortAdminUtility(likelylocatedintheUtilitiesfolderinside
yourApplicationsfolder). 2. IntheSelectBaseStationwindowyouseeanyAirPortorAirPortExtreme
BaseStationsonthelocalnetwork;selectingonedisplaysadditionaldetails aboutit(Figure17.10).Toconnecttoabasestation,double-clickit. Youmustalsoenteritspasswordifit’snotalreadystoredinthesystem Keychain. Figure17.10 Connectingtolocal basestations.
205
206
TheWirelessNetworkingStarterKit
TIP Ifyourbasestationdoesn’tappearinthelistbuthasastaticIPaddress,you canconnecttoitbyclickingOtherandenteringtheIPaddressandpassword intheconnectiondialogthatappears.Youcanalsoconfigurebasestations overtheInternetthisway.
TIP Thedefaultpasswordforanewbasestationispublic(alllowercase).
3. AirPortAdminUtilityshowstheShowSummarytabbydefault(Figure
17.11).ClicktheNameandPasswordbutton. Figure17.11 Summarytab’s display.
4. IntheNameandPasswordscreen,enteranameintheBaseStationName
fieldthatidentifiesthisbasestationuniquely,andthenclickChangePassword andsetthepasswordnecessarytoaccessthebasestation(Figure17.12). 5. RenamethenetworkbyenteringanewnameintheWirelessNetwork
Namefield,whichistheSSIDforthisdevice. TIP IfyouhavemultiplebasestationsconnectedtoyourEthernetnetworkand wanttoenableroamingamongthem,makesuretousethesamenetwork nameforallofthem.
6. ClicktheInternetConnectionbutton.
Chapter17 | SettingupaGateway
Figure17.12 Settingthebase station’snameand password.
Thedialogatrightappearswhen youclickChangePassword.
7. IntheInternetConnectionscreen,enterthesettingsnecessarytoconnect
yourbasestationtotheInternetasoutlinedinthelistbelow(Figure 17.13). Figure17.13 Configuringyour Internetconnection.
207
208
TheWirelessNetworkingStarterKit
•
ForDSLandcablemodemInternetconnections,chooseEthernet fromtheConnectViapop-upmenu,andchooseDHCPfromthe Configurepop-upmenu.IfyourISPrequiresthatyouuseaDHCP ClientID,enteritintheDHCPClientIDfield(thissettingisoften essentialtomakingaconnectionwork).
•
SomebroadbandservicesrequirethatyouloginusingPPPover Ethernet.Ifthat’strueofyourISP,choosePPPoverEthernet(PPPoE) fromtheConnectViapop-upmenu,andenteryouraccountname andpassword(Figure17.14).
•
Fordial-upInternetconnections,choosetheModemsettingthat’s available,andenteryourISP’sdial-ininformation.
Figure17.14 SettingupPPPover Ethernet.
8. ClickUpdate.
ThebasestationshouldrebootandconnecttotheInternet.
SecureNetworkSetup IfyouwanttoturnonWEPencryption,whichwerecommend,followsteps 1to5intheprevioussection,andintheNameandPasswordtabperformthe followingsteps: 1. CheckEnableEncryption(UsingWEP),andclicktheChangePassword
button.
Chapter17 | SettingupaGateway
2. EntertheWEPpasswordastextandfromtheWEPKeyLengthpop-up
menu,choose40-bitor128-bit(Figure17.15).Stickwith128-bitWEP unlessyouhaveolderdevicesthatcanhandleonly40-bitWEP. Figure17.15 Enteringthe WEPpassword andchoosing encryptiondepth.
3. Continuebyfollowingsteps6,7,and8intheprevioussection.
NOTE AccordingtoastatementthatApplemadeinJune2003,ApplewilladdWPA (Wi-FiProtectedAccess)asanoptionbytheendof2003.Checkoursitefor updates.
AdvancedControls ThebasiccontrolstosetupanetworkarejustthetipoftheicebergwithApple’s AirPortAdminUtility.Afteryou’veconnectedtoabasestation,clicktheShow AllSettingsbuttoninthemainscreen,andthefullsetoftabsanddetailsappear intheirfullglory.Someofthesearerepeatedfromourinstructionsabove,but theyappeartypicallywithmoredetailhere. NOTE Aftermakinganychanges,clicktheUpdatebuttonatthebottomofthe windowtosaveyourchangesandrebootthebasestationwiththenew settings.ClickReverttoabandonchangesandgobacktothepreviously loadedconfiguration.
AirPortTab TheAirPorttabcontainsbasicinformationabouttheAirPortBaseStation, includingdetailssuchasthenameoftheunit(usedtoidentifyitintheAirPort AdminUtility’sSelectBaseStationwindow),andoptionaldetailssuchasthe contactpersonandlocation(Figure17.16).Youcansettheadministrative passwordbyclickingChangePassword. ClicktheWANPrivacybuttontosetafewobscureitemsthataffecthowvisible thebasestationisontheInternetandlocalnetwork(Figure17.17).
• SNMP (Simple Network Management Protocol) allows network managementsoftwaretomonitorthebasestation’sperformance.
209
210
TheWirelessNetworkingStarterKit Figure17.16 Namingand locatingthebase station.
Figure17.17 SettingWAN privacyoptions.
• RemoteConfigurationisdangerous:whenenabled,anyoneontheInternet cantrytoconnecttoyourbasestation(otherwise,it’spossibletoconnect tothebasestationonlyfromyourlocalnetwork).
• Enablingremoteprinteraccessallowspeopleoutsideyourlocalnetwork toprinttoaUSBprinterconnectedtothebasestation.
• WewereunabletofinddocumentationonEnableDefaultHostatApple’s siteorelsewhere!
TIP IfyouselectEnableRemoteConfiguration,makesuretochangethedefault password!
Chapter17 | SettingupaGateway
TheAirPorttabletsyousetthebasicaccesspointsettings(Figure17.16, above).TheNameisyournetworkname(asopposedtothebasestation’sname). CheckingCreateaClosedNetworkpreventsthebasestationfrombroadcasting itsname,andthushidesthenetworkfromcasualusers. CheckEnableEncryption(UsingWEP)toturnonWEPencryption,and clicktheChangePasswordbuttontoconfigureyourWEPkey.Seestep2 under“SecureNetworkSetup,”earlier. TIP IfyouwantPCsornon-AirPort-equippedMacstoconnectafteryouseta WEPpassword,chooseEquivalentNetworkPasswordfromtheBaseStation menutoretrieveyourWEPkeyinhexadecimal,suitableforenteringintoother wirelessclientsoftware.
ChooseachannelfromtheChannelpop-upmenu.Makesurethatifthere aremultiplebasestationswithinrange,youchoosenon-overlappingchannels. (SeeChapter2,WirelessStandards,fordetailsonselectingachannel.) TheModepop-upmenuletsyouexcludeeither802.11bor802.11gclientsfrom yournetwork,althoughmostofthetimeyouwanttoallowmixed802.11b/g networkingbychoosing802.11b/gCompatible. ClicktheMorebuttontosetafewradiosettingsthatmayseemesotericbut canbesurprisinglyhelpfulinmanysituations(Figure17.18). Figure17.18 Settingradio options.
211
212
TheWirelessNetworkingStarterKit
• Multicastsetsthelowestthresholdforconnection,whichcanprevent more-distantcomputerswithweaksignalstrengthfromassociatingwith theAirPortBaseStation.Youcanspeedupanetworkbutreducethe effectivenetworkrangebyraisingthethresholdabove1Mbps.
• CheckEnableInterferenceRobustnessifyournetworkappearstohave problemswithcompetingnetworksorothersourcesofinterferencelikea 2.4GHzcordlessphoneornearbymicrowaveoven.
• ReducingTransmitterPowerfrom100percentreducestherangeofthe
basestation,butalsodecreasesthelikelihoodofinterferencewithadjacent Wi-Fiaccesspoints.
InternetTab IntheInternettab,yousettheoptionsforconnectingyourbasestationto anISP(Figure17.19).TheConnectUsingmenuallowsyoutochoosethe networkmethod,suchasEthernet,PPPoE,Modem,orAOL.Ifyouusea cableorDSLmodemwithoutPPPoE,chooseEthernet. Figure17.19 Configuringyour basestationto connecttoyourISP withConnectUsing optionsinset.
Thesettingsyouenterhereareidenticaltowhatyouwouldusewhenconnecting toyourISPfromasinglecomputer,sorefertotheinformationprovidedby yourISPforthedetails.
Chapter17 | SettingupaGateway
TheAirPort(WDS)itemintheConnectUsingpop-upmenuenablesyouto bridgemultiplebasestationstoextendanetworkwirelessly.SeeChapter20, BridgingWirelessNetworks,fordetailedinstructionsonusingWDS(Wireless DistributionSystem).
NetworkTab TheNetworktaboffersavarietyofinterrelatedoptionsthattogetherprovide networkserviceslikeDHCPandNAT.Contextualhelpatthebottomofthe windowexplainseachsettingasyouselectit. CheckingDistributeIPAddressesturnsDHCPserviceon,whichtellsthe AirPortBaseStation’sDHCPservertoofferIPaddressestoallthecomputers thatconnecttoit.Youhavetwochoicesforhowaddressesareshared:using DHCPandNATorusingarangeofIPaddresseswithjustDHCP. IfyourISPprovidesyouwithmultiplestaticIPaddressestouseforcomputers connectedtoyourAirPortExtremeBaseStation,youcanchooseSharea RangeofIPAddresses(UsingOnlyDHCP)andenteryourIPaddressrange (Figure17.20). YoushouldselectShareaSingleIPAddress(UsingDHCPandNAT)if yourInternetconnectionprovidesyouwithonlyasingleIPaddress,whichis probablythemostcommonsituation(Figure17.21).Applesuggests,inits pop-upmenuranges,threewell-known,non-routable,privateaddressranges. However,youcanalsochooseyourownfromtheOthermenu. Figure17.20 Configuringyour basestationto shareasingleIP address.
213
214
TheWirelessNetworkingStarterKit Figure17.21 Configuringyour basestationto sharearangeofIP addresses.
YoucansetthelengthoftimeaDHCPnumbercanbeusedbyoneofyour clientcomputers.Ifyouhavemorecomputersthatmightwanttoconnectthan availableIPaddresses,settheDHCPleasetimelowtoavoidtyingthemall up.IfyouhavemorethanenoughIPaddressestoshareouttoyourregular users,thenyoucansettheDHCPleasetimehighsoeachindividualuseris likelytokeepthesameIPaddressforawhile. CheckingEnablePPPDial-inletsyouturnanAirPortExtremeBaseStation intoanInternetmodembridge,soyoucanconnecttoyourlocalnetworkwhile you’retraveling.ClickConfigureandadialogletsyousetaccessparameters (Figure17.22). Figure17.22 Enablingdial-in accessforanAirPort ExtremeBase Station.
Lastly,theEnableAOLParentalControlscheckboxworksinconjunction withdialingintoAOLorusingAOLBroadband,anditletsparentsenforce policieswithinthebasestation.
PortMappingandAccessTabs TheoptionsinthePortMappingtabletyoumapoutsideportstocomputers onyourwirelessnetworkthatyouwanttobeaccessiblefromtheInternet.We talkaboutportmappinginChapter16,BuyingaWirelessGateway.TheAccess taboffersoptionsforcontrollingwhichuniquewirelessdevicescanconnect tothebasestation;formoreaboutcontrollingaccessbyMACaddress,see Chapter25,PreventingAccesstoYourNetwork.
Chapter17 | SettingupaGateway
Authentication TheAuthenticationtabprovidessettingsforconfiguringyourbasestation tocommunicatewithanauthenticationservertohandleuserlogins.Users musthaveclientsoftwareontheircomputersthatenablesthemtoentertheir credentialswhenprompted;thebasestationhandsthesecredentialsofftoa RADIUSorotherauthenticationserver,andthenallowsuserstoconnectonly iftheauthenticationserverconfirmstheiridentity. Unlessyou’reinanofficeorcorporateenvironment,youcanignorethistab. (SeeChapter22,SmallOfficeWi-FiNetworking,fordetailsonauthentication servers.)
WDSTab We explain WDS and the WDS tab in Chapter 20, BridgingWireless Networks.
CommonGatewaySettings Toconfigureanyaccesspoint,youmustenterafewpiecesofinformation. Althoughthismayseemintimidating,mostgatewaysshipwithadefault configurationorpickupsomesettingsappropriatelyonceyou’vemadethe necessaryconnections.Othersettingsyoudeterminewhenplanningyour network,byreferringtothedocumentationfromyourISP,ortalkingtoa network-savvyfriendorcolleague.Table17.1outlinescommonsettings, alternatenames,andthetypeofinformationyou’denterforeach.
ConnectingtoaBaseStationwithoutanAirPortCard PCusersandMacuserswitholderequipment mayfacethetaskoftryingtoconnecttoan AirPortorAirPortExtremeBaseStation withouthavingaccesstoApple’sAirPortclient software.That’susuallynotaproblem,since connectingtooneofthesebasestationsismuch likeconnectingtoanyotheraccesspoint.The onedifferenceisindeterminingtheWEPkey usedtoencryptcommunications. IfWEPisenabledonthebasestation,you mustuseApple’sAirPortAdminUtilityto obtainthenon-AirPortWEPkey.
1. LaunchAirPortAdminUtility. 2.Connecttoyourbasestation. 3. Inthelistoficonsatthetopofthewin-
dow,clickPassword,orchooseEquivalent NetworkPasswordfromtheBaseStation menu. Ifyoudon’thaveaMacthatcanruntheAirPortAdminUtility,trythetwotoolsnotedin thesidebar,“ConfiguringwithoutanAirPort CardorMacintosh.”WPAmightcomplicate thisoption;visitourWebsiteforupdates.
215
216
TheWirelessNetworkingStarterKit Table17.1
CommonConfigurationSettingsforGateways Setting
WhatItMight AlsoBeCalled
Explanation
ExampleSettings andValues
SSID(Service SetIdentifier)
Networkname, ESSID(Extended SSIDfornetworks withtwoormore accesspoints)
ClientsconnecttoWi-Finetworks byname.Fornetworkswith multipleaccesspoints,allshould benamedidentically.
moonunit
Accesspoint name
Basestation name,unitname
Someconfigurationsoftwareuses thisnametodistinguishamong availableaccesspoints.
Bobmarley
IPaddress
WANIPaddress
Thegateway’sexternalIPaddress. WithmostISPs,yourgatewaypicks thisaddressupviaDHCP,although youcanalsoenteritmanually.(You won’tseethisorthenextthree settingswithPPPoE.)
24.6.5.130
Gateway
TheIPaddressoftheInternet routertowhichyourgateway connects.Again,DHCPusually providesthisautomatically.
24.6.5.1
Subnetmask
Thesubnetmaskdefinesthesizeof thelocalnetwork.DHCPprovides thisinmostcases;otherwiseask yourISP.
255.255.255.0
DNSserversarenecessarymainlyif thegatewayactsasaDHCPserver, sotheDNSaddressescanbe passedontotheclientcomputers. YourISP’sDHCPusuallyprovides DNSserverinformation.
24.6.15.100
Thegateway’saddressonyour internalnetwork.
192.168.1.1
802.11bhas14channels,only certainofwhichareallowedforuse dependingonthecountryyou’re in;toavoidsignaloverlap,choose amongchannels1,6,or11for adjacentaccesspointsindense networks.
6
DNSservers
LocalIP address
Nameservers
LANIPaddress
Channel
Closed network
Hiddennetwork, turnoff beaconing
Hidesthenetworknamefrom casualbrowsers.
24.6.15.22
PPPoE
PPPoverEthernet
Chapter17 | SettingupaGateway
UsedtologintoanInternet account,mostoftenwithcable modems.
Username:tristane
DHCPclient
TurnontheDHCPclientifyour gatewayneedstoidentifyitselfto acquireitsIPaddressfromaDHCP server.
DHCPClientID: SWBELL001
DHCPserver
ADHCPserverprovidesIP addressestoclientcomputerson yournetwork.Somegatewayslet youpicktherangeofaddressesto useandthelengthoftimeaDHCP leaselasts.
192.168.1.1– 192.168.1.150
Password:98fink1e!
Leasetime:1day
NAT
NetworkAddress Translation, privateaddress server
NATisoftenbuiltintotheDHCP serveroptionratherthanbroken outseparately.
Firewall
Filtering
Restrictstrafficfromortospecific servicesorIPaddresses.
Banalltrafficfrom network36.44.0.0.
Port forwarding
Portmapping, punch-through
Redirectsincomingrequeststo aspecificservicetoaportona specificmachine.
Inboundport80 onthegateway connectstoport 8127onmachine 192.168.1.53.
DMZ
Virtualserver
Allowsasinglemachinetoappear asthoughit,insteadofthe gateway,isdirectlyaccessiblefrom theInternet.
Trigger
Enablescompatibilitywithgames thatneedtoacceptincoming trafficonrangesofports.
Whenalocal computerconnects outviaport3307, openinboundports 4000–5000tothat machine. F71A82FF0D
WEP
Encryption, security,network password
Allowsuptofourkeystobe usedtoencryptalltrafficpassing betweenadaptersandtheaccess point.
WPA
WPA-PSK,WPA passphrase
Usesanewencryptionmethodthat Inky,dinky,foo. reliesonapassphrasetogenerate robustkeysautomatically.
Antenna diversity
Unitswithmorethanoneantenna canhaveoneantennasetto receiveandtheothertotransmit, orbothtooverlapthesefunctions.
217
218
TheWirelessNetworkingStarterKit
Setting
WhatItMight AlsoBeCalled
Explanation
Transmit speed
Txspeed, compatibility
Forfullcompatibilitywith802.11b, gatewaysmusthandlelower speeds;turningthisoffinsmaller, close-rangenetworkscanimprove overallnetworkperformance.
ExampleSettings andValues
802.11b/g
Newergatewayswith802.11g supportmayworkinag-only mode,mixedmode,and/orb-only mode.
gonly
Admin password
Allgatewaysletyousecure theconfigurationbysettinga password.
ish234#kab
08:23:1c:55:F4:0D
CloneMAC address
RewriteMAC address
Letsyouchangetheunique Ethernetaddressontheaccess pointtomatch,forinstance,a registeredaddressofanother machinethatanISPallowsontoits network.
Firmware
Upgradesoftware
Notasetting,butacontrolthat typicallyletsyouselectafirmware upgradefiletouploadtothe gateway,afterwhichthegateway reboots.
Modem settings
EntertheISP’sphonenumber,and oftenanalternate,alongwithuser nameandpasswordinformation.
Number:123-4567 Username:tristane Password:98fink1e!
DynamicDNS
DDNS
Chooseaservice,likeDynDNS.org, fromapop-upmenuandenter youraccountdetailstohaveyour gateway’sIPnumbermatchedto ahostname,evenwhentheIP numberchanges.
Username: stinkelfuss Password:98finkle! HostName: shoe.leather.com
WDS
Wireless Distribution System
Chooseotheraccesspointswith whichthisgatewayexchangesdata wirelessly,andothersettingsto makeagatewayamasterinaWDS network.
MACaddress:03: 08:3F:AC:EE:66
WirelessGadgets
18
Since802.11b’sintroduction,we’vebeenwaitingforWi-Fitechnologyto migratefrompurenetworkdevicesforcomputersintodigitalappliancesand consumerelectronics,likecameras,mediaplayers,andevenclothing.The futureisfinallyhere. TheutilityofhavingWi-Fiinconsumerelectronicsandotherdigitaldevices isubiquitouscommunicationwithyourcomputer,withtheInternet,andwith otherWi-Fidevices.Theadvantagesenjoyedbythebusinesstraveleraccessing theInternetviaaWi-Finetworkinanairportmaybeevenmoreexcitingfor thephotographerwhocanuseaWi-Fi–enableddigitalcameratotransfer photosautomaticallytoasharedserverasthey’retakenorforthedigitalmedia buffwhocannowplayMP3sstreamedwirelesslyfromacomputertoamedia playerattachedtoastereo. Allworkandnoplaymakesawirelessnetworkdull,soreadonforbrief descriptionsofgadgetsthatuseWi-Fitolivenupyournetworkandyourlife. NOTE Theconsumerelectronicsworldchangesquickly,soit’salmostcertainthat detailsyoureadherewillhavechangedsincewewroteaboutthem.Thinkof theseproductdescriptionsaslaunchpadsfromwhichyoucanfindoutmore aboutwhat’spossibleandwhat’savailable.
Cameras Whatcouldyoupossiblyusewirelessforinadigitalcamera?Storage,actually. High-resolution,digitalstillcamerasstorephotosthatcantakeup6MBor
220
TheWirelessNetworkingStarterKit
evenmuchmorespaceonaninternaldevice.CompactFlashandSD(Secure Digital)cardscontinuetogrowinsize,withCompactFlashnowavailablein sizesupto1GB.Butsinceyoualmostalwaystransferphotostoacomputer forcullingandprocessing,whynottakeadvantageofthemassiveharddisks intoday’scomputersanduseWi-Fitosendphotosdirectlytothecomputer? Evenifyoudon’treplacetheinternalstorageonthecamerawithwireless connectivity,beingabletotransferphotosfromthecamera’sinternalmemory cardtoacomputerviaWi-Fiisawelcomeimprovementoverfussingwith USBcablesormemorycardreaders. NOTE YoucanalsofindcamerasthatsupportBluetoothfortransferringphotos. Theproblemwiththemisspeed—Bluetoothdoesn’thavethebandwidthto transmitahigh-resolutionpicturequickly.We’veseentransmissiontimesfrom 20secondsto145seconds…perphoto!Ouch.
Lastly,digitalcamerascantakeadvantageofwirelesscommunicationstosend photostocompatibleprinters(thoughwe’veneverunderstoodwhypeoplewant toprintdirectlyfromthecamerawithoutatleastseeingthephotoatfullsize onacomputermonitorfirst),ortoacomputertosendbyemail. It’seveneasiertoseewantingWi-Ficonnectivitytostreamvideofroma videocameratoacomputer.Today’scamerasmightbeabletostreamonly lower-qualityvideo,butwiththecombinationofthelatestvideocompression standards,likeMPEG-4,andthelatestWi-Fistandards,like802.11g(54 Mbps)and802.11e(streamingmedia),wemightseedigital-video-quality streamsinthenearfuture.
DigitalStillCameras Wi-Fiisjuststartingtoappearindigitalcamerasaswewrite,withNikon’s D2HProbeingthefirstonethatgoesbeyondtheprototypestage,thoughit’s notyetavailableforsale(Figure18.1).TheD2Hisa4.1-megapixelcamerathat cancaptureuptoeightframespersecond.It’sclearlyaimedattheprofessional photographer,particularlyphotojournalistsandsportsphotographers.What makesitinterestingtous,though,istheoptionalWT-1AWirelessTransmitter accessory,whichscrewsonthebottomofthecamera,drawsitspowerfrom thecamera’sbattery,andconnectstothecamera’sUSB2.0portviaashort cable.Asuppliedantennaprovidesconnectivitywithin100feet(30meters);an optionalantennaincreasesthatrangeto490feet(150meters).Internally,the NikonD2HusesanFTPclienttotransmitphotosfromitsmemorycardtoa remoteFTPserver.Italwaysbufferstheimagesonthecard,butcantransmit
Chapter18 | WirelessGadgets
Figure18.1 NikonD2HPro camera.
whilewritingtothecard.Youcanreadmoreatwww.nikonusa.com/templates/ main.jsp?content=/fileuploads/slr_0703/slr_0703.html.
Similarlyenticingisthe3.24-megapixelCaplioProG3fromRicoh,which canreportedlyacceptoptionalcardsforWi-Fi,Bluetooth,orGPS(Global PositioningSystem,formarkingtheexactcoordinatesofwherephotoswere taken).WewereunabletofindadditionaldetailsaboutthiscamerainEnglish, butifyoucanreadJapanese(orwanttotrytheBabelFishtranslationserviceat http://babelfish.altavista.com/),takealookatwww.ricoh.co.jp/dc/product/ pro_g3/.It’sapparentlyforsaleinJapanfor99,800yen,orabout$850. NikonandRicohmaybethefirsttoshipWi-Fi–capablecameras,butinJuly 2003,SanyoElectricshowedtheDSC-SX560prototype,a1.5-megapixel camerathatsupportsaWi-FiCompactFlashadapterfortransferringimagesvia Wi-Firatherthanstoringthemonaninternalmemorycard.Theinformation isavailableonlyinJapanese,andwewereunabletofinddetailsaboutwhen thecameramightshiporwhatitmightcost. ShortlyafterSanyoshoweditsprototype,FujiPhotoFilmshowedaprototypeof a3-megapixelcamerathatcouldusewirelessnetworkingtosendphotoseither toremotecomputersortowireless-capableprinters.Companyrepresentatives notedthatthecamerawouldalsobeabletoreceivephotossentfromcomputers andsaidthattransmissiontimewouldtakeonlyseconds.Priceandreleasedate forthecamerahaven’tbeensetyet.
VideoCameras WirelessnetworkingvendorD-LinkoffersapairofWi-Fivideocameras forwebcamorsurveillanceuse(Figure18.2).Bothcamerashavemotion
221
222
TheWirelessNetworkingStarterKit Figure18.2 D-Linkwireless videocameras.
detectioncapabilities.TheD-LinkDCS-1000W(www.dlink.com/products/ ?model=DCS-1000W)costsabout$275andprovidesapictureupto640by480 dpiinsize,withframeratesbetween1and20framespersecond.Ituses 802.11bor10/100MbpsEthernettoconnecttoyournetworkandprovidesa built-inWebserverforservingthevideostream.Thenthere’stheDCS-2100+ (www.dlink.com/products/?pid=17),whichcostsabout$330andaddsframe ratesupto30framespersecondandaudio. Neveronetobeleftbehind,inSeptember2003,LinksysreleasedtheLinksys Wireless-BInternetVideoCamera,whichisastandalonewebcamwithits ownIPaddressforattachingtoanywiredorwirelessnetwork(Figure18.3). ItusesMPEG-4videocompressiontoprovidea320by240dpivideoimage, anditcandetectmotion,recordimageswithdateandtimestamps,andsend emailwithashortvideoclipattachedwhenmotionisdetected.Truetoform, Figure18.3 LinksysWirelessBInternetVideo Camera.
Chapter18 | WirelessGadgets
Linksyssellsthecamerabelowthecostofcompetitors,forabout$230.For moreinformation,seewww.linksys.com/products/product.asp?grid=33&scid =38&prid=566.
TIP AvoidvideocamerasfromX10.EvenignoringthefactthatX10hadoneofthe slimiestadvertisingcampaignsonthefaceoftheInternet,thecompanyuses aproprietarymethodoftransferringvideointhe2.4GHzbandandthese cameraswillinterferehorriblywith802.11band802.11gnetworks.Justbefore thisbookwenttopress,theyhadfiledforbankruptcy,too!
Movingupincost,wenextcometotheToshibaIK-WB11a,an$800Wi-Fi camerathatoffersvideostreamsatamuchhigherresolution(1280by960 dpi)thantheD-Linkcameras.Ittooisdesignedformonitoring,withindoor/ outdoormounts,aSecureDigitalcardslotthatrecordstothecardshouldthe networkgodown,anemailalarmfeature,motiondetection,andremotepan andtilt.Toshibawillevenrentyou500GBofstorageonaWebsitesoyoucan archivewhatToshibaestimatesas30daysofcontinuousfootage.Likepretty muchallthesedevices,youconfigureandcontrolitviaaWebbrowser,and itoffersboth802.11band10/100MbpsEthernetconnections.Youcanfind fullspecificationsatwww.toshiba.com/taisisd/netcam/. Lastly,wefindtheIQinvisionIQeye3,whichinitiallyseemscomparableto theToshibacamera(Figure18.4).Itoffers1288by968dpiresolutionand digitalpan,tilt,andzoom,butthenitgoesbeyondtheToshibacamerawith bandwidththrottling,privacyzones,day/nightmode,andsupportforpower overEthernet.YoucanprogramittotransferthevideoitcollectsviaFTPor email.TheIQeye3isdesignedforstandardindustrialmountingsandaccepts standardlenses,alongwithanoptionalWi-Ficardifyoudon’twanttousethe built-in10/100MbpsEthernetport.It’snotcheap,though,atabout$1300. Learnmoreatwww.iqinvision.com/prd/IQe3.htm. Figure18.4 IQinvisionIQeye3 videocamera.
223
224
TheWirelessNetworkingStarterKit
PrintersandAdapters It’seasytotakeprintersforgranted,atleastuntilyourealizeyouwanttolocate oneinaplacethatisn’teasilyreachedbycables—eitherUSBcablesfromyour computerorEthernetcablesfromyourwirednetwork.Luckily,thereareWiFiandBluetoothsolutionsforjustthisproblem.
PrinterAdapters IfyoualreadyownanEthernet-capableprinter,theeasiestwaytomakeit wirelessiswithasimplewirelessEthernetadapter,liketheLinksysWET11 orLinksysWET54G(www.linksys.com ).There’snothingprinter-specific abouttheseproducts:alltheydoisstandinforachunkofEthernetcable.In mostcases,there’sprobablylittleadvantagetousingafaster802.11gwireless Ethernetadapter. That’snottosaythatyoucan’tbuydevicesaimedspecificallyatprinters.TheIBM 802.11bWirelessPrintAdaptercosts$215andconvertsanyIBMInfoprint1000 familyprinterfromEthernettowireless.It’sunclearifthere’sanythingspecial abouteithertheIBMWirelessPrintAdapterortheInfoprint1000printers suchthatyoumustuseonewiththeother.Seewww.printers.ibm.com/internet/ wwsites.nsf/vwWebPublished/wgwirelessadapter_wwformoreinformation. Changingtechnologygears,whatifyouhaveaUSBprinterandaBluetoothcapablehandheldorlaptop?Epson’s$130BluetoothPrintAdapterworks withasmallsetofEpsonUSBinkjetprinterstoenablewirelessBluetooth printingwithin30feetfromPalms,PocketPCs,andPClaptops(noMacintosh compatibilitythatwecouldfind,unfortunately).Learnmoreatwww.epson.com/ cgi-bin/Store/ProductQuickSpec.jsp?oid=16489220.
MoregenericistheAxis5810PrintPlug(www.axis.com/products/axis_5810/), whichplugsintotheparallelportofanyprinterandenablesasmallnumber ofBluetooth-enableddevices(thoughnotMacs)toprinttoit.Thecatch?It’s availableonlyinJapanandEurope.Asimilardevice,theTroyWindConnect BluetoothWirelessPrinterAdapter(www.troygroup.com/wireless/products/ wireless/windconnect.asp),maybeavailable,thoughoneretailerclaimedit hadbeendiscontinued.
PrintServers ForUSB-basedprinters,andthosewithonlyparallelports,youcan’toftenget awaywithjustawirelessadapter,becausetheprinterdoesn’thavetheinternal softwarenecessaryforittoactasanetworkprinter.Forsuchsituations,youneed
Chapter18 | WirelessGadgets
aWi-Fiprintserver,whichcombineswirelesscapabilitieswiththenecessary codetomanageprintjobssubmittedfromcomputersonthewirelessnetwork. Allthesedevicescostaround$100. Forinstance,youmightcheckouttheD-LinkDP311U,whichconnectsa USB-basedprintertoyourwirelessnetwork,ortheD-LinkDP311P,which doesthesameforprinterswithparallelports.Linksysoffersapairofsimilar products:the$85EtherFastPPS1UWWireless-ReadyUSBPrintServer (whichrequiresthatyouaddawirelesscard)andthe$125WPS11Wireless PrintServer(Figure18.5). Figure18.5 Linksyswireless printservers.
Anumberofwirelessgateways,suchastheAsantéFR1004AL(www.asante.com/ products/routers/FR1004AL/),alsoincludeprintservercapabilities,soyou
canplugyourparallelportprinterintothemandaccessitfromanycomputer onyournetwork.MoreunusualisApple’sAirPortExtremeBaseStation (www.apple.com/airport/),whichincludesaUSBportforsharingUSBprinters withMacs,anuncommonfeature. TIP Macintoshusersbeware.OtherthantheAirPortExtremeBaseStation,print serversthatworkwithUSBandparallelportprintersmakethoseprinters availabletoMacsonlyiftheprintersupportsPostScript,ahigh-endprinting language.
AxishasaBluetoothprintserveraswell,the5800+Mobilethatworksmuch likethe5810PrintPlug,butittooisavailableonlyinJapanandEurope.You canlearnmoreaboutitatwww.axis.com/products/axis_5800p/. Youmightnotbotherwithawirelessprintserveratalliflocationisn’tthat important,sincebothWindowsandtheMacOSofferprintersharing
225
226
TheWirelessNetworkingStarterKit
capabilities:youcanplugaprinterintoaMacoraPCandshareitwithallthe othercomputersonyournetwork,wiredandwireless.Themaincaveathere isthatsharingprintersbetweenoperatingsystemscanbequitetricky.Dave fromThursbySoftwareSystems(www.thursby.com/products/dave.html)helps smoothoutproblemsbetweenWindowsandtheMac. TIP Theseproductsareprintservers,notprintspoolers,andthat’sanimportant distinction.Foraprintservertowork,theprintermustbeturnedon,andwhen yousenditaprintjob,theprintoutappearsrightaway.Withaprintspooler, thedeviceactingastheprintspoolerholdsontotheprintjobiftheprinter isn’tturnedonandprintsitonlywhentheprintercomesonline.That’sgreat if,forinstance,yourprinterisinanotherroomandyouforgettoturniton beforeprinting.Adamlovesprintspoolingbecausemuchofwhatheprints isn’ttimesensitive,sohelikesbeingabletosendtheprintjobonedayand turnontheprinterhoursorevendayslatertogetitout.
Printers Ofcourse,ifyou’rebuyinganewprinterandknowthatwirelessaccessisamust, youcanalwayslookforaprinterthathasWi-Fibuiltin.Samsungoffersthe ML2152W,a21page-per-minute,monochromelaserprinterwithaccessvia 802.11b.ItusesPostScript3,printsat1200by1200dpi,andcostsabout$550. Seewww.samsung.com/Products/Printer/Laser/Printer_Laser_ML_2152W.htmfor moreinformation. IfSamsung’sbeefylaserprinterisn’tgeekyenoughforyou,there’salwaysthe NomadprinterfromMobileCommandSystems(Figure18.6).It’sa4-inch thermalrollprinteryoucanwearonyourbeltandcommunicatewithviaoptional Wi-FiorBluetoothcards.It’snotcheapat$800,butlet’sfaceit,it’sdesigned forverticalmarketapplicationslikeprintingon-sitereceiptsfordeliveryfolks. Seewww.mobilecommand.net/files/nomad.htmlfordetails. Figure18.6 MobileCommand SystemsNomad printer.
Chapter18 | WirelessGadgets
Wi-FiDetectors Don’twanttofireupNetStumblerorKisMAConyourlaptoptoseeifany Wi-Finetworksareinyourvicinity?Acoupleofcoolgadgetsaimtogiveyou analternative. TIP APocketPChandheldwithMiniStumbleriswaymoreexpensivethaneitherof thesedevices,butitmightbethebestoption.YoucandownloadMiniStumbler fromwww.netstumbler.com.MakesureyouhaveasupportedWi-Ficard.
Kensington’sWi-FiFinderisaslim,handhelddevicethatdetectsnearby wirelessnetworkswiththepressofabutton,indicatingsignalstrengthwith threelights.Unfortunately,it’snotallit’scrackeduptobe.Ithastrouble detectingallbutthestrongest802.11baccesspoints,andearlyusersreported thatitdidn’tsee802.11gnetworksatall(thoughthatmay,ofcourse,changeby thetimeyoureadthis).Italsoreportedlycan’tseeWEP-encryptednetworks, anditsLEDsaretoodimtoseeeasilyinthesun.Onthepositiveside,itcosts onlyabout$30.Visitwww.kensington.com/html/3720.htmltolearnmore,or searchtheWebtoseereportsaboutit. Foracompetingproduct,checkouttheSmartIDWFS-1Wi-Fidetector (Figure18.7).It’sroughlythesamesizeandpriceastheKensingtonWi-Fi Finder.Italsochecksonlywhenyoupressabutton,buthasfourLEDsto indicatesignalstrength,andonlinereportssuchaswww.securityfocus.com/ infocus/1727indicatethatitworksbetterthanKensington’sproduct.Read moreaboutitatwww.smartid.com.sg/prod01.htm. Figure18.7 SmartIDWFS-1WiFidetector.
227
228
TheWirelessNetworkingStarterKit
Lastly,there’stheWiFisense,whichisn’tsomuchaproductyoucanbuy (youcan’t)asawearableartproject(Figure18.8).It’sashinysilverhandbag studdedwith64redLEDsthatlightuptoindicatetheavailability,quality, andaccessibilityofnearbywirelessnetworks.WhenevertheWiFisensedetects awirelessnetwork,itusespatternsoflightandsoundtoprovidedetailsabout thenetwork’ssignalstrengthandstatus.It’sextremelycoolasademonstration oftechnologythatcouldbebuiltintootherproducts,thoughalittlebrightfor us.SeetheWiFisenseWebsiteatwww.wifisense.com. Figure18.8 WiFisensehandbag detector.
FileServers Youmaythinkthatfileserversareonlyforbusinesses,buttwofirmsaretrying tochangethatimpressionwithsmall,silentfileserversthatconnecttoyour othercomputersviaWi-Fi. TheslimNetDriveWirelessfromMartianTechnologyisessentiallyalowpowerx86-compatiblecomputerrunningaLinuxkernelanddedicatedtofile andprintersharingtasks.Itcomesstandardwitheithera120GB($480)or a40GB($400)harddrive,oryoucanbuya$380kitthatcomeswithaCDROMplayerforinstallingtheoperatingsystemonanydriveyouchooseto add.YouconnecttheNetDrivetoyournetworkviaan802.11b(with802.11g availablebythetimeyoureadthis)orastandard10/100MbpsEthernet cable.Onceinstalledandturnedon,youcanstorefilesonitorplugaUSB printerintoitforprintersharingwithWindowsandLinuxmachines(orMacs usingGimp-Print).TheNetDriveusesSMBforfilesharing,whichmeans
Chapter18 | WirelessGadgets
it’scompatiblewithWindows,MacOSX,andLinux,andithasbetasupport forAppleShare,whichwillenableittoworkwithMacOS9.Macusersaren’t limitedtostoringnormalfilesonitasanetworkvolume;italsosupports iTunesMusicSharing,soyoucanstoreallyourMP3sonitandhavethem automaticallyappeariniTuneseverywhereonyournetwork.Itevenworks withtheSLIMP3musicplayer(discussedlater).Seewww.martian.comforfull detailsandorderinginformation. NOTE We’resodistraught!Inthefinalchecksbeforegoingtopress,welearnedthat MartianTechnologyisnolongersellingdirectlytothepublic.Sorry!
TheMartianNetDriveisextremelycool,butforanevensmallerandgeekier Wi-Fifileserver,checkouttheSonyFSV-PGX1,whichisalsoaLinux-based fileserverwithsupportfor802.11b.WhiletheMartianNetDriveWirelessis aboutthesizeofareamofpaperorathickreferencebook,theSonyproduct ismorethesizeofapaperbackbook.Ithasonlya20GBharddrive,andit supportsSMB,NFS,andFTPforsharingfiles.It’sactuallymeantasaportable device(formovingdatabetweenhomeandwork,forinstance),soalthough itmustbeinitsdockforpower,itdoeshaveaninternalbatterythatactsasa backupfororderlyshutdownwhenyouremoveitfromthedock.Thedock alsoprovidesa10/100Ethernetport,shouldyouwantfasterconnectionsthan areavailablevia802.11b.TheSonyFSV-PGX1isavailableonlyinJapanright now,forabout$600.Youcanseemoreaboutit,inJapanese(orviaBabelFish) atwww.sony.jp/products/Consumer/PGX/.
MusicandPhotoPlayers We’rebothdevoteesofconvertingouraudioCDstoMP3formatandstoring theMP3sonaserversowecanaccessthemfromanyofourcomputers.It worksextremelywellforus,butwehaveoldercomputerswecandedicateto thejobofplayingMP3sthroughourstereos.Whatdoyoudoifyouwantto playMP3sthroughyourstereowithouthookingacomputertoitdirectly? Andifyou’resendingMP3stoyourstereo,whataboutshowingyourdigital photosonyourtelevision? TheSLIMP3isprobablythebest-knowndevicedesignedforplayingMP3s fromyournetworkonyourstereo.Itcosts$240,andforthatyougetabox thatsitsontopofyourstereo,showsyouwhat’splayingviaafluorescentgreen display,andworkswithWindows,MacOSX,Linux,andotherUnixvariants. YouconnectittoyourEthernetnetworkanduseanRCApatchcordtoconnect
229
230
TheWirelessNetworkingStarterKit
ittoyourstereo.Onceit’ssetup,youcontroliteitherusinganincludedremote controlorthroughitsbuilt-inWebinterface.Ifyouwantittobewireless(lots ofpeopledo),SlimDevicesrecommendsusingastandardwirelessEthernet adapterliketheLinksysWET11,theSMC2670WEZConnectWireless EthernetAdapterfromSMCNetworks,ortheOrinoco/ECfromProxim.It’s aneatdevice,andyoucanlearnmoreaboutitatwww.slimp3.comorbyreading theTidBITSreviewathttp://db.tidbits.com/getbits.acgi?tbart=07150. Foradevicewithbuilt-inWi-Fi,looktotheHomePod,fromGlooLabs. Althoughitwasn’tshippingatpresstime,itshouldbeavailablesoonfor$200.It claimstoofferbasicallythesamefeaturesetastheSLIMP3,sothecomparison maycomedowntopriceandinterface,andsincethepicturesontheGlooLabs WebsitelookdifferentfromthedevicesAdamwasshownatMacworldExpo inJanuary2003,there’snotellingexactlywhattheHomePodwilllooklike whenitships.Visitwww.gloolabs.comformoreinformation. LinksysbeatsbothonpricewiththeWireless-BMediaAdapter,whichplays MP3sonyourstereoanddisplaysphotosonyourtelevisionforabout$175 (Figure18.9).Italsohasa10/100MbpsEthernetjack,ifyouhaveEthernet wiringnearby.Linksysincludesaremotecontrolandprovidesaninterfaceon yourtelevisionscreen,althoughitlacksadisplayonthedeviceitself,unlike boththeSLIMP3andtheHomePod.It’salsoWindows-specific.Readmore aboutitatwww.linksys.com/products/product.asp?prid=554. Verysimilartotheothers,thoughmoreexpensive,isthe$300DigitalMedia Receiverew5000fromHewlett-Packard,whichactsasawirelessMP3player anddisplaysphotosstoredonyourcomputeronyourtelevision.Although Figure18.9 LinksysWireless-B MediaAdapter.
Chapter18 | WirelessGadgets
theproductinformationisn’tentirelyclearaboutthis,westronglysuspect thatitworksonlywithWindows-basedcomputers,soMacintoshandLinux usersshouldprobablystickwithanotheroption.Youcanfindsomeadditional informationathttp://h30027.www3.hp.com/mediaReceiver/. Thec200andc300modelsfromcd3ohavethepeculiar,uniquenotionthatit’s allaboutaudio:there’snoLCDdisplay.Instead,thedevicespeaksitsmenus andoptionstoyouoverthestereo.Thetwomodels,whichcost$180and$200, respectively,handleeither802.11bor10/100MbpsEthernetconnections, butrequireaWindowsmachinetorunthejukeboxsoftware.TheWindows machinemusthaveanaudiocardinstalledinordertorunthevoicesynthesis softwaretocreatethespokennamesofsongs,artists,andalbumsthatare transmittedtotheplayer.Youcanreadaboutmodeldetailsatwww.cd3o.com/ products/models.html. TIP Justbeforepresstime,CreativeTechnologyreleasedtheSoundBlasterWireless Music,yetanotherwirelessdeviceforplayingMP3sfromyourcomputeronyour stereo.It’s$250andyoucanlearnmoreatwww.americas.creative.com/ products/product.asp?product=2092.
Lastly,wefoundtheGo-VideoD2730NetworkedDVDplayerwhich,along withbeingastandardDVDplayer,connectstoyourcomputerviaawiredor wirelessnetworkforplayingMP3audiofilesonyourstereo,showingJPEG photosonyourtelevision,andevenplayingMPEG-1andMPEG-2videofiles. LikeHewlett-Packard’sDigitalMediaReceiver,itworksonlywithWindows. Nonetheless,it’sneattoseesuchfeaturesshowingupinconsumerelectronics, andyoucanreadthefulldetailsatwww.govideo.com/?ID=D2730.
TVs,Monitors,andProjectors Forthemostpart,youcan’treallystreamfull-qualityvideovia802.11b,andit canbeiffyevenwith802.11aor802.11gunlessyouhavegoodsignalstrength andthelatestvideocompressionsoftware.Thatsaid,anumberofproductsdo mixWi-Fiandvideodisplay.
TelevisionTransmitters Continuinginthethemeofcoolproductsthathaven’tbeenseenoutside Japan,wecometotheSonyAirBoard,whichSonydescribesasa“wireless Webpad.”It’sagooddescription,sincetheAirBoardisbasicallyaportable flat-paneltelevisionthatreceivesdigitalvideostreamedfromabasestation overaWi-FilinkandletsyoureademailorbrowsetheWeb.Thebasestation
231
232
TheWirelessNetworkingStarterKit
containsatelevisiontuner,anEthernetjack,amodemport,andconnections forotherdevicessuchasDVDplayers.Youinteractwiththebasestationvia atouchscreeninterfacemountedonthemain12.1-inchcolorLCDscreen; thelatestincarnationalsocomeswitharemotecontrol.ItalsoacceptsSony MemoryStickcardsandcandisplayphotosfromthem.Unfortunately,the batterylastsonly1–2hours,dependingonthebrightnessofthescreen.Even moreunfortunate,itcostsabout$1100,makingitmoreexpensivethanmany low-endlaptops,whichhavehigherresolutionscreens(theAirBoardrunsat 800by600dpi),andmayevenweighless(itchecksinat4.9pounds).Overall, itsoundslikeSonyisexperimentingwiththeAirBoardtoseehowpeople interactwithportabledisplaydevices.YoucanwatchaFlashvideoaboutitat www.sony.jp/airboard/indexpc.html.
Foralessambitiousproductthat’salsoavailableonlyinJapan,considerthe CasioXF-800,aWi-Ficolortelevision.LiketheSonyAirBoard,theCasio XF-800communicateswithabasestationthatprovidesthetelevisiontuner andtransmitsthevideoviaWi-Fi.Casiomakesabigdealaboutit(andits remotecontrol)beingwaterproof,apparentlybecausetheyanticipatepeople watchingalotoftelevisioninthebathroom.Itseemsthatwaterproofingthe XF-800costsalot;itreportedlysellsfor160,000yen,orabout$1300.Take alookatwww.casio.co.jp/tv/xfer/.
Monitors WanttouseyourdesktopPCwithoutsacrificingtheportabilityofalaptop? CheckoutViewSonic’sAirpanelV110pandV150pSmartDisplays(Figure 18.10).They’rewirelessmonitorsforyourdesktopPC,displayingexactlywhat you’dseeifyouweresittingatyourdesk,butdoingsoanywherewithinrange ofyourWi-Finetwork.TheAirpanelV110p(www.viewsonic.com/products/ airpanel_airpanelv110p.htm)isa10-inchLCDmonitorthatweighsabout 3pounds,andthe6-poundV150p(www.viewsonic.com/products/airpanel_ airpanelv150p.htm)offersthesamefunctionalitywitha15-inchdisplay.Battery lifeisabout4hours.Unfortunately,they’renotcheap,withtheV110pat$800 andtheV150pat$1000—youmightbebetteroffgettinganinexpensivelaptop andusingTimbuktuProorPCAnywhereremotecontrolsoftware.
Projection Switchingtoamorecorporateuseforwirelessnetworking,manydifferent modelsofLCDprojectorssupportWi-Fiinordertohelpmultiplepeopledisplay presentationslidesthroughtheprojectorwithoutpluggingandunplugging VGAcables.Thiscouldbeparticularlyusefulinabusinessconferenceroom,
Chapter18 | WirelessGadgets
Figure18.10 ViewSonicAirpanel V150pwireless monitor.
forinstance,wheremultiplepeoplemayneedtopresentinquicksuccession, andbeingabletoconnectwirelesslywouldreducesetupandswitchingtime, particularlyiftherewasonlyoneseatforthepresenter.Youdohavetobecareful, since802.11bdoesn’tprovideenoughbandwidthformoviesorvideo,sostickwith staticslides.Foranoldarticleaboutthistopicthatlinkstoinformationabout manyprojectormodelsthatsupportWi-Fi,visitwww.projectorcentral.com/ wi-fi.htm.Costsvarywidely,ofcourse. Ifyoualreadyhaveaprojectorthatdoesn’tsupportWi-Fi,checkoutthe LinksysWPG-11WirelessPresentationGatewayandtheWPG-12Wireless PresentationPlayer.TheWirelessPresentationGatewayconnectstoyour projectorviaVGAandtoremotecomputersviaWi-Fi.Itincludesclient softwarethatmakesthecomputersendacopyofthescreenimagetothe WirelessPresentationGatewayfordisplayontheprojector.TheWireless PresentationPlayerofferssimilarfunctionality,butadds32MBofinternal RAMsoyoucanessentiallyuploadyourpresentationtoit,andthenpresentit usinganincludedremotecontrol—nocomputernecessary.Theclientsoftware worksonlywithWindows.Bothcostabout$300,andyoucanreadmoreabout thematwww.linksys.com.
Wi-FiPhones Let’stalkconvergence.Thephonecompanyusesonlytheequivalentof64 Kbpsofbandwidthpercallonitsvoicenetwork:56Kbpsofcontentand8 Kbpsofoverhead.Withmorecompression,voicequalitycanstillberetained downto20Kbps. Manybusinessesandindividualshavehigh-speedInternetconnectionsthathave morethanenoughbandwidthtosupportcallsinbothdirections.Andmany peoplewithbroadbandalsohaveWi-Finetworks.Mixthetwotogether,add
233
234
TheWirelessNetworkingStarterKit
anup-and-comingtechnologycalledVoice-over-IP(VoIP),andyouarriveat theWi-Fitelephone,occasionallycalledVoice-over-WirelessIP(VoWIP).Put simply,theWi-FiphoneusesWi-Fitocommunicatewithyouraccesspoint, sendingVoIPpacketsouttootherVoIPphonesoradevicethatconnectsVoIP trafficwiththePSTN(PublicSwitchedTelephoneNetwork).ThePSTNis theskeinofwiresandcentralofficesthatformsthebackboneoftheregular voicetelephonenetwork. StandardwiredIPphonesfromCiscoSystems(www.cisco.com)aregaining popularity,particularlyinorganizationswhereit’seasiertoaddphonestoan Ethernetnetworkthanitistorunseparatewiring.Rightnow,IPphonesare quiteexpensiveanddifficulttosetup,whichlimitstheirappealtoconsumers. However,thatmaychangesoon,withinexpensiveIPphonesappearingfrom GrandstreamNetworks(www.grandstream.com ),servicesthatconnectIP phoneuserslikeFreeWorldDialup(www.freeworldialup.com)andSIPphone (www.sipphone.com),andevencompanieslikeVonage(www.vonage.com)that offerseamlessconnectionsbetweennormalphones,yourInternetconnection, andthePSTN. BothCiscoandanotherbusinessfirm,SpectraLink,offerVoIPincorporate networkswiththeadditionofgatewayserversthathandlefindingandtracking usersacrossinternalwirelessnetworksandroutingcallstoandfromthePSTN. Cisco’s7920wirelessVoIPphone,forinstance,lookslikeabulkycellphone andworkswithCisco’saccesspointsandCallManagersoftware.SpectraLink guaranteesthatitsWi-Fiphonesworkwithavarietyofaccesspoints,butits productsmaynotworkperfectlywithuntestedequipment.(SpectraLink’s preferredWi-Fihubsuseaformofin-progress802.11ethatassuresvoice packetshavepriorityoverplaindata.)Visitwww.cisco.com/en/US/products/ hw/phones/ps379/products_data_sheet09186a00801739bb.htmltoreadmore aboutthe7920,orvisitSpectraLink’sWebsiteatwww.spectralink.com. TIP Rightbeforewewenttopress,PulverInnovationsannounceda$250Wi-Fi phonethatworkswiththeFreeWorldDialupVoice-over-IPservice.Findout moreatwww.pulverinnovations.com/wisip.html.
Althoughwearen’tawareofanyotherWi-Fiphonesrightnow,Nextel Communications,amajorcellularcarrier,hasannouncedplanstoofferaMotorola mobilephonethatcanmakecallsoverastandardWi-Finetwork,aswellas overNextel’snormalcellularnetworkwhenawayfromtheWi-Finetwork.The trickypartofsuchadual-protocolphoneisthehandoff—transferringthecall
Chapter18 | WirelessGadgets
fromWi-Fitothecellularnetworkandbackagainasnecessary.Apparently Nextel’scurrentprototypescantransferfromWi-Fitothecellularnetwork, butnotback. Lastly,wefindtheVoceraCommunicationsSystem,whichismoreakin toStarTrekcommunicatorsthantoday’sclunkytelephones.TheVocera CommunicationsBadgeisatwo-ounce,voice-controlledcommunicatorthat usesWi-FitocommunicatewithacentralserverrunningtheWindows2000basedVoceraServerSoftware(Figure18.11).Thebadgecontainsaspeaker,a microphone,thewirelessradio,andasmallLCDscreenforcallerIDinformation ortextmessages.Thesystemisdesignedforhands-freecommunicationswithin awireless-enabledbuildingorcampus,butanoptionaladd-onconnectsit withthePSTNsoyoucanuseitasatelephoneaswell.Thankstoasteeplist price($30,000foranentry-levelsystemwith75userlicensesand25badges), Vocera’searlycustomershavemostlybeenhospitalsandwarehousestores,both placeswherekeyworkers(likenursesandmanagers)arerarelynearafixed phone,lackcellserviceasagoodoption,andoftenhavetheirhandsfull.One interestingcapabilityofthesystem:amanagercouldsaytothecommunicator, “findmeallcashiersonthesecondfloor,”andproximityinformationabout accesspointlocationscouldbeusedtoconnectthemanagerbyvoicetothose cashiers.Learnmoreatwww.vocera.com. Figure18.11 Vocera Communications Badge.
Miscellaneous Thesedevicesdefyeasycategorization,butdeservemention.Linksysmarkets apairofspecialwirelessnetworkadaptersdedicatedtoconnectingEthernetcapablegameconsoles.TheLinksysWireless-BGameAdapter(802.11b; see www.linksys.com/products/product.asp?grid =33&scid =38&prid =550 ) andWireless-GGameAdapter(802.11g;seewww.linksys.com/products/pr
235
236
TheWirelessNetworkingStarterKit oduct.asp?grid=33&scid=38&prid=558)letyouconnectagameconsolelikea
SonyPlayStation2,MicrosoftXbox,orNintendoGameCubetoyourwireless networkforInternetaccesstoonlinegames.Ifyouhavemultiplegameconsoles inthehouse,youcanalsouseLinksys’sgameadapterstoconnecttheconsoles togetherformulti-playergames.TheWireless-BGameAdaptersellsforabout $65now;theWireless-GGameAdaptercostsabout$115.
19
CreatingaSoftware AccessPoint
Althoughwe’vebeentalkingentirelyabouthardwaresofar,there’snoreason anaccesspointcan’texistentirelyinsoftwareonaregularPCorMacintosh. Infact,yearsago,AppleembracedthenotionthatwithanAirPortcard,you shouldbeabletoturnacomputerintotheequivalentofanaccesspointeven whileitcarriesoutothertasks. NOTE DespiteApple’searlySoftwareBaseStationsupportinMacOS8.6andthen MacOS9,MacOSXlackedthefeaturefornearlyitsfirstyearandahalf, untilMacOSX10.2JaguarcameoutinAugust2002.
NOTE Thankstoanexclusiveagreementwithchip-setmakersforitsAirPortand AirPortExtremecards,onlyApplecanenableaspecialsoftwaremodethat makesasoftwareaccesspointactidenticallytoahardwareaccesspoint.
AlthoughMicrosofthasn’tbuiltatruesoftwareaccesspointfeatureinto Windows,youcansimulateitusingadhocnetworking.Microsoftisunlikely toaddthisfeaturebecauseithasrecentlystartedsellinghardwarewireless gateways;otherequipmentmakersareequallyunlikelytoofferitforthesame reason. Themainadvantageofasoftwareaccesspointisclearlycost:Macusers,for instance,cangetvirtuallyallthefeaturesofanAirPortExtremeBaseStation,
238
TheWirelessNetworkingStarterKit
includingDHCP,NAT,andevenafirewall,usingMacOSX’sbuilt-inInternet Sharingfeature,allwithoutponyingupthe$200ormoreforanAirPortExtreme BaseStation.Secondaryadvantagesarethepossibilityofmoreprecisecontrol andabetterinterfacethantheoften-clumsyWeb-basedinterfaces. However,therearelimitationstorunningasoftwareaccesspointinfavorof ahardwaremodel:
• Range.Wirelessnetworkadaptersforcomputersmaynothavetherange ofthemoreadvancedorhigher-gainantennasfoundinhardwareaccess pointsandgateways.
• Availability.Makingacomputerintoasoftwareaccesspointturnsitinto somethingyoumustmonitorandmaintain.Standaloneequipmenttends tobemorerobustthanmostdesktopoperatingsystems,andalthougheven hardwareaccesspointscanbecomeconfused,theyrequirelessmaintenance andfiddlingthanthecomputersthatrunsoftwareaccesspoints.
• Electricalpower.Ifyou’rethesortofpersonwholikestoturnoffthelights
whenyouleavearoom,theextrawattageusedbyacomputerturnedonall thetimemayirritateyou.Ahardwareaccesspointburnsmaybeadozen watts,whileacomputercouldrunat150wattswithitsmonitorturned on.Thecostsavingsisprobablyminimal,buttheprincipleofnotwasting powerunnecessarilyiswhatmatters.
• Intermittentconnectivity.Wedon’trecommendusingasoftwareaccess
pointinconjunctionwithanintermittentdial-upInternetconnection, particularlyifyouwantyourcomputerstocommunicatewithoneanother whenyou’renotconnectedtotheInternet.Thereasonisthatwhenyou’re connectedtotheInternet,yoursoftwareaccesspointwillhandoutIP addressesviaDHCP,perhapsinthe192.168.1.xrange.Butwhenyou’renot connectedtotheInternet,yourcomputerswillreverttoself-assignedIP addressesinthe169.254.x.xrange.ThisswitchingofIPaddressesislikely tocauseirritatingproblemsthatgoawayifyourelyonahardwareaccess pointtoconnecttotheInternetanddoleoutasinglesetofIPaddresses.
ConfiguringSoftwareBaseStation inMacOS8.6/9.x YouconfiguretheSoftwareBaseStationfeatureinMacOS8.6and9.xvia theAirPortapplication,typicallyfoundintheAppleExtrasfolderinside yourApplicationsfolder.ToshareanInternetconnectionamongthewireless
Chapter19 | CreatingaSoftwareAccessPoint
computersthatconnecttoyourSoftwareBaseStation,youmustalsohavea workingInternetconnectionviaEthernetfromacableorDSLmodem,or viastandarddial-up. NOTE Ifyouwanttosharefilesbetweentwowirelesscomputers,youcancreatean adhocwirelessnetworkwithoutusingSoftwareBaseStation.Formoreon adhocnetworkingandfilesharing,seeChapter12,CreatinganAdHoc WirelessNetwork,andChapter13,SharingFiles&Printers.
1. OpentheAirPortapplicationandclicktheSoftwareBaseStationbutton
inthemainscreen’slower-leftcorner. 2. IntheStart/Stoptab,enteranameforyournetwork(SSID)intheNetwork
NamefieldandchoosethechannelfromtheChannelFrequencypop-up menu(Figure19.1). Figure19.1 Configuringthe SoftwareBase StationintheStart/ Stoptab.
3. IfyouwanttoenableWEPencryption,checkEnableEncryption(Using
WEP)andclicktheChangeNetworkPasswordbuttontoenterthe WEPkey. 4. ClickStarttobeginsharingtheInternetconnection.
Apple’sSoftwareBaseStationalwaysprovidesIPaddressestoclientcomputers viaDHCP;intheNetworktab,youcanselectifyoualsowanttoprovideIP addressestowiredcomputersconnectedviaEthernet.Finally,usetheAccess Controltabtorestrictaccesstospecificnetworkadaptersbyenteringtheir MACaddresses.
239
240
TheWirelessNetworkingStarterKit
TIP Ifyou’reusingathird-partywirelessnetworkadapterorwantmorecontrolthan Apple’sSoftwareBaseStationfeatureprovides,checkoutSustainableSoftworks’ IPNetRouter(www.sustworks.com/site/prod_ipr_overview.html).Itcan doeverythingSoftwareBaseStationcandoandmuchmore,inpartbecause SustainableSoftworkswrotemuchofSoftwareBaseStationforApple.
ConfiguringInternetSharinginMacOSX InMacOSX10.2Jaguar,ApplerenamedtheSoftwareBaseStationfeature toInternetSharingandrelocateditfromtheAirPortutilitytotheSharing preferencespaneinSystemPreferences. NOTE Tosharefilesbetweentwowirelesscomputers,youneedonlyanadhoc network;it’snotnecessarytoturnonInternetSharing.Youcanlearnmore aboutadhocnetworkingandfilesharing,inChapter12,CreatinganAdHoc WirelessNetwork,andChapter13,SharingFiles&Printers.
Beforestarting,makesureyouhaveeitheranEthernetoranInternalModem connectionsetupintheNetworkpreferencespane,asyoucan’tcreateasoftware accesspointwithoutoneortheotheractive.UnliketheSoftwareBaseStation inMacOS9,Jaguar’sInternetSharingfeatureworkswhetheryoureceive yourInternetconnectionviaEthernet,InternalModem,orevenAirPort.For thisexample,weassumeyourInternetconnectioncomesviaEthernetfrom acablemodem. 1. OpenSystemPreferences,clickSharing,andclicktheInternettab
(Figure19.2). 2. InMacOSX,checkShareYourInternetConnectionwithAirPort-
EquippedComputers.InMacOSX10.3,chooseeitherBuilt-inEthernet orInternalModem(whichevermatcheshowyouaccesstheInternet)from theShareYourConnectionUsingpop-upmenu,andthenselectAirPort intheToComputersUsinglist. 3. InMacOSX,ifyouwanttoenableDHCPserviceacrossbothyour
wirelessandyourconnectedwirednetwork,checkSharetheConnection withOtherComputersonBuilt-inEthernet. 4. ClickAirPortOptionstosetthenetworkname,channel,andWEPkey. 5. ClickStart.
Chapter19 | CreatingaSoftwareAccessPoint
Figure19.2 Configuring InternetSharing intheInternet taboftheSharing preferencespane.
TIP IfyouturnonWEPinMacOSX10.2andanticipatePCsorMacswithout AirPortcardseverwantingtoaccessyournetwork,werecommendyousetthe WEPkeyusingadollarsign,followedbythe10-digitor26-digithexadecimal key.Why?Ifyousetthekeyusinganormalpassphrase,there’snowayforyou toextractahexadecimalpasswordforusewithnon-AirPortwirelessnetwork adapters.MacOSX10.3tellsyoutochooseeithera5characterpassword for40-bitWEPora13characterpasswordfor128-bitWEPforcompatibility withnon-Applehardware.
WindowsXPandRoutingSoftware Althoughitisn’tpossibletoenableatruesoftwareaccesspointunderany versionofWindows,youcansimulateonewithadhocnetworking.Although adhocnetworkingdoesn’trelyonasinglemachinetoroutetrafficamong machinesonanetwork,youcanstillhaveoneofthecomputersonanadhoc wirelessnetworkalsoconnectedtoanEthernet-basedInternetconnection. ThatInternet-connectedmachinecanthenactasthegatewaythatenablesthe othermachinesontheadhocnetworktoreachtheInternet.Thisapproachisn’t asrobustasatruesoftwareaccesspoint,butitcanworkfineinsmallnetworks ofonlyafewmachines.
241
242
TheWirelessNetworkingStarterKit
UnderWindowsXP,youaccomplishthissleightofhandbycombiningadhoc networkingwithWindowsXP’sfeatureforsharinganetworkconnectionwith othercomputers.Asanaddedbonus,thisfeatureturnsonDHCPservice. First,followtheinstructionsin“CreatinganAdHocNetworkinWindows XP”inChapter12,CreatinganAdHocWirelessNetwork,tosetupadhoc networking.Next,makesureyouhaveanInternetconnectionactivethrough anotherinterface,eitherEthernetoradial-upconnection.Nowfollow thesesteps: TIP Windows2000canalsoshareanetworkconnection;inNetworkandDialupConnections,opentheconnectionassociatedwithyourwirelessnetwork adapter,clickthePropertiesbutton,clicktheSharingtab,andcheck“Enable InternetConnectionSharingforThisConnection.”
1. FromtheControlPanel,selectNetworkConnections,andthenselectthe
WirelessNetworkConnectionitem. 2. Fromtheleftverticaltasklist,clickChangeSettingsofThisConnection
underNetworkTaskstoopentheWirelessNetworkConnectionProperties dialog(Figure19.3). Figure19.3 TheWireless Network Connection Propertiesdialog.
3. ClicktheAdvancedtab. 4. CheckAllowOtherNetworkUserstoConnectthroughThisComputer’s
InternetConnection(Figure19.4).
Chapter19 | CreatingaSoftwareAccessPoint
Figure19.4 Configuring Internetsharingin WindowsXP.
5. FromtheHomeNetworkingConnectionpop-upmenu,chooseyour
wirelessnetworkadaptertosharethewiredordial-upconnectionwith otherdevicesonthewirelessnetwork. 6. ClickOK.
TIP TomakemorecomplexInternetsharingsetupsinWindowsXP,youcanuseits bridgingoptiontoconnectmultiplenetworksviayourcomputer.UseWindows XP’sbuilt-inhelptoreadmoreaboutthisfeature.
You’venowturnedyourWindowsXPsystemintosomethingapproachinga softwareaccesspoint,completewithsharinganInternetconnectionandserving IPaddressestoothercomputersontheadhocnetworkviaDHCP.
243
20
BridgingWirelessNetworks
Onceyou’vebeenbittenbythewirelessnetworkingbug,it’salltooeasytokeep addingmachinesandexpandingyournetworkuntilsuddenlyyoucomeup againstabrickwall,perhapsliterally.Yournextexpansionisstymiedbecause someclientcomputerscannotreachyoursingleaccesspoint. It’scommonforalargerhouseandalmosteverysmallofficetolackanideal placewhereasingleaccesspointcanservealltheclientcomputers.Aswenote inChapter15,PlanningYourWirelessNetwork,inthe“MultipleAccessPoints” sidebar,addinganotheraccesspointviaEthernettocreatearoamingnetworkcan solvetheproblem.ButaroamingnetworkrequiresawiredEthernetconnection runningamongalltheaccesspointstoconnectthemintoaseamlessnetwork. Cheapthoughitis,cablemaynotbeyourbestoptionbecauseofdistanceor physicalbarriers.Howmanyholesdoyouwanttodrillinyourhome?How badlydoyouwanttopersuadeabuildingownertoletyoupullwirethroughher walls?Instead,youcanuseavarietyofinexpensivebridgesandaccesspointsto connectindividualaccesspointswirelessly,retaining(andindeedenhancing) theadvantageofwirelessnetworkingwithoutrequiringadditionalwires.It usuallysavesyoumoney,too.
BridgingBasics Theconceptbehindwirelessbridgingisthatyouconnectasingleaccesspointto anInternetconnection,whichalmostalwaysinvolvesanEthernetortelephone cable.EvenifyourInternetconnectionarriveswirelessly,asAdam’sdoes,you stillrunanEthernetcablefromtheincomingfeedtoatleastonegateway.
246
TheWirelessNetworkingStarterKit
Thenyouinstalloneormoreaccesspointstoaddcoveragetoanareaunreachable bythefirst.Thesecondaccesspointmustbelocatedatapointwhereitcan stillconnectwirelesslytothefirstaccesspoint(Figure20.1).Youmaybeable todaisy-chainadditionalaccesspointsfromthatsecondonetoextendthe networkinastraightline.Alternatively,ifyouwanttoincreasetheradiusof yourwirelesscoverage,youmaybeabletoaddadditionalaccesspointsthatall spreadoutfromthecentralhubofthefirstaccesspoint(Figure20.2). Figure20.1 Atypicaltwoaccesspointbridge inwhichclient computersconnect toaccesspoints whichconnectto eachother.
Figure20.2 Amorecomplex arrangement radiatingfroma central,Internetconnectedgateway.
Themagiccomesinconfiguringtheaccesspoints(orwirelessbridgesconnected totheaccesspoints)tomovetrafficfromthesecondaccesspoint’swireless clientcomputers,throughthesecondaccesspoint,acrossawirelessconnection tothefirstaccesspoint,andouttotheInternet.
Chapter20 | BridgingWirelessNetworks
Bridgesareagreatsolutionforafewcommonsituations,suchasexpandingan officenetworkintomultiplerooms,floors,orbuildings;hookingupalarger networkacrossahome;orbypassinganobstaclethatblocksthewirelesssignal betweentwoareas. Ineffect,abridgeallowsyoutobypassevenmoreofthephysicallimitations oftheworld,andsendyourwirelessnetworkintolargerandmorefar-flung connections.
KindsofBridges TherearefourwaystobridgewirelessnetworksoverWi-Fiwithoutinvolving otherprotocolsorexpensive,corporate-gradeequipment:
• ViatheWirelessDistributionSystem(WDS),atechnologybuiltinto
anincreasingnumberofwirelessgatewaysthatenablesthemtofunction simultaneouslyasabridgeandanaccesspoint,bothservinglocalclients andbridgingtraffic.
• UsingaspecialWi-Fi–to–Ethernetbridgethatplugsintoawiredconnection
ononesideandcarriesallthetrafficfromitswiredconnectionoverWi-Fi toasingleaccesspoint;thesecanconnecttoanystandardaccesspoint.
• UsingtwoormoreWi-Fiaccesspointsthatcanbesettoactinabridge-
onlymodebutcanconnectonlytosimilaroridenticaldevicesforpointto-pointorpoint-to-multipointconnections.
• WithacomputerthathastwoormoreWi-Ficardsinstalled,whichbridges trafficononeofthemandactsasasoftwarebasestationontheother.
Decidingwhichofthesefouralternativesmakesthemostsenseforyour situationdependsonthedistancethebridgemusttraverse,yourcurrentsetof equipment,andthenatureofyournetwork.
BridgingwithWDS TheWirelessDistributionSystemisoneofthemostusefuladditionstoWiFitechnologybecauseitenablesyoutocreateanall-wirelessnetworkthat’s muchlargerthanwouldbepossiblewithasingleaccesspoint.Itcreatesa cloudofcoveragebygivingaccesspointsthecapabilitytopassdataamong themselveswirelessly. TIP Ifyoudon’tneedacloudofwirelesscoveragearoundeachaccesspointina WDSnetworkthatconnectsareastogether,lookatthenexttwosolutions.
247
248
TheWirelessNetworkingStarterKit
NOTE Somewirelessgateways,includingtheLinksysWAP54G,useWDSina specializedway:wheninbridgingmode,theycan’tactasanaccesspoint andviceversa.Inthissection,wetalkonlyaboutWDS-capablegateways thatcanworksimultaneouslyasbridgesandaccesspoints.
Thatsaid,therearesomelimitstoWDS:
• NomanufacturerwespoketoistestingwhetheritsversionofWDSworks withanyotherversion.Sincemanycompaniessellingconsumerequipment usethesamesetofsiliconchipsandunderlyingfirmware—notablyLinksys, Buffalo,Apple,andafewother—youmightbeabletomakeWDSwork amongvariedequipment(andinfact,we’veverifiedthatWDSgearfrom AppleandBuffaloworkstogether).Butnoguarantees!
• Youneedsomepatiencetogatheralltheinformationyouneedandtoenter itinseveralplacesmanuallywhenyoufirstconfigurethesystem.
HowWDSWorks WDSisacleverpartoftheoriginal802.11b specificationfrom1999,butitwasn’tuntil 2003thatitstartedappearinginstandard, inexpensiveequipment.WDSconnectsaccesspointswirelesslyasiftheywereportson anEthernetswitch. OnanEthernetswitch,eachportkeepsalistof allthemachinesconnectedtoitandbroadcasts thatlisttoeachother’sport.Everycomputer ontheswitch’snetworkreceivesthesebroadcastsandusesthemtodiscovertheMACaddressesofalltheotheraccessiblemachines. Whetheracomputerwantstosenddatato anothercomputerthat’sonthesameora differentport,itmakesnodifference:the originatingcomputerstillputsthesamedestinationaddressonthepacket.Theswitch, however,recognizesthedestinationaddress
ofeachpacketandroutesittothecorrectport andontothedestinationcomputer. Each access point in a WDS-connected network works in just the same way as a port,trackingtheMACaddressesofallthe connectedcomputersandbroadcastinglists ofaddressestootheraccesspoints.Whena computerconnectedtooneaccesspointwants tosendapackettoacomputerconnectedto another,WDSensuresthatthefirstaccess pointdeliversthepackettotheappropriate accesspoint,eventhroughintermediateaccesspoints. Intheend,WDSappearsseamlesstoyou,and nospecialmagicisinvolved.It’sjustaclever wayofkeepingtrackofwhichcomputersare connectedtowhichaccesspointsandmaking suredatacanflowfromanycomputeronthe networktoanyothercomputer.
Chapter20 | BridgingWirelessNetworks
• Becauseeachremoteaccesspointmustreceivepacketsandretransmit themusingasingleradio,overallthroughputdropssignificantlyoneach segment.Thatmaynotbeaproblemifyourprimarygoalistosharean Internetconnection(whichiscomparativelyslow).Ifit’saconcern,look intooneoftheotherbridgingmethodsorsetupmultipleaccesspoints connectedviaEthernettoformaroamingnetwork.
PlanningforWDS Tobegin,setupasinglewirelessgatewaynearyourInternetconnection.This stationwillbeyourmasterintheWDSconfiguration,andotheraccesspoints willconnecttoit. Next,usealaptoporhandhelddevicetodeterminetheareathatyourmaster gatewaycovers.Yourgoalistofigureoutpreciselywhereyouwanttolocate eachremoteorrelayaccesspoint,suchthatitcanreceivethesignalfromthe masterandretransmititinsuchawaytoextendwirelesscoveragebeyond wherethemastercanreach. What’sthedifferencebetweenaremoteandarelay?AtleastforApple,aremote accesspointcommunicateswithboththemasterandanywirelessclients, whereasarelaynotonlyconnectswiththemasterandserveslocalclients,but alsoallowsremoteaccesspointstoconnecttoitinordertoreachthemaster. NOTE YouneedatleasttwogatewaystouseWDS,butyoucanlinkupasmanyas sixdependingonthedevice.Atthiswriting,weknowthatBuffalo’sWLA-54G canhandleatotalofsixremoteaccesspoints,andbothmodelsofApple’s AirPortExtremeBaseStationcanhandletakeuptofourrelays,eachofwhich couldconceivablytakefourremoteaccesspoints.
Somesystemsallowfourorfiveremotedevicestoconnecttothemaster;others mayallowrelaydevicesthatconnecttothemasterandwhichcansupport connectionsfromremotegateways(Figure20.3).
ConfiguringWDS Afterdiagrammingyournetwork,buyingthenumberofaccesspointsthat youneed,puttingthemallneareachother,andfiringthemup,youneedto configurethembyconnectingtoeachoneinturn.Youshouldconnectdirectly viaEthernettoaLANportoneachaccesspoint:withseveralwirelessaccess pointsallsettothesamedefaultchannelandturnedonatthesametime, you’reunlikelytobeabletoconnectreliablyoverWi-Fi.Followthesesteps toconfigureWDS:
249
250
TheWirelessNetworkingStarterKit Figure20.3 Threescenariosfor WDS.
Remote
Master
InthesimplestWDSconfiguration,two accesspointsconnectwitheachother.
ButWDSalsoallowsamuchmore complexsetupinwhichamasteraccess pointactsasahubforseveralremote accesspointsinapoint-to-multi-point network.
Master
Remotes
Remotes
Master
Relay
Formorefar-flungnetworks, arelayaccesspointusesWDS toconnectbacktoamain unitwhilealsohavingmultiple downstreamaccesspoints connecttoit.
1. Foreachaccesspoint,obtainandwritedownitsMAC(MediaAccess
Control)address,whichisauniquenumberforeverynetworkadapter. 2. Labeleachaccesspointwithanameornumberthatcorrespondstoits
MACaddresssoyoucankeeptrackofwhichunitwillgoinwhichlocation. Ofcourse,withremotes,itdoesn’treallymatterwhichunitgoeswhere: they’reinterchangeable. TIP AppleplacesalabelshowingtheMACaddressonthebottomofeachAirPort ExtremeBaseStation,butothermanufacturersmayrequirethatyouconnect totheunittogetitsMACaddress.
3. Connecttotheunitthatwillbethemasteraccesspointinthenetwork.
ConfigureittoconnecttoyourInternetconnectionjustasifitwerea standaloneaccesspoint.(SeeChapter17,SettingupaGateway.) 4. EnableWDSonthemasterunit,whichlikelyinvolvesaseparatetabin
theaccesspoint’sconfigurationinterface(Figure20.4).
Chapter20 | BridgingWirelessNetworks
Figure20.4 ConfiguringWDS fortheApple ExtremeBase Station.
5. Stillonthemasterunit,entertheMACaddressofeachremoteaccesspoint
andeachrelayaccesspointthatwillconnectdirectlytothemasterunit. 6. Saveyourconfiguration,andrestartthemasteraccesspoint. 7. Turnofflocalclientaccessonyourmasteraccesspointsoyoucantestthe
relaysandremotesasyouconfigurethem(Figure20.5). 8. Foreachrelayorremoteaccesspoint: a. SetittoactasaWDSrelayorremote,dependingonyournetwork. Figure20.5 Settinglocalclient accessinWDS.
Uncheck thisbox todisable localclient access.
251
252
TheWirelessNetworkingStarterKit b. EntertheMACaddressofthemasteraccesspoint. c. Saveandrestart. d. Withtheremoteorrelayrightnexttothemasteraccesspoint,tryto
connecttotheInternetthroughtheremoteorrelay.Withthemaster’s accesspointfeaturesoff,youshouldbeabletoconnectonlyviathe currentlyactiveremoteorrelay.(Ifyoucan’t,checkyoursettings.) e. Turnofftherelayorremote,andmoveittoitspermanentposition. f.
Fireuptherelayorremote,and,onceagain,makesureyoucan connecttotheInternet.
Clientsdon’tneedanyspecialconfigurationtouseaWDS-bridgednetwork.WiFiadaptersconnecttothenetworkjustastheywouldtoasinglegateway.
BridgingtoAnyAccessPoint WDSisagreatsolutionforcreatingacloudofwirelessaccessusingequipment fromasinglemanufacturer,butwhatifyoualreadyownsomegearandstill wanttoaddabridge,especiallyifyoudon’tneedacloudofaccessaroundthe bridgeitself?Thatdesirebringsustooursecondbridgingoption,whichisa goodalternativetoWDS.Inthisscenario,youuseaspecializedwirelessbridge thatcancarryanykindoftrafficbetweenawirednetworkandanyaccesspoint. Youdon’tneedanyadditionalhardwareforyourexistingaccesspoint,nordo youneedtochangeanysettingsontheaccesspoint.
HowItWorks Thisapproachrequiresaspecialwirelessbridge,suchasthe802.11g-based LinksysWET54Gorthe802.11b-basedLinksysWET11.Youplugthebridge intoanEthernetswitchorattachittoasinglecomputerviaanEthernetcable, andthenconfigureittocommunicatewithyouraccesspoint.Onmanynetworks, youdon’tneedtochangeanyofthedefaults. Onceconfigured,thebridgeactslikeaplainWi-Fiadapteronaregular computer.Theonlydifferenceisthatifyou’vepluggedthebridgeintoan Ethernetswitchthatalsoconnectsotherwiredcomputers,itmakesthewireless connectionavailabletoallofthematonceandviceversa.Howmanywillit support?Dependingonthebridge,youcanconnectfromfourtodozensof wiredcomputers(Figure20.6). Youcanevenpluganaccesspointintothewiredsideofthebridge,enablingyou tobridgetrafficusingequipmentfromdifferentmanufacturers.Thistechnique
Chapter20 | BridgingWirelessNetworks
Figure20.6 Wirelessbridge connectingwired machinestoa wirelessgateway. Internet Gateway
Wireless bridge
givesyoutheeffectofWDSwithoutbuyingidenticalornewhardwareand— morecritically—withoutsufferingtheperformancedegradationinherentto WDS.Thebridgedaccesspointcanoperateonadifferentchannel. TIP Ofcourse,theproblemwithusingaspecialbridgealongwithasecondary accesspointisthatyoumayendupbuyingabridgeandanotheraccesspoint, whichmaynotbeanycheaperthansimplybuyingtwonewaccesspointsthat supportWDSandsellingyouroldone.
TheMACAttack Althoughthisapproachtobridgingmaysoundideal,thereareafewminor problemswiththewaythatmostofthesebridgeswork.Mostnotably,they translatealltheuniqueEthernetaddressesfordevicesconnectedtothemtoa singleMACaddress,thatofthebridgeitself.It’sabitlikethewayNATtranslates alltheprivateIPaddressesofcomputersonalocalnetworksotrafficfromthem appearstocomefromthesingle,publicIPaddressofthegateway. Althoughsuchalimitationmaysoundesoteric,thisparticularkindofMAC addresstranslationcancauseweirdproblemsbecausesomesoftwareand hardwarereliesontheMACaddresstoauthenticateacomputerorotherpiece ofnetworkingequipment.AllnetworkidentitiesaretiedtoMACaddresses,so havingmultipleIPaddressesthatalllooklikethey’recomingsimultaneously fromthesameMACaddresscanconfusenetworkservers,makingthem unavailableorflaky. Ontheotherhand,becausethiskindofbridgecanpassanykindofprotocol thatrunsoverEthernet,andbecauseitworkswithanyaccesspoint,alittle discomfortandfiddlingwithsettingsmightsaveyouthecostofhundredsof dollarsofnewequipment.
253
254
TheWirelessNetworkingStarterKit
BridginginPairsorMultiples Bridginginpairsormultiplesisthemostexpensivebridgingoption,asitrequires atleasttwobridgedevicesthatdonothingbuttalktoeachother.Sowhywould youbother?It’stheoptimalapproachforcreatinglongerlinksbetweentwoor morelocationsbecauseyoucanconnecthigh-gaindirectionalantennastoeach ofthebridges.Withthetwopreviousapproaches,theaccesspointscanuse eithertheirbuilt-inantennasorperhapsomnidirectionalantennas.However, usingdirectionalantennasonthemasterandtheremotesinaWDSsetup,or ontheaccesspointandthebridgeinastandardbridgednetwork,won’twork, becausewirelesscoverageforanyaccesspointwithadirectionalantennawould betoodirectional.Walkaroundthebackoftheaccesspoint,andyoumight notbeabletopickupasignal. NOTE Wetalkaboutlong-rangeconnectionsandantennasinChapter21,Indoor AntennaBasics,andSectionVI,GoingtheDistance.
Youcanuseapairofidenticalbridges,likethe802.11b-basedLinksysWAP11 orthe802.11g-basedWAP54Gtocreateapoint-to-pointbridgednetwork, withonepodofconnectedcomputersoneitherend;thisisprobablythemost commonapproach(Figure20.7).However,ifyouhavemorethantwopods ofcomputersthatyouwanttoconnect,youcancreateapoint-to-multipoint networkinwhichoneofthebridgesactsasamasterandseveralotheridentical bridgesconnecttoit. Figure20.7 Apairofidentical bridgesconnects moreeasilyover longdistancesthan WDSaccesspoint/ bridgesorbridgeto-anyconnections.
Wireless bridge
Wireless bridge
NOTE Theearly802.11bversionsofthesebridgestendedtoactjustasprotocol bridges:thatis,theycouldcarryanytrafficthatusedoneofseveralprotocols theysupported.TheLinksysWAP11,forinstance,handlesTCP/IP,IPX,and NetBEUI,butignoresAppleTalk.Later802.11gbridgestendtouseWDSina dedicatedmodewheretheycan’talsoactasanaccesspoint,butcanseemingly bridgeanykindofEthernetprotocol.
21
IndoorAntennaBasics
Perhapsthemainfrustrationwhenyoubuildyourwirelessnetworkisdiscovering areasinyourhomeorofficewhereyoucan’treceiveastrongsignal,oranysignal atall.Perhapsthedistanceissimplytoogreat,orperhapsaconcretewallis blockingthesignal.Ifyourcomputercanreceivesomesignalinthedesired location,orcanatleastreceiveitnearby,onesolutionistoboostyouraccess point’ssignalstrengthwithahighergainantenna. NOTE Tobeclear,antennasdon’tactuallyamplifythesignal(that’swhatamplifiers arefor!),theymerelyconcentrateitinspecificdirections.Ifyou’veeverused aflashlightlikeMagInstrument’sMaglite,whichprovidesafocusingringfor thebeam,youcanvisualizewhatanantennadoeswithradiowaves.The narrowerthebeam,thebrighterthelightinthecoveredarea,eventhough theflashlightbulbisn’tactuallyproducingmorelight.
That’snottoimplythatantennasarethebestsolutionforallsituations.The designersoftheWi-FiprotocolsintendedforWi-Finetworkstobeexpanded primarilythroughtheadditionofmultipleaccesspoints,notbyaddingpowerful antennas.Assuch,anexternalantennawillprobablygivethebestresultswhen youwanttoboostsignalstrengthalittlebitforyourentirenetwork(pushing theboundariesoutsomewhatintheprocess)orwhenyouwanttosetupa long-rangepoint-to-pointnetwork(seeChapter34,Long-RangeAntenna Basics,fordetailsandformoreaboutantennasingeneral). Unfortunately,whereasyoucancalculatehowpowerfulanantennayou’ll needforalong-rangeconnection,thevariablesofhowradiowavesinteract
256
TheWirelessNetworkingStarterKit
withwalls,furniture,andotherinternalobstaclesofpotentiallyunknown constructionensurethatpickinganantennatoexpandtherangeofanindoor networkcomesdowntotrialanderror. Thatsaid,here’saguidetoaddinganantennatoyourwirelessaccesspointto extendtherangeofyournetwork.Thisadvicealsoappliestoaddingantennas towirelessbridges,thoughifyou’rebridgingnetworksbetweenbuildingsor overlongerdistances,besuretoreadChapter20,BridgingWirelessNetworks, aswell. NOTE Don’tworryabouthealthconcernswhenaddingamorepowerfulantenna toanindoorwirelessnetwork(withinreason,andexercisingcommonsense, ofcourse!).Seethesidebar“HealthConcerns”inChapter34,Long-Range AntennaBasics,formoredetails.
ConfirmingCompatibility Beforeyoudoanythingelse,youmustmakesureit’spossibletoaddanantenna toyouraccesspoint.Inmanycasesitis,althoughsomemanufacturersdon’t makeiteasy.Forinstance,thegraphiteandsnowAirPortBaseStationsfrom Appledidn’tprovideanywayofgettingtotheantennajackontheirinternal Wi-FiPCCard,soalthoughaddinganantennaispossible,itrequiressurgery withaDremeltool.(Applesolvedthisbyaddinganexternaljacktooneofthe twomodelsoftheAirPortExtremeBaseStation.) NOTE Visitwww.vonwentzel.net/ABS/forinstructionsonaddinganantennato anAirPortBaseStation.
Whenpurchasinganantennaorwhenpurchasinganaccesspointthatcanaccept one,usuallytheeasiestoptionistobuythembothfromthesamemanufacturer. Nexteasiestistopurchaseyourantennafromacompanythatlistscompatibility withspecificaccesspointmodels.Whyarewebotheringtotellyouthis? TheFederalCommunicationsCommission(FCC)intheU.S.mandates thateverymanufacturerofwirelessnetworkinggearthatworksinunlicensed bands,suchas2.4GHzand5GHz,useadifferentconnectorfromevery othermanufacturer.(Inpractice,afewseemtodoubleup,perhapssincethere aren’tenoughconnectortypestogoaround.)Themethodbehindthisseeming madnessisthattheFCCwantstodiscourageusersfromhookingupantennas thatmightbringthetotalpowerofthesystemabovelegallimits.(See“Staying Legal”inChapter34,Long-RangeAntennaBasics.)
Chapter21 | IndoorAntennaBasics
Realistically,theFCC’sconcernappliesmostlytolong-rangeinstallations whereyouwanttoboostsignalstrengthsignificantlyandwhereexceeding legallimitscouldcauseproblemsforotherusersofthesameunlicensedband. Indoors,you’remuchlesslikelytowantasmuchantennagain,butsincethesame networkingequipmentcanbeusedforbothindoorandoutdoorinstallations, theFCC’smandateaffectsbothuses. Insummary:
• Ifyoualreadyownanaccesspointtowhichyouwanttoaddanantenna,
firstcheckwiththemanufacturertoseeifitsellsanappropriateantenna thatcanconnecttoyouraccesspoint.
• Ifthemanufacturerdoesn’tmakeanappropriateantenna,checkoutone
oftheindependentantennamanufacturerslikeHyperLinkTechnologies (www.hyperlinktech.com/web/antennas_2400_in.php)orYDIWireless (www.ydi.com/products/24ghz-antennas.php).
IndoorAntennaTypes Allwirelessnetworkadaptersandaccesspointshaveantennasbuiltin,butfor themostpartthey’redesignedforsmallsizeratherthanformaximumsignal strengthboost(Figure21.1).MostPCCardwirelessnetworkadapterscram theentireantennaintothe1-inchby2-inchpartthatjutsoutfromthelaptop whenthecardispluggedin. Figure21.1 Normalbuilt-in antennas.
There’snorequirementthatantennasbesosmallandoffersuchminimal improvementtosignalstrength,andwhenitcomestoboostingsignalstrength, youcanaddthreetypesofantennastoyouraccesspoint:omnidirectional, panel,anddipole.
257
258
TheWirelessNetworkingStarterKit
TIP Youcouldalsoaddanantennatoyourcomputer,assumingyourwireless networkadapterwouldacceptone,butwithlaptopsinparticular,external antennasareunwieldyatbest.SeeQuickerTekformoreMacintoshantenna options(www.quickertek.com).
OmnidirectionalAntennas Asyoucanimaginefromthename,anomnidirectionalantenna—alsocalled averticalwhipantenna—isprimarilyusefulinalocationwhereyouwantthe signaltoradiatefromtheantennainalldirections.That’snotquiteaccurate, becauseanomnidirectionalantennaisusuallyshapedlikeaverticalstick,so thesignalradiatestothesidesinacircle,butdoesn’tgoupordownmuch (Figure21.2). Figure21.2 Anomnidirectional antenna.
Indooromnidirectionalantennasdon’toffermuchextragain,usuallybetween 3dBiand8dBi,andthey’regenerallyavailableeitherindesktopmodelsthat sitnexttoyouraccesspointorinceiling-mountmodelsthathangfromthe ceiling.Becauseofthewaytheyradiateinalldirections,youshouldlocatean omnidirectionalantennaroughlyinthecenterofthespaceyouwanttocover.
PanelAntennas Panelantennas,sometimescalledpatchantennas,aresolidflatpanelswitha directionalbeam.Panelantennasareinexpensive,featuregoodgainofupto 14dBiforinternaluse,andblendinwellwiththeirsurroundings.Theydon’t looklikemuch—justsmallflatboxes(Figure21.3).
Chapter21 | IndoorAntennaBasics
Figure21.3 Apanelantenna.
Whenconsideringapanelantenna,it’simportanttopayattentiontothe horizontalandverticalbeamwidth,becausewirelessclientsoutsidethebeam won’treceivemuchsignalatall.Mostofthetime,you’llwanttomountapanel antennaonawall,pointingintotheinteriorspaceyouwanttocover.Itdoesn’t havetomountflatagainstthewallif,forinstance,youwanttodirectthebeam upordowntocoverahigherorlowerflooraswell.
DipoleAntennas Dipoleantennasarecommonplaceonaccesspoints,andtheyoftencomein pairs.Someaccesspointsletyouchoosewhetheryouwantbothantennasto sendandreceiveandcombinetheirresults(likestereovision;aprocesscalled signaldiversity),ortoputtheantennasintoamodeinwhichoneantennasends andtheotherreceives(Figure21.4). NOTE Dipoleantennasareessentiallythesameastherabbitearantennasused fortelevisionreceptionyearsago,exceptdipoleantennasusedonwireless networkinggeararemuchsmaller.Theyaresmallerbecause802.11buses Figure21.4 Anaccesspoint withapairofdipole antennas.
259
260
TheWirelessNetworkingStarterKit frequenciesinthe2.4GHz(or2400MHz)partoftheradiospectrum, whereastelevisionusesfrequenciesinthe100MHzpartofthespectrum.As thefrequencyincreases,thesizeofthewavelengthdecreases,andthusthe antennasizecanalsodecrease.
Mostdipoleantennashavealimitedgainbetween2and3dBi,andalthough youcanpurchasereplacementdipoleantennas,youshouldconsiderthem onlyreplacements,notrangeextenders.Infact,themainutilityofanaccess pointwithremovable(notallare)dipoleantennasisthatit’smucheasierto addamorepowerfulexternalantenna.Lifeiseasierifyoudon’thavetodrill holesinyouraccesspointorsolderconnectionsbetweenyouraccesspointand externalantenna.
AntennaInstallationTips Althougheveryindoorinstallationisdifferent,wecanofferafewtipsthat shouldapplyinmostsituations.
• Don’tassumethatthehigherthegain,thebettertheantenna.Antennas
increasegainbyconcentratingtheradiowaves,sousuallythehighergain antennasarehighlydirectional.Ifyouneedbroadcoverage,alowergain omnidirectionalantennawillprobablyworkbetter.
• Beforeyouinstallyourantenna,spendsometimewithasignalstrength monitoringtooltodeterminewheresignalstrengthistheweakest.See “StumblingontoWi-Fi”inChapter25,PreventingAccesstoYourNetwork.
• Ifpossible,positionalaptop(inadhocmode)roughlywhereyouanticipate installingtheantennatoevaluatewhetherornotthepositionislikelyto work.
• Beforefinishingtheinstallationofyourantenna,checksignalstrength inalltheareasyouhadtroublebefore.Rememberthatallantennashave specificradiationpatterns,soyoumayneedtoreorienttheantennain somedirectiontoachievethedesiredsignalstrength.
• Thelongerthecableconnectingtheantennatoyouraccesspoint,themore signalstrengthyoulose,whichiswhymostantennassoldforuseindoors haveshortcables.Keepthatinmindwhenplanninghowyou’llusean antenna,sinceyoumayneedtorunmoreEthernetcabletopositionyour accesspointnearwhereyouwanttheantenna.
22
SmallOfficeWi-Fi Networking
IfyourorganizationislargeenoughtohaveanIT(informationtechnology)or IS(informationservices)department,youmightalreadyhavealltheresources youneedtosetupandrunaWi-Finetworksecurelyandefficientlybothin yourofficeandforyourtravelingusers.Butinthischapter,we’reaimingto helpthosemillionsofbusinessesthatusecomputernetworksbutdon’thave extensive—orany—dedicatedin-housetechnicalresources. SmallofficestypicallyfacetwoproblemsinbuildingandusingWi-Finetworks intheirfacilitiesandinmakingitpossibleforemployeestoaccessnetwork resourcesfromtheroad:
• Creatinganencryptedtunneltoprotectdatapassingoveralocalnetwork ordatabeingsentbackandforthtoawirelessworkerontheroadwhois likelyonanopenWi-Fiorwirednetwork
• Permittingonlyauthorizeduserstoaccessnetworkresources,and,theflip side,allowingsafeguestaccess
Inthischapter,weoffersomesimpleandcost-effectivesuggestionsthatwon’t sendyouscuttlingtotheclassifiedstohireanexpensivestaffer.Instead,you mightbeabletosetupasecure,small-officewirelessnetworkbyyourself,or atleastspendonlyafewhourswithaconsultant.
262
TheWirelessNetworkingStarterKit
SafePassage Asmalloffice’sbiggestconcernwithwirelessnetworkingisusuallythatwhen employeestransmitinformationthey’rebroadcastingtheorganization’ssecrets, evenifthosearemundanesecrets.Asweexplainedearlierinthebook,the mostwidespreadsimpleencryptionsystem,WEP,isn’tparticularlysecure,and offices—evensmallones—arepotentialtargetsbecauseofthevolumeoftraffic andtheprobabilitythatsnoopedtrafficcouldproduceafinancialreturn. Worse,whenworkerslaboroutsidetheoffice—ontheroad,athome,orat clientlocations—theymightbeaccessingcompanyresources,includingfile servers,mailaccounts,andWeb-basedresources,onopenwirelessandwired networksthatcouldharborsnoops. Asmallorganizationhasseveralchoicesforsecuringitstrafficinitslocal office,andasomewhatdifferentsetofoptionsforemployeeswhentheyhit theroad.
LocalTrafficProtection Inalocaloffice,becauseyoucanusuallycontrolwhatsoftwareisinstalled onwhichmachines,youhaveasinglereasonablechoiceforlockingdowna network:Wi-FiProtectedAccess(WPA),usingtheTKIP(TemporalKey IntegrityProtocol)encryptionkey. Therearemanyprovisos,butWPAisthebestoptionwiththefewestadditional piecestomanage.AswedescribeinChapter26,SecuringDatainTransit, TKIPunderWPAfixesalltheencryptionandrelatedproblemsinWEPwhile simultaneouslyreducingcomplexity. TheonlydownsidewithTKIPunderWPAisthat,aswewritethis,only certainnewerPCCards,PCIcards,andwirelessaccesspointssupportWPA. AlthoughupgradestoWPAforequipmentalreadyonthemarketwereinitially promised,wehaven’tseenthemcometofruition.Youmayneedtoreplace olderequipmenttohavetheWPAadvantage.Fortunately,thenewestand mostsophisticatedgearisinexpensive,makingtheupgradeorinitialbuying decisioneasier. NOTE Ifyouneedtheextrasecurityandaudittrailaffordedbynetworkloginsthat wedescribein“AuthorizedAccess,”later,makesureandreadthissectionfirst asWPAandTKIParealsoapplicabletoauthenticatedaccess.
Chapter22| SmallOfficeWi-FiNetworking
TIP Acheaperbutmorecomplicatedwaytoprotectasmalllocalnetworkwith onlylocaluserswithoutupgradingtoWPAistouseVPNconnectionsviathe LinksysWRV54Gwirelessgatewaywedescribebelow.Allyourusersmustuse newerversionsofWindowsorMacOSX10.3whichincludefreeVPNclient software.TheLinksysboxalsorequiresalengthyone-timesetupforeach clientthatwantstoconnect.
WhenyouuseWPAonalocalnetwork,yourprimaryriskisthattheTKIP passphraseyouusetoprotectthenetwork—oftencalledthepre-sharedkey (PSK)orpre-sharedsecret—isleakedormisused.Toreducethechancesofthis happening,werecommendthatyouchangeyourTKIPkeyregularly,suchas onthefirstofeverymonth,oreveryeightweeks.Setareminderforyourself. Thisreducesthechancesthatsocialengineeringorotherfaultswillbreak yourencryption.WealsostronglysuggestthatyouchangeyourTKIPkey immediatelyafteranemployeeleavesyourcompanyforanyreason(voluntary orastheresultofafiringorlayoff). NOTE ThemajoreffortrelatedtochangingyourTKIPkeyisthatusersmustenterit toaccessthewirelessnetworkagain,sothinkabouthowyou’lldisseminatethe newkeytoemployeesinsuchawaythatitwillcauseminimaldisruption.
Mostwirelessclientsoftwarehidesthepre-sharedkeyasitisentered.For instance,whenyouenteryourTKIPkeyinWindowsXP’sWirelessNetwork Connectionsoftware,it’shiddenasyoutypeandyoucannotretrieveitinplain text.(SeeChapter6,ConnectingYourWindowsPC.)
RovingTrafficProtection Onceusersleavethesecurityofyourlocalnetworkandthesimplicityof relyingonWPA’sencryption,optionscanbecomeslightlytrickier.Our primaryrecommendationforsecuringalong-distanceconnectionoverany network—notjustfromhotspots,butalsofromahotel’swiredbroadband orfromguestconnectionsonothercompanies’networks—isusingavirtual privatenetwork(VPN). WedescribethenatureandutilityofVPNsinChapter26,SecuringDatain Transit:theysecurelyencryptallthedataenteringandleavingyournetwork. Untilrecently,asmallbusinesswouldhavehadtospendmanythousandsof dollarsandpayforrealITexpertisetopurchase,configure,andmaintaina VPNserverorservice.
263
264
TheWirelessNetworkingStarterKit
Fortunately,recentchangeshaverevolutionizedtheVPNworld:youcannow find“free”(orbuilt-in,atleast)VPNsoftwareinWindowsXPandMacOS X10.3forthetwomajorVPNstyles,andyoucanpurchaseavarietyofVPN solutionswithoutspendingmuchonequipmentormonthlyservicecharges. TIP VPNscanalsobeusedtolockdownlocalofficeWi-Ficonnectionsifupgrading toWPAistooexpensiveforyou.AVPN-basedsecuritysystemisoftenmore complicatedthanWPA,andplacesincreasedloadonaserverbecauseofthe highvolumeoflocalbandwidth.WPAisalightweightprotocolwhichdistributes itscostacrossalltheclientsandaccesspointsonanetwork.Ifyouusea localVPNservertosecureyournetwork,placeyourWi-Figatewaysoutside afirewallthatrestrictsaccessexcepttotheVPNserver.Localuserscreatea VPNconnectionthroughthefirewalltotheVPNserver.Anyonegainingaccess totheWi-Ficonnectioncan’tgetintoyournetwork,andalldatasentand receivedbylocalusersisstronglyencrypted.Formoreonfirewalls,seeChapter 27,ProtectingYourSystems.
Let’ssurveyyouroptionsforcreatingaVPN.
SoftwareServers Mostlargeorganizationsusededicatedhardwaretosupporthundredsor eventhousandsofVPNconnections;thesehardwaredevicesrelyonspecial chipstohandlethemassivecomputationnecessarytoencryptanddecryptall networktraffic. ButyoucaninstallVPNserversoftwareevenifyoujustsupportonlydozens ofsimultaneoususers,anditwillworkevenonmachinesthatalreadyactas Weboremailservers.Thatsaid,monitorperformancecarefullytoensure thatyou’renotbeingpenny-wiseandpound-foolishanddestroyingyourWeb performancetorunyourVPN. It’snotinconceivablethatyoumighthavethetime,money,andknow-how torunyourownsoftware-basedVPNserver,butmakesureyouconsiderthe ongoingsupporttimeandeffort.
• WindowsServer2003.Thishigh-endMicrosoftproduct,whichcosts thousandsofdollars,mightalreadybeinstalledonyournetworkifyou’re runningaWindowsshopandneedthekindsofservicesitprovides. WindowsServer2003includesfullsupportforthetwopopularflavors ofVPN(PPTPandIPsec-over-L2TP).Itsadvantageisthatthereare pilesofMicrosoftcertifiedtechnicianswhocanconsultonconfiguring andmaintainingitforyou.Thedownside,ofcourse,iscost:a25-user versionwithallthetrimmingscosts$4000.ReadmoreaboutitsVPN
Chapter22| SmallOfficeWi-FiNetworking
servicesatwww.microsoft.com/technet/prodtechnol/windowsserver2003/ deploy/confeat/rmotevpn.asp.
• MacOSXServer10.3(Panther).Applereviseditsserversoftwarein
version10.3toincludebothPPTPandIPsec-over-L2TPVPNservers (www.apple.com/server/macosx).ThesoftwarerunsonlyonMacintosh hardware,andincludesahostofothernetworkservices,justlikeWindows Server2003.Thedifference?Apple’sserverallowsunlimitedusersand costsjust$999;a10-userversionis$499.IfyoupurchaseApple’sXserve rack-mountedsystemintendedforserverclosets,anunlimitedversionof MacOSXServerisincludedintheprice.
• FreeS/WAN.YoucanhaveVPNsoftwareforfree,butthetradeoffisthat theconfigurationmightdriveyoumad.Theopen-sourceprojectFreeS/ WAN(www.freeswan.org),shortforFreeSecureWideAreaNetwork,is animpressive,well-supportedendeavortoallowencryptedmachine-tomachinecommunicationsusingIPsecandrelatedprotocols.Themainpart oftheworkwasinitiallyfocusedonserver-to-serverencryption,andthus muchofthedocumentationtellsyouhowtoconfiguretwomachinestotalk toeachother,andnothowtosetuparoamingmachinewithagraphical VPNclienttotalktoaFreeS/WANserver.FreeS/WANisdesigned forLinux,andworksbestwithRedHatLinux,aplatformforwhichthe developershavepreparedtotallyprefabricatedinstallations,customized foreachmicro-releaseofthekernel.
NOTE GlennspentmanyhourspokingatFreeS/WANandwasabletogetafully functioningversionrunningonhisRedHatLinux7.3system.However,the nomenclaturethatdescribesitsconfigurationissoesotericanddifferentfrom theclientsoftwarethatoneusestoconnecttoaVPNserverthathefinallygave up.TheproblemisthatFreeS/WAN’sdocumentationisorganizedarounddigital certificates,notuseraccounts,whicharewhattheclientprogramsuse.
SubscribingtoaVPNService IftheVPNoptionslistedabovemadeyourpocketbookacheoryoureyesglaze over,youmightconsideranotheralternativeforroamingusers:subscribingto aservicethatoffersVPNconnectionsfromwherevertheuserisouttoasecure networkoperationscenter(NOC)somewhereelseontheInternet. Typically,theleastsecurelinkinanyconnectionisthelocalnetwork:thesniffed orpenetratedWi-Fiorwirednetworkoverwhichtrafficproceedsunencrypted outtotheInternetconnection.OncetrafficisonthebroaderInternet,it’smuch lesslikelythatanysnoopwouldbeabletointerceptit—inessence,yourtraffic
265
266
TheWirelessNetworkingStarterKit
becomesmoresecureonceitleavesthelocalnetworkyou’reconnectedto.By creatingasecureclient-to-NOCconnection,youeliminatenearlyallofthe placesthatpeoplecouldsnifforinterceptnetworktraffic. WecurrentlyknowoftwocompaniesofferingVPNservicesforhirethatare specificallydesignedforhotspotusers:
• WiFiConsulting(www.hotspotvpn.com)offersan$8.88permonthVPN
servicewhereinyoucanuseWiFiConsulting’sHotSpotVPNservice andcreateasecurePPTP-basedconnectionfromasingleclientto WiFiConsulting’sNOC.It’sstraightforwardanddesignedforthehotspotuser.HotSpotVPN’sVPNconnectiondoesn’trequireanyspecial software,justanordinaryPPTPclient,foundinMacOSX10.2and10.3 andmanyversionsofWindows(fordetails,seeChapter26,SecuringData inTransit).
• BoingoWireless(www.boingo.com)offersabuilt-inVPNclientinits
wirelessconnectionsoftware.(ThesoftwareworksonlyinWindowsat themoment.)Tousetheservice,youneedtosetupanaccountwithBoingo anddownloadBoingo’ssoftware,buttheVPNserviceiscurrentlyfree:you canhaveapay-as-you-goaccountthathasnoextraVPNchargesattached. KeepinmindthatBoingohasalwaysindicatedthatitmightchargeusers whodon’thaveapaidsubscriptiontouseitsoutboundauthenticatedemail serviceandVPNtunnel.
Businesseswithmoreresourcesorspecificneedsmightwanttohireacorporate VPNserviceprovider.Pricesareallovertheplace,andsomeprovidersmay requireinstallingpurchasedorleasedhardwareonyournetwork.Checkout http://findvpn.com/providers/foralengthylistofVPNserviceproviders.
TheLinksysWRV54G We’veleftaninexpensive,althoughslightlybaffling,optionforlast.Justas wewerefinishingthisbook,Linksysshippedamuch-awaitedproduct:the WRV54GWireless-GVPNBroadbandRouter(www.linksys.com/products/ product.asp?grid=33&scid=35&prid=565).Thisall-in-onedevice,whichcosts about$230,cansupportupto50simultaneousVPNconnectionsusingthe robustIPsec-over-L2TPprotocol. TheWRV54Greliesinternallyonavarietyofopen-sourcesoftwarepackages, includingtheabove-mentionedFreeS/WAN.However,Linksyspackaged theofteninscrutableopen-sourcesoftwarenicely,hidingmanyoftheugly bitsthatwouldfrightenchildrenandsterilizefarmanimals.Instead,Linksys
Chapter22| SmallOfficeWi-FiNetworking
offersasomewhatcomplex,butnotoverwhelming,interfaceforconfiguring thevariousVPNtools,andagoodconfigurationguidethatwalksyouthrough thenecessarysteps.It’sstilldaunting,ifonlybecauseLinksysexpectsthat you’llsetupaseparatetunnelconnectionforeachconnectionthatmightbe initiated.ThisworksforhomeworkerswithstaticIPaddressesontheirhome networks,butnotforWi-Firoadwarriors. NOTE TheWRV54G,bytheway,isn’tjustaVPNdevice:ithasfourauto-sensing 10/100MbpsEthernetports,afullwirelessgateway,andaDHCPandNAT serversystem,justlikeitsbasicWRT54Gcousin.
AuthorizedAccess EnablingWPAorputtingaccesspointsoutsideafirewallandusingaVPN caneffectivelyeliminatethepotentialofunauthorizedpeoplegainingaccess toyournetworkresources,eveniftheycanassociatewithyouraccesspointor passivelysniffdata.Thosemethodsarebroadlyeffective. Butifyouwanttohavemoregranulartrackingofuserswithaccesstoyour network,andifyou’renotreadyfortheexpenseofaVPNoraWPAupgrade, youdohaveanotheroption:usingauthenticatedloginswithasystemknown as802.1Xthatcombinesaccountabilitywithsecurity. NOTE The802.1taskgroupisoneoftheoverarchingnetworkinggroupsintheIEEE, andthecapitalXindicatesthatthisisthefullstandard.
Wefirstgiveyousomebackgroundintheunderlyingprinciplesofthiskind ofauthentication,andthenweprovidepracticaladviceonimplementingit withoutgreatexpense.
Whatis802.1X? The802.1Xprotocolisessentiallyawayofputtingagatekeeperinfrontofa network.Thegatekeeper’sjobistopreventaccesstothenetworkuntilaclient whowantstoconnectprovesitselfworthybyprovidingcredentialswhichcan rangefromasimpleusernameandpassworduptobiometriccontrolsystems confirmingfingerprintorhandgeometry. 802.1Xdefinesthreeroles:aclient,whichiscalledasupplicant;anaccess point,whichactsasanauthenticatororgatekeeper;andauserdatabaseserver orauthenticationserver,whichconfirmsauser’sidentity(Figure22.1).
267
268
TheWirelessNetworkingStarterKit Figure22.1 The802.1Xroles.
Auth. server
“Hi,I’mBob!”
Supplicant
Authenticator Internet
“Hi,Bob!Here’sauniquekey.”
Supplicant
Auth. server
Authenticator
2.Next,theauthenticationserver confirmsthesupplicant’sidentity andthenresponds,againvia theauthenticator,providingthe supplicantwithauniqueencryption keyforusingthelocalnetwork.
Internet
Auth. server
Supplicant
1.First,asupplicant,having associatedwithanaccesspoint, sendsitslogincredentials(likea usernameandpassword)tothe authenticator,whichpassesthem alongtotheauthenticationserver. Theaccesspointdoesn’tgivethe supplicantInternetaccessatall.
Authenticator
Accessenabled
3.Finally,withtheencryptionkeyin handanditscredentialsconfirmed, thesupplicantcanpasstraffic throughtheauthenticatoroutto theInternet(orlocalnetwork,as thecasemaybe).
Internet
NOTE 802.1Xworksoverbothwiredandwirelessnetworks;inwirednetworks,the authenticatorisanEthernetswitch.
Whenauser(supplicant)wantstojointhenetwork,sheusesan802.1Xclient tologin(Figure22.2).Theauthenticator(accesspoint)receivesarequestfor aloginfromthesupplicant.Thesupplicantcan’taccessanynetworkresources atallexceptasinglenetworkportdevotedtohandling802.1Xlogins. Theauthenticatorsendstheuser’scredentialstotheauthenticationserver,often thesameoneusedforregularnetworkloginstoaccessfileserversandother networkresources(step2inFigure22.1).Theauthenticationservertellsthe authenticatorthattheloginisvalid,andtheauthenticatoropensupnetwork accesstothesupplicant(step3inFigure22.1). NOTE Microsoft’sWirelessNetworkConnectiontoolincludes802.1Xsupportasdoes theInternetConnectapplicationinApple’sMacOSX10.3Panther,while
Chapter22| SmallOfficeWi-FiNetworking
Figure22.2 An802.1Xlogin hereshownin MacOSX10.3.
companieslikeFunkandMeetinghouseprovidecommercialsoftwarethat worksonawholerangeofplatforms,includingmanyversionsofWindows, Unix,Linux,andMacOS.
The802.1Xtransactionhasalreadykeptthenetworksafefromthosewho don’thavepasswords.Butitgetsbetter.Oncetheuserhasbeenverified,the authenticationservercanprovideauniqueWEPorWPAencryptionkeyto thatspecificclient.Thisway,eachclientonthenetworkcanhaveitsownkey, makingitpossibletomaintainlinksecurityevenwithWEP. ToovercomeWEP’sweaknesses,theauthenticatorcanautomaticallyrotatethe WEPkeyonanytermsallowedbythesoftwarethatmanagesthekeys:aftera certainnumberofpacketsorperiodoftime.OnWPAnetworks,theinterval betweenkeyrotationscouldbequitelongwithoutcompromisingsecurity. Theonlyknownflawin802.1Xisthatthetransactionthatresultsinthe networkconnectionisn’tencrypted.Theusernameistypicallysentintheclear, andthepassword,whilescrambled,canbeextractedinexactlythatformand potentiallyreplayedlater. Variouscompanieshaveproposedwaysoftakingtheauthenticationmessages, whichuseEAP(ExtensibleAuthenticationProtocol),arelativeofPPP,and encryptingtheminsideanSSL-liketunnel(seeChapter26,SecuringData inTransit).TheleadingproposalaswewritethisisProtectedEAP(PEAP), whichissupportedbyMicrosoftandCisco. NOTE CiscohaslonghaditsownflavorofprotectedEAP(LightweightEAPorLEAP), whichisn’tsufficientlyrobust,sothecompanyhasencourageditscustomers tomoveawayfromLEAP.
269
270
TheWirelessNetworkingStarterKit
Unfortunately,MicrosoftsupportsPEAPinonlyWindowsXPand2000. Youneedtopurchaseacommercial802.1XclientfromMeetinghouse,Funk, oroneofafewothercompaniestousePEAPonanyotherWindowsrelease orotherplatforms. Still,using802.1Xcouldbeagoodinvestmentfornetworkprotection,andit’s aone-timeexpensetoprovidestrictnetworkaccesscontrol.
Using802.1X Thecomplexitiesof802.1Xcanbehiddenfromviewentirelybecausemany wirelessgateways,includinginexpensiveonesfromLinksysandothers,can workasan802.1Xauthenticator. Yourbigexpenseorcomplicatingfactorreallyhappensontheback-endwiththe authenticationserver.Ifyournetworkalreadyhassomekindofauthentication server,suchasaRADIUS(formerlyanacronym,butnolonger)server,for handlinguserloginsviadial-uporothermethods,youmightsimplybeable toenable802.1Xasamodeonthatserver. Butifyou’restartingfromscratchyouhaveafewoptions.
• WirelessSecurityCorporation(www.wirelesssecuritycorp.com)appeared onourradarinlate2003,andithasaninterestingoptionforsmalloffices thatwantthepowerof802.1Xwithoutthehassleofaserver.Youcan useanyofavarietyofaccesspointsonyourlocalnetworkandpointto WirelessSecurity’sauthenticationserversovertheInternet.Thecompany evenofferssoftwarethatyoucanrunonalocalcomputerasabackupto preventlossofnetworkaccessincaseyourInternetconnectiondrops.
• MeetinghouseAegisServer(www.mtghouse.com)comesfromMeetinghouse, oneofthemostecumenicalsoftwaremakers.Meetinghouseoffersclients forallplatforms,andserversoftwarethatrunsunderLinux,Solaris,and WindowsXPand2000.Itsserverisn’tcheap,startingat$2500for50 clients.Butit’sprobablytherightstandalonesoftwaresolutionforthose whodon’twantthecomplexityof…
• WindowsServer2003—onceagain,Microsoft’sserverproducthasthe fullsolutionembeddedinit.It’snotacheapoffering—seeearlierinthis chapter—butifyou’realreadyusingitorneedtheresourcesitprovides,you cancombineitwithstandardaccesspointsfor802.1X-protectedlogin.
23
Troubleshooting YourWirelessNetwork
Mostofthetime,settingupabasicwirelessnetworkisalmostsurprisingly simple.Usually,youjustpluginyouraccesspointandconnectittothedevice thathandlesyourInternetconnection,likeacableorDSLmodem.Butthat’s nottosaythatyouwon’teverrunintotrouble,eitherinthesetupphaseorin usingawirelessnetworkthatwaspreviouslyfunctional. Inalmostallcaseswithawirednetwork,youeitherhaveaconnectionoryou don’t.Wirednetworksarebinary—eitheronoroff—andthatmakessenseto thoseofuswhohavebecomeaccustomedtocomputers.Wirelessnetworks aredifferent.They’refuzzy.Sometimesyoucanreceiveastrongsignalwhile sittingonthecouch;othertimesyouwon’tbeabletopickupanythinginthe samelocation.Frankly,thisdrivesusnuts,andtojudgefromtheproblems we’vehelpedpeoplesolve,itdrivesalmosteveryoneelsenutstoo. Luckily,thefuzzinessofwirelessnetworkreceptiongoesawaywhenyoulook attheedgesofthenetwork:anyproblemsyoumayhavewithyourwireless networkadapterorwithreachinglocalnetworkservicesortheInternetobey themoreunderstandablerulesofcomputertroubleshooting. NOTE This chapter addresses problems from the standpoint of setting up or maintainingawirelessnetwork.Forsuggestionsonhowtotroubleshoot problemsrelatedtoconnectingtoawirelessnetwork,manyofwhicharelikely toberelevanthere,readChapter14,TroubleshootingYourConnection.
272
TheWirelessNetworkingStarterKit
Inthischapter,we’vebrokendownthecommonproblemsyoumayexperience whilesettinguporrunningawirelessnetworkintoanumberofbroadcategories. Ineachcase,weoffersuggestionsfortestsyoucanrunorquestionsyoucanask toshedadditionallightonyourproblem.Inalmostallcases,theresultofoneof thesetestsortheanswertooneofthequestionswillpointtoyoursolution.For themostpart,oursolutionsaregeneralized,althoughifweknowofaspecific solutionforaparticulardeviceoroperatingsystem,wegivethataswell. NOTE WestronglyrecommendthatyoureadAppendixC,HowtoTroubleshoot, beforeyoureadfarther.Thatappendixhasbasicadviceandstepsforworking throughanyproblem,notjustthoseyoumightencounterwhentroubleshooting arecalcitrantwirelessnetworkingconnection.
TIP Evenifyoudon’tuseaMac,it’sworthreadingApple’sdetailedtroubleshooting guideforAirPortwirelessnetworkingtechnology—AirPortisjust802.11bso theguidecoversmorethanjustMac-relatedinformation.Finditathttp:// docs.info.apple.com/article.html?artnum=106858.AlsotrytheWireless NetworkTroubleshootingpageatwww.practicallynetworked.com/support/ troubleshoot_wireless.htm.
TIP In the Windows XP help system, you’ll find an interactive, network troubleshootingguidethatincludessomewirelessadvice(Figure23.1).It canwalkyoustep-by-stepthroughcommonproblemsandadviseyouon configuringorreconfiguringyoursettings.
Problem:SignalStrengthIsPoor Q: Ihavetroublereceivingthewirelessconnectioninpartsofmyhouse. Is there anything I can do to increase the signal strength of my network? A: Yes,therearequiteafewwaysyoucanimprovesignalstrengthforyour entirenetwork: TIP UseaprogramlikeNetStumbler(www.netstumbler.com)orMacStumbler (www.macstumbler.com)totestsignalstrengthindifferentlocations.
• First,testwithmultiplecomputers,ifpossible,todetermineiftheproblem iswithaparticularcomputerorwithyouraccesspoint.
• Reorientyouraccesspointoritsantennas.Seriously,sometimesthat’sall
youneedtodotoimprovesignalstrengthenoughtokeepworking.It’slike
Chapter23| TroubleshootingYourWirelessNetwork
Figure23.1 TheWindows XPNetwork Troubleshooter offersadviceabout troubleshootinga wirelessnetwork.
theolddayswhenpeoplewouldgetupontheirroofsandfiddlewiththeir TVantennastoimprovetelevisionreceptionforthebigfootballgame.
• Tryorientingyouraccesspointinotherplanes.ToquotethewiseMr. SpockonRicardoMontalban’scharacterinStarTrekII:TheWrathofKhan, “Heisintelligent,butnotexperienced.Hispatternindicatestwodimensionalthinking.”
• Ifthere’salotofmetal(suchasjunctionboxesinanelectricalwiringcloset) nearyouraccesspoint,themetalmaybeblockingthesignal—seeifyou canmovetheaccesspointtoaspotwhereit’slessobstructed.
• Verifythatantennas,eitherexternalorinternal,areproperlyconnected forboththeaccesspointandanywirelessclients.
• Thisispainfullyobvious,butwehavetosayit.Trymovingyourcomputer closertoyouraccesspoint.Asasolution,it’scheap,it’seasy,andyes,we knowyoushouldbeabletoworkanywhereyouwant.Ifyoudon’twantto lettheevilradiodemonswin,moveontothenextsuggestions.
• Considermovingyouraccesspointtoamorecentrallocation.Thismay
notbefeasiblewithoutrunningalongEthernetcablesomewhere,and althoughweknowthattheentirepointofawirelessnetworkisthatyou don’thavetoruncables,sometimesthere’snowayaroundrunningone.
• Addanantennatoyouraccesspoint.Youcanbuysmallindoorantennas
thatincreasethesignalstrengthsomewhat,althoughsomeaccesspointsmay notallowyoutoconnectanexternalantenna(checkwiththemanufacturer
273
274
TheWirelessNetworkingStarterKit
ofyouraccesspointfirst,sincemanyactuallysellstrongerantennasor “signalboosters”thatarereallyjusthigher-gainantennas).
• Thinkaboutbuyinganewaccesspointthathasajackforanexternal
antennaorthatincludesamorepowerfulantenna.Manyaccesspoints, includingtheoriginalAirPortBaseStation,relysolelyonthetinyantenna onaPCCardinside.
• Considerbuyingoneormorenewaccesspointsandsettingthemupeitherfor
roaming(wherethey’reallconnectedtothesamewiredEthernetnetwork)or inaWDS-connectednetwork(wheretheconnectionbetweenaccesspoints iswireless).Eitherwayshouldhelpyouextendtherangeofyournetwork. SeeChapter20,BridgingWirelessNetworks,formoreinformation.
Problem:SignalIsIntermittent Q: MostofthetimeIhavenotroublemaintainingaconnectionwithmy accesspoint,butsometimesitdropsandcomesbackuplater.What couldbegoingon? A: Whenyouseethiskindofintermittentproblem,thinkinterference:
• Doyouhaveamicrowaveoventhat’sfrequentlyinuse?Microwaveovens
createinterferingsignalsinthe2.4GHzradioband.Testbywatchingthe signalstrengthindicatoronyourcomputerwhilerunningthemicrowave. Youmaybeabletosolvetheproblembymovingthemicrowavefarther fromyourwirelessnetworkdevices.Someindustriesusemicrowavesfor sealingplastic,amongotherpurposes,andifyou’reinanindustrialbuilding orneighborhood,thatcouldbeaproblemaswell.
• Doyouor,worse,yourneighborsinanapartmentbuilding,havea2.4GHz cordlessphone?Thesephonesarecommon,butbecausetheyoperateon thesamefrequencyas802.11b/gwirelessnetworks,thetwocaninterfere. Youprobablywouldn’thearanythingmorethansomecracklingonthe phone,butthephonecancausethenetworktodropoutentirely.Try separatingthephone’sbasestationfromyouraccesspointorcomputer.If you’rebuyingnewcordlessphones,900MHzphonesoffervoicequality andrangesimilartothatofferedbythe2.4GHzmodels,despitewhatthe manufacturersclaim.Youcanalsobuya5GHzcordlessphone.
• Lookoutforanyother2.4GHzdevices,suchasX10spycamerasor devicesfortransmittingaudioorvideotoastereoortelevision.Adam oncetestedadevicethattransmittedaudioplayedfromhiscomputerto
Chapter23| TroubleshootingYourWirelessNetwork
hisstereo—assoonasheturnedthedeviceon,hiswirelessnetworkcame toascreechinghalt.
Problem:ReceptionIsImpossible Q: Atmyworkplace,aconcrete-blockwallpreventsmywirelessnetwork fromcoveringtheentireoffice.HowcanIextendthewirelessnetwork tothecurrentlydeadareas? A: We’reassumingthatyou’vealreadytriedtheadviceaboutincreasingsignal strength.Repositioningtheaccesspoint,addinganotheraccesspointusing WDS,oraddinganantenna(particularlyifyoucanborrowonetotest)is aneasyfix.Ifthoseapproachesdon’twork,youhaveacoupleofoptions:
• Doyoureallyneedwirelessaccessontheothersideofthatwall?Ifnot,
it’sprobablyeasiertodrillaholethroughandrunanEthernetcable.Just becausewirelessnetworksareincrediblycooldoesn’tmeanthere’sanything wrongwithusingwiresoccasionally.
• Ifyoumusthavewirelessontheothersideofthewall,andyoucanrun wirethroughthewall,drillahole,runanEthernetcablethrough,and connectanotheraccesspoint.
BuyingaNewAccessPoint Whenhemovedintohiscurrenthouse,Adam realizedthatthecablemodemhadtobeinstalledinthedownstairsnortheastcornerof thehousebecauseofwherethecableconnectioncamein.Unfortunately,thatmeanthis accesspoint,whichhadtoplugintothecable modem,alsohadtobeinstalledinthatlocation.Initially,usingagraphiteAirPortBase Station,hecouldprovidewirelessnetwork accesstoeveryroominthehouseexcepthis wife’soffice,whichislocatedinthesouthwest cornerofthesecondfloor. UsinganiBook(whichhasabetterantenna thananAirPortBaseStation)runningSoftwareBaseStationastheaccesspointsolved theproblem,exceptfortyingupaperfectly
usefuliBook.NextAdamdecidedtorunan Ethernetcablethroughtheceilinguptothe secondfloor,wherehehadverifiedthatan accesspointcouldreachhiswife’soffice.Like manycable-pullingjobs,itwastiresomeand difficult,butsolvedthebasicproblem. Receptionstillwasn’tasgoodthroughout thehouseashewouldhaveliked,soafter hecannibalizedhisAirPortBaseStation’s LucentWaveLANPCCardforusewithhis long-rangewirelessconnection,Adambought aLinksysEtherFastgatewaywithapairof smalldipoleantennasthatprovidenoticeably bettersignalstrength.Thegatewaystilllives inAdam’sclosetinthebedroom.
275
276
TheWirelessNetworkingStarterKit
• Drillingholesisn’talwaysfeasibleoradvisable.Ifthat’syoursituation,
considerapairofHomePlugorHomePNAEthernetbridges,oneon eachsideofthewall,withasecondaccesspointpluggedintothebridge onthefarsideofthewall.Obviously,HomePlugisidealifallyouhaveis electricalconnections;giveHomePNAsomethoughtiftherearetelephone wiresyoucanuse.
• Knockdownthedamnwall.(Assumingit’snotloadbearing—it’sabad ideatotakeasledgehammertoaload-bearingwallunlessyouwantto droptheceilingonyourhead.)
Problem:NoWirelessConnectivity Q: Wirelessclientsseemtoseemyaccesspoint,butcan’tconnect.Any ideas? A: Inthissortofasituation,theproblemisoftenrelatedtoover-enthusiastic securitysettings,althoughtherecanbeotherproblemstoo:
• Ifyou’retestingwithonlyonecomputer,seeifothercomputerscanconnect. Ifso,theproblemislikelyspecifictothatfirstcomputer.Knowingthat theproblemrelatestooneparticularcomputershouldnarrowthefieldof futuretestsandsolutions.
• It’spossiblethattheclientsaretoofarawaytoconnectreliablydespite
claimingthattheycanseetheaccesspoint.Manysignal-strengthindicators insoftwaredon’tcorrespondproportionatelytosignalquality.Trymoving closerandcheckiftheproblemgoesaway,ordownloadNetStumbler (www.netstumbler.com)orMacStumbler(www.macstumbler.com)togather moredataonsignalstrength.
• RecheckthatusersareenteringyourWEPorWPAkeycorrectly.Especially whentypingalongWEPkeyof26characters,it’seasytomakeamistake, andasingleerrornegatestheentirekey.Somesoftwaredoesn’talertusers thattheWEPorWPAkeyisincorrect,makingdataentry-relatedproblems hardertotroubleshoot.
• Turnoff WEP,WPA,andMACaddressfilteringinyouraccesspointto findoutiftheyarepreventingclientsfromconnecting.
• Makesureyournetworknameisshortandhasnospacesorspecialcharacters init.
Chapter23| TroubleshootingYourWirelessNetwork
• Resetorpowercycle(turnoff,wait30seconds,turnbackon)your accesspoint.
• Checktoseeifyouneedtoupgradeyourfirmware. • Don’ttrythiswithoutaskingthevendor’stechsupportengineersfirst,but
youmayneedtodowngradeyourfirmwareinsteadofupgrading.Newer versionsarenotalwaysbetter.
• IfcomputersrunningWindowsXPcanconnect,butthoserunningother
operatingsystemscannot,theproblemmayberelatedtoanadministrator enabling802.1Xauthentication,whichwedescribeinChapter25,Preventing AccesstoYourNetwork.802.1Xauthentication,thoughagoodtoolforlarge organizations,issupportedonlywithsoftwareinstalledoneachwirelessly connectedcomputer.
NOTE Beforeyoupowercycle,makesurenetworkusersaren’tinthemiddleof somethingimportant.Powercyclinganaccesspointdisableseveryone’saccess, anditcanshuffleoutnewDHCP-assignedaddresses.
Problem:FrequentNeedtoResetAccessPoint Q: Everyfewdaystofewweeks,myaccesspointseemstofreezeup:I can’tconnecttoit,anditneedsrebooting.What’swrongwiththe gateway? A: Somegatewaysandaccesspointsappeartorequireregularrebooting:
• Ifyouownafirst-generationLinksysWAP11,beawarethatmanyreports andourexperienceshowthatitrequiredregularpowercycling,afterwhich itseemedtoworkjustfine.Laterfirmwarereleaseshelped—1.4ibeing thelatestforthatmodel—andanupdatedWAP11v2isimmunetothe problem.EarlyversionsoftheLinksysEtherFastgatewayhadthisproblem aswell.
• Thegraphiteversionofthefirst-generationAppleAirPortBaseStationhas areputationforrequiringregularbutinfrequentreboots.Latergraphiteunits andthenewersnowAirPortBaseStationsdonothavethisproblem.
• Ifyouexperiencethissortofproblemregularly,considerupgradingthe firmwareinyouraccesspoint.
277
278
TheWirelessNetworkingStarterKit
PerformingaPingTest Oneofthemostbasicwaystotestconnectivitybetweencomputersiswithapingtest, whichisessentiallysonarforcomputers.One computersendsapingtoanothercomputer ordeviceandwaitsforananswerback.Ifan answercomesback,theremotecomputeris workingandconnected;ifnot,theproblemis relatedeithertotheconnectionortolow-level networksoftware.Torunapingtest,allyou needtoknowistheIPaddressofthecomputer youwanttotest. To determine a computer’s IP address in Windows98/Me,clicktheStartmenuand chooseMSDOSPromptfromthehierarchical Programsmenu.(Microsofthasmovedthis commandaroundovertime;lookinAccessoriesinWindowsXP.)Then,typeipconfig tofindtheIPaddress.UnderWindowsXP, clicktheconnectioniconintheSystemTray thatcorrespondstothenetworkadapteryou’re using,andthenclicktheSupporttab.Onthe Mac,lookfortheIPaddressintheTCP/IP controlpanel(MacOS9)ortheNetwork preferencespane(MacOSX). Onceyou’vefoundtheIPaddress,youcan performasimplepingtestinWindowsby choosingRunfromtheStartmenuandtypingping 192.168.1.1(replacethatIPaddress withtheaddressofthemachineyouwant totest).InMacOSX,openTerminaland typethesamecommand.InMacOS9,you needautilitysuchasSustainableSoftworks IPNetMonitor(www.sustworks.com/site/ prod_ipmonitor.html)orStairwaysSoftware’s
Interarchy(www.interarchy.com ).Bothof thoseproductsarealsoavailableforMacOS X,wheretheyprovidegraphicalinterfaceson pingandothernetworkutilities. Thepingtestissuccessfulifyouseeaseries oflinesofsequentialnumbers,eachwitha timeattheend.Ifyouseelotsofgapsin thesequentialnumbers,thentherecouldbe somethingwrongwithyourlinktothelocal network,yournetwork’slinktotheInternet, ortheInternetconnectionbetweenyourISP andhigher-levelnetworks. You may have to press Control-C under WindowsandMacOSXtohaltapingtest inprogress;insomeoperatingsystems,ping continuesindefinitelyuntilstopped.Ifaping testworks,moveontoothertroubleshooting tests.Ifitdoesn’twork,lookforbadcablesand checktomakesurethebasicnetworksettings areconfiguredproperly.SomeDSLmodems thatallowtelnetconnectionsalsohaveping utilitiesbuiltin,andcanhelpeliminatethe localnetworkasaproblem. Onecaveat:somefirewallsoftwarehasan optiontobanIPaddressesfromwhichping testsoriginatetopreventcertainkindsofdenial-of-serviceattacks!Youcanturnthisoff, butitcanbeawfullymysteriousifyouforget, sinceyoucouldhaveinadvertentlybanned yourownmachines.Otherfirewallsoftware candisablepingresponsesaltogether(soit’s agoodideatoperformsomepingtestswhen everythingisworkingright,justtogathersome baselinedata).
Chapter23| TroubleshootingYourWirelessNetwork
• Thinkabouttheusualsolutions:addasurgeprotectortodealwithelectrical
problems;tryusinganuninterruptiblepowersupply(UPS)toprevent problemsresultingfrombriefpoweroutagesthataren’tlongenoughto entirelyresetthegateway;andconsidersendingthegatewayinforrepair ifit’sunderwarranty.
Problem:NoLinkbetweenWirelessandWired Networks Q: My wired and wireless computers can’t see each other. What’s wrong? A: Inmostcases,thesesortsofproblemsarecausedbyimpropersettingsfor wired-to-wirelessbridgingorbadcables:
• Checkyouraccesspointtomakesurethatbridgingbetweenwiredand wirelessnetworksissetupcorrectlyandturnedon.
• Ifyou’reusingasoftwareaccesspoint,makesurethecomputer’snetwork
settingsarestillcorrectandthatarebootorotherchangedidn’tdisable bridging.
• Verifythatthecablestoyourwiredcomputersarepluggedinproperly.
Don’tignorethepossibilitythatacablehasbeendamagedbysomeone steppingonitoramouseeatingthroughit.
• Ifyouhavemorethanonewiredcomputer,makesuretheycanseeeach other.
• Ifyourwirelessgatewayhasaresetswitch,pushittoclearerrors.(Seethe noteearlierin“NoWirelessConnectivity”aboutnotifyingotherusers.)
• Unplugyourwirelessgateway,wait30seconds,andplugitbackin. Sometimesthisclearserrorsnotfixedbypushingaresetswitch.
• Iftheproblemrelatestoaspecificservice,likefileorprintersharing,make
surethesoftwareisinstalledandconfiguredproperlyonallthecomputers inquestion.
279
280
TheWirelessNetworkingStarterKit
Problem:NoInternetConnection Q: Mywirelessnetworkbasicallyworks,butIcan’tseeouttotheInternet throughmymodem/DSL/cable/broadbandInternetconnection.What couldbewrong? A: Unfortunately,therearemanydifferentproblemsthatcouldcauseanInternet connectiontodisappear,andsomeofthemareoutofyourcontrol:
• Ifyou’reusingdynamicaddressing,verifythatyourcomputerhasbeen
assignedaDHCPaddress.Ifnot,theproblemmaybewithyourgateway ornetwork’sDHCPserver.
• DHCPmightnotbebroadcastingacrossallaccesspoints:mostDHCP
serversinaccesspointsneedtohaveanoptionenabledtobridgeDHCP ontothewirednetwork.
• ArogueaccesspointmightbeofferingIPaddressesthataren’troutedto
therestofthenetwork.We’veseenthisonourownnetworksandata recentconference.
LinksysEtherFastGatewayGetsConfused Adam’smainwirelessaccesspointisaLinksys EtherFastWirelessAP+Cable/DSLRouter w/4-PortSwitch,andforthemostpart,it’s servedhimwell.Afterheboughtit,about onceamonth,hiscable-modemInternetconnectionbecameunreachableeventhoughthe wirelessconnectiontothegatewayremained solid.Thereturnedouttobetwoslightlydifferentproblems.Onewassolvedbypressing theresetswitch;theotherrequiredcycling thepowertothegateway.Aftersuffering throughthoseirritationsforafewmonths, Adamupdatedthegateway’sfirmwaretothe mostrecentversion,andthoseproblemsdisappearedalmostentirely.
Then,whileresearchingWEPforthisbook andturningWEPonandoffandchanging keys,hesomehowmanagedtoputtheLinksys gatewayintoastatewhereeverythingseemed fine(andnothinghadchangedwiththeInternetconnection),butnoneofthecomputers couldaccesstheInternet.Tosolvetheproblem, AdamfirstverifiedthattheInternetconnectionwasstillworkingbyconnectinganiBook directlytothecablemodem.Thenhewrote downallhiscustomsettingsintheLinksys gatewayandresetittofactorydefaults.After re-enteringhissettings,everythingworked perfectlyagain.
Chapter23| TroubleshootingYourWirelessNetwork
• Worsethanarogue,someonemayhaveturnedonanadhocnetwork
withthesamenameasthenetworkyou’retryingtoconnectto.We’ve alsoseenthisatconferences.Findthatpersonandstophim,ormake sureyou’reselectingonlyfrominfrastructurenetworks.(InWindowsXP, selectWirelessNetworkConnection,clickAdvanced,andclickAdvanced again.InMacOSX,chooseonlyfromtheinfrastructurelistatthetop oftheAirPortmenu,notthecomputer-to-computernetworklistatthe bottomofthemenu.)
• Checkyourfirewallsettings.Toassociatewithmostaccesspoints,your
computerorotherdevicemustacceptDHCPbroadcasts,andanoverly tightfirewallcanrestrictDHCPbroadcasts,evenfromalocalnetwork. (Glennexperiencedthismysteryforseveralmonthswhenhetraveleduntil hediscoveredhisownoverzealousness.)
• Ifyourwirelessgatewayhasaresetswitch,pushittoclearerrors,but
onlyafteralertinganyotherusersonthenetwork(see“NoWireless Connectivity,”earlier).Failingthat,unplugyourwirelessgateway,wait 30seconds,andplugitbackin.Sometimesthisclearserrorsnotfixedby pushingaresetswitch.
• VerifythatthecabletoyourInternetconnection(whethermodemor router)ispluggedinproperly.Don’tignorethepossibilitythatthecable wasdamagedbysomeonesteppingonitorarodentchewingit.
• Resetyourmodem,router,DSLmodem,orcablemodem,orifithasno
resetswitch,unplugit,wait30seconds,andplugitbackin.(Andwerepeat again:warnotherusersonyournetwork,first!)
• Resetorpowercycleyourmodemorrouteragain,buttakecaretoturn offyourgatewayfirst,turningitbackononlyafterthemodemhascome backup.
• Ifpossible,testtheconnectionbyconnectingasinglecomputerdirectly
toyourmodemorrouter.Iftheproblempersists,contactyourISP’stech supportandaskforhelp.
• Writedownanycustomsettingsinyourwirelessgatewayoraccesspoint, andthenresetittothefactorydefaults.Enteryoursettingsagain.
• Upgradethefirmwareinyouraccesspoint.AdamrecentlysawanAsanté accesspointthatcouldn’tholdontoitsDHCP-assignedIPnumberfrom thecableISPuntilheinstallednewfirmware.
281
282
TheWirelessNetworkingStarterKit
• Tryadifferentwirelessgatewayoraccesspoint.
Problem:WDSDoesn’tWork Q:I’mtryingtouseWirelessDistributionSystem(WDS)tolinkseveral accesspointstogetherwirelessly,butIcan’tgettheunitstotalktoeach other.Whatgives? A:WDSisn’tstandardacrossequipmentfromdifferentmanufacturersandcan requirenumerousmanualsettingstobeentered.Considerthefollowing:
• AreyousureyouenteredeachMACaddresscorrectly?MACaddresses aresixsetsoftwocharacters,andasingleerrordoomstheconnection.
• DidyoufollowourinstructionsinChapter20,BridgingWirelessNetworks,
totestthateachremoteaccesspointinaWDSnetworkcouldseethe masterwhenthey’reincloseproximity?Youmightneedtomoveaccess pointsaroundtogetenoughsignalstrengthforittowork.
• Areyouexperimentingwithaccesspointsmadebydifferentcompanies?
AlthoughweknowthattheBuffaloWLA-G54andtheAppleAirPort ExtremeBaseStation(firmwarerelease5.1.1)workedwitheachother inlate2003,laterfirmwarereleasescouldrenderthisundocumented, unpromisedsupportinoperable.
• Apple’sAirPortAdminUtilitycantellyouwhetherornotagivenaccess
pointisconnectedviaWDS.ConnecttothemasterAirPortExtreme BaseStation,clickShowAllSettings,clicktheWDStab,andexamine theentries.Ifthesoftwarereports“noconnection”nexttoanaccesspoint, checktheaccesspointitselfandtheMACaddressyouentered.
WirelessSecurity
IV
Weallliketothinkwehaveprivacy,evenwhenoftenwedon’t.Somepeople moveintotheAlaskanoutback,50milesfromthenearesttruckstop,toensure thattheyhavenochanceofrunningintoanotherhumanbeing.Othersmaintain psychologicallimitswhilelivingindenseenvironments:thoughGlenncansee neighborsthroughhiskitchenwindow,throughmutualunspokenconsent,he andhisneighborsneveracknowledgeeachother’spresenceintheirrespective foodpreparationareas. Theseanecdotesillustratetheextremesofwirelessnetworkingaswell.As longasourwirelessnetworksareisolated,wedon’thavetoworryaboutothers. Theminutesomeonecomeswithinrange,ourprivacycanbecompromised. Transmissionsoverwirelessnetworks,becausetheygothroughwalls,ceilings, floors,andotherobstructions,areeasilyinterceptedbyconsumer-levelequipment justlikethegearyouusetoconnectyourcomputersandaccesspoint. Sowhatdoyouneedtoknowtostaysecure?Chapter24,WirelessWorries,looks atjustwhoshouldworryaboutsecurity,andwhataspectsofsecurityshould concernareasonableperson(paranoidscanskiptothenutsandboltschapters thatfollow).Chapter25,PreventingAccesstoYourNetwork,presentsanumber ofmethodsyoucanusetokeepunwantedvisitorsfromconnectingtoyour networkandsharingyourInternetconnection.Evenifyoudon’tmindsharing yourconnection,youshouldstillreadChapter26,SecuringDatainTransit,for adviceabouthowtoprotectyourvaluabledatafromotherlegitimateusersof yourwirelessnetwork.Andlastly,it’sworthcheckingouttherecommendations inChapter27,ProtectingYourSystems,forbasicsuggestionsonhowtokeep miscreantsoutofyourcomputers.
WirelessWorries
24
Securityissomethingweasasocietytolerate,notembrace.Anygivenperson’s comfortlevelwithsecuritymayvaryenormouslydependingontheirbackground andlocation.Forinstance,growingupinruralNewYorkStateintheearly 1980s,AdamlefthiscarkeysinhiselderlyDodgeColtwhenitwasparkedat home.Noonelivedwithinamile;carsdrivingbywereinfrequent,easilyseen, andusuallyannouncedbythefamilydog;andhey,itwasn’tlikearustyDodge Coltthatneededbitsofamousenestcleanedoutofitsfuelfilteronaregular basiswasworthmuch.LivinginapopuloussuburbofSeattleadecadelater, Adamnotonlydidn’tleavehiskeysinthecar(thenashinyredHondaCivic) whenitwasparkedinthedriveway,healsolockedthedoors. It’softeneasiertounderstandwirelesssecurityafterthinkingaboutareal-world examplelikeAdam’sbehaviortowardhiscarkeys.InruralNewYorkwithan oldcar,thelikelihoodofsomeonestealingthecarwaslow,andthepotential liabilityfortheworstcasewasalsolow.InsuburbanSeattlewithanewcar, thelikelihoodofthefthadincreasedsignificantly,ashadthevalueofthecar, causingAdam’ssite-appropriatebehavior—moreparanoidormorerealistic, youtakeyourpick.Nowtranslatethetwoconceptsoflikelihoodandliability towirelessnetworking.Youcaneasilydetermineyourownbalanceoffearand realismbyansweringtwosimplequestions:
• Howlikelyisitthatsomeonewillbreakintoyourwirelessnetworkorsniff (listeninon)thetrafficgoingacrossyourwirelessconnection?
• Whatisthepotentialliabilityiftheydo?
286
TheWirelessNetworkingStarterKit
Currently,AdamlivesfarenoughfromthepopulationcenterinIthacathat heandhiswifeTonyaaren’tworriedaboutthepotentialofasnooper:itwould bedifficultforsomeonetosharetheirconnectionwithoutparkingintheir driveway.Incontrast,GlennandhiswifeLynnresideinamoderatelydense partofSeattle.Oneday,soonafteryoungerneighborsstartedrentingthe housenextdoor,Glennflippedopenhislaptopandspottedtheirwireless network.So,forAdamthelikelihoodofasecuritybreachislow,whereas forGlennit’smoderatelyhigh.Ifyourcompanyisinanofficebuildingthat holdsothercompanies,thelikelihoodofsomeoneaccessingyournetworkis probablyveryhigh. Onthepotentialliabilityside,abusinessmightbeconcernedaboutwhether someoneinitsparkinglotcouldaccessitsconfidentialdata,suchasinvoicesas theypassbetweenemployeesandadatabase,emailcontaininginformationthat mightinterestcompetitors,orevencustomercreditcardnumbersthatmightbe encryptedoveralinkbetweenacompanyWebserverandacustomer’sbrowser, buttotallyunprotectedonalocalnetwork.Homeusershavefewerworries,of course,butshouldstillprotectpasswordsthatanattackercoulduseforlogging intoanonlinebankingaccountorbill-payingsystem,forinstance. Unlikeprivacyfanatics,wedon’twanttoturnyouintoatic-riddenparanoiac. Instead,wewanttopresentafairdiscussionoftherisksandpotentialoutcomes whenyourelyonwirelessnetworks. NOTE AdamwroteanarticleforhisnewsletterTidBITSthattalksaboutatheory ofprivacyandwhymostpeopledon’tgiveitmuchattention.Readitat http://db.tidbits.com/getbits.acgi?tbart=05951.
Let’slookfirstathowyourlocationplaysintosecurityconsiderations,then atthekindofdatathatmighttravelacrossyournetwork,andfinallyathow toevaluateyourindividualriskfactorssoyoucanseewhichoftheremaining chaptersinthissectionyouneedtoread.
LikelihoodofAttack Beforeyouthinkaboutwhatyou’resendingorreceivingoveryourwireless network,youshouldfirstconsiderwhereyouusewirelessnetworks,because locationaffectsthelikelihoodthatsomeonewouldtrytoconnecttoyour networkandsnoop.It’slikelythatyouusewirelessnetworksinoneormore ofthelocationsinTable24.1.Andwhenwesay“usewirelessnetworks,”we’re talkingabouteitheryourownnetworkornetworksrunbyothers,becausewhen youaccesssomeoneelse’swirelessnetwork,you’restillatsomelevelofrisk.
Chapter24 | WirelessWorries
Table24.1
LikelihoodofSnoopinginDifferentLocations Location
Details
LikelihoodofSnooping
Rural/faraway
Inyourhomeandfarfrom otherhouses
Extremelylow
Long-range
Overalong-range,point-topointlinkwithawirelessISP orneighbor
Low,duetothedirectionalnatureofmost point-to-pointlinks
Denseurbanor suburban
Inyourhomeinadense urbanareaorwithatleast severalotherhousescloseby
Moderatelyhigh,particularlyifyouhave high-techneighbors,butactualattacksare unlikely
Mixed-use
Inamixed-useresidential andcommercial neighborhood
Moderatelyhigh,sincebusinessesaremore attractivetargetsandaremorelikelytouse wirelessnetworks
Public-space neighborhood
Inaneighborhoodneara publicparkorwherepeople canparkonthestreet
High,sincecommunitynetworksreceive highusebyadiverse,anonymous population
Officebuilding
Inanofficebuildinghaving multiplebusinessesora nearbyparkinglotwithin lineofsight
Veryhigh,duetoproximityandthe attractivenessoftargets
Roaming
Whileontheroadin airports,cafés,hotels,and otherlocations
Moderatelyhigh,duetotheeaseofmonitoring,butrelativelylowriskbecauseno oneknowstowatchforyourparticulardata
Formostpeople(giventhatpoint-to-pointlong-rangeconnectionsarestill relativelyuncommon),unlessyoufallonlyintotherural/farawaycategory, there’sanon-triviallikelihoodthatsomeonecouldaccessyourwirelessnetwork orwatchyourtrafficwithoutyourknowledge. Payspecialattentiontotheroamingcategory.Evenifyouprotectyourown network,usingyourcomputerwhileconnectedtountrustednetworkscanstillput yourdataatrisk.Whetherthenetworkisfreeorfor-fee,youhavenocontrolover thenetwork-basedsecurityprecautions,andeveryoneelseusingthesamenetwork mayhavetheabilitytoseeyourdataintransitonawiredorwirelesslink.
DeterminingLiability Nowthatyouhaveasenseofhowtransparentyournetworkis,youneed toconsiderwhatyourliabilitywouldbeifsomeoneelseweretoaccessyour network.Differentpeoplehavedifferentconcerns,buttheybasicallybreak downintothreecategories:
287
288
TheWirelessNetworkingStarterKit
• AccessLiability.Whathappensifsomeoneusesmywirelessnetworkto sharemyInternetconnection?
• NetworkTrafficLiability.Whathappensifsomeoneisabletoeavesdrop onmywirelessnetworktraffic?
• ComputerIntrusionLiability.Whathappensifsomeoneonmywireless networkbreaksintomycomputer?
Let’slookateachofthesebriefly,andthenyoucanturntothenextthree chapterstolearnhowtoprotectyourself.
AccessLiability Doyouwanttoallowunknownpeopleaccesstoyourwirelessnetwork?This sortofthingdoesn’tcomeupwithwirednetworks,sincenooneinstallsEthernet jacksontheoutsideofahouseoroffice.Sincemanypeoplebelievestronglyin thesharingethic,askingthisquestionisn’tunreasonable.Althoughintentionally allowingpeopletoconnecttoyournetworkdoesincreaseyoursecurityrisk,the factthatyou’reawareofthepresenceofoutsidersonyournetworkmeansthat you’reprobablyalsomoreawareofthesecurityconsiderationstheirpresence engenders. Nomatterhowyouanswerthatquestion,afewproblemscanarisewhenever someoneaccessesyourwirelessnetworkforfriendly,oratleastbenign, purposes.
• Ifyouhaveamodem-basedInternetconnectionthatyoushareviaawireless
gateway,someoneconnectingtoyourwirelessnetworkcould(andlikely would)causeyourmodemtodialout.Thatmayormaynotbeaproblem initself,dependingonhowmanyphonelinesyouhave,butifyou’retrying tousetheconnectionatthesametime,yourperformancewouldsuffer.
• Ifyouuseacable-orDSL-basedInternetconnection,performanceisn’t
likelytobeaconcernmostofthetime,assumingtheunknownvisitorisn’t uploadingordownloadingvastquantitiesofdata.However,youmaybe inunintentionalviolationofyourISP’stermsofserviceoracceptableuse policybysharingyourconnectionatall.Intheworst-casescenario,your Internetconnectioncouldbeshutoffforthatviolation.
• IfyoupayfortrafficonyourInternetconnection,whichisquitecommon outsideoftheU.S.,lettingunknownpeopleshareyourInternetconnection couldresultinanastyandunexpectedbill.
Chapter24 | WirelessWorries
• Althoughwe’dliketoassumethatanyonehappeningonanopenwireless
networkwoulduseitresponsibly,thepossibilityforabusedoesexist.It’s possiblethatanunknownvisitorcoulduseyourwirelessnetworktosend spamorlaunchanInternetwormattack,forinstance,andwhileneither wouldlikelyhurtyouallthatbadly,yourISPmightshutyoudownfor beingthesourceoftheabuse.
• Lastly,considertheslaveringlegalhoundsoftheRecordingIndustry
AssociationofAmerica(RIAA),thosemoralisticguardiansofacorrupt andabusiveindustry.Ifsomeoneweretouseyourwirelessnetworktoshare copyrightedsongs,it’snotinconceivablethattheRIAAcouldcomeafter youastheputativesourceofthecopyrightinfringement.They’vesued universitiesfortheirstudents’behavior;howfarawayareyouasadefacto ISP,evenifyourserviceisfree?
NOTE Wecertainlydon’tencourageanyonetoviolatecopyright,ludicrousascurrent copyrightlawmaybethankstoDisney’swell-fundedlobbying,butwealso findtheRIAA’stacticsutterlyoffensive.
Yourmission,then,istodeterminehowconcernedyouareabouteachofthese access-relatedpossiblescenarios,afterwhich,ofcourse,youcanreadthenext fewchapterstoaddressyourconcerns.
NetworkTrafficLiability Youlikelybelievethatmostofyourprivatedatasitsonyourcomputer,that youtransmitandreceiveonlylimitedamountsofsensitiveinformation,and thatsomeonewouldhavetolistenataspecifictimetocapturethosebits.The realityofthesituationisthatwealltransmitandreceivequitealotofsensitive datathatpeoplewithcommonequipmentandwidelyavailablesoftwarecan extracteasily. Alldatasentorreceivedoverawiredorwirelessnetworkistransmittedinthe cleartoanyoneelseabletojoinorplugintothenetwork.“Intheclear”simply meansthatthedataissentinaformthatahumanbeingcaninterceptandthen eitherreaddirectlyorconverteasilyintoausableprogramorimagedata. Here’salistofwhatyoumightbesendingorreceivingintheclear:
• Youremailaccountpassword • Thetextofallemailmessagessentandreceived • Thecontentsofanydocumentssentorreceivedasattachments
289
290
TheWirelessNetworkingStarterKit
• ThelocationandcontentsofanyWebpagesviewed • Yourusernameandpasswordforanynon-secureWebsites(sitesthat don’tuseSSL)
• YourFTPusernameandpassword • AnyfilesyoutransmitviaFTP • Thetextofanyinstantmessagesyousendorreceive • ThecontentsofanymusicorotherfilesyousendorreceiveusingLimeWire, Kazaa,orotherpeer-to-peerfilesharingprograms
• TheIPaddressesandportnumbersofanyconnectionsyoumake • Timbuktusessioncontrolorfiletransfersessions Theseitemsarenotsentintheclear:
• ThecontentsofencryptedsessionsusingSSH,SSL,oraVPN(described inChapter26,SecuringDatainTransit)
• YouremailpasswordifyourISPusesauthenticatedSMTP(outbound)or APOP(inbound)
• TimbuktuProorpcAnywherepasswords • AppleShare passwords (if both client and server have encryption enabled)
• AnysecureSSLWebpages(theirURLsbeginwithhttps) • ThecontentsofanyemailmessageorfileencryptedwithPGPorsimilar public-keyencryptiontechnology
NOTE EvenifyoucloseyournetworkthroughmeanswedescribeinChapter25, PreventingAccesstoYourNetwork,youmaystillwindupexposingdatato networkcrackersandotherswhocanpenetratesomeofthebasicmethodsof preventingaccess.Wetalkaboutsecuringthecontentsofwhatyou’resending inChapter26,SecuringDatainTransit.
Eachitemthatyoumighttransferintheclearfallsintooneofthreecategories: accountaccessinformation(usernamesandpasswords),informationthatcouldbe usedtotrackyouronlinesteps,andcontentrelatedtowhatyousayanddo. We’reprettytransparentpeople(well,notliterally),sothereisn’tmuchthat wewouldsayordoonlinethatwewouldworryaboutsomeoneelsereading.
Chapter24 | WirelessWorries
Wemightbeembarrassedifthewrongpersonreadthewrongdocument,but that’sit.Butwhatifthatdocumentwerepostedonawidelyreadmailinglist orWebsite?Evenforus,thatcouldbeaproblem,andotherpeoplemight havedatathatcouldgetthemfired,damagetheirbusinesses,humiliatethem publicly,orcauselawsuitsordivorces.Youprobablyhaveaprettygoodsense ofwhetherornotyou’reatriskfromthethingsyousayordo. Similarly,informationthattracksonlinemovementdoesn’tworryeitherof us,sinceasjournalists,wecanalwaysclaimwevisitedaWebsiteforresearch purposes.(Thatmightnotworkifit’sasitewevisited1000times.)Butitdoesn’t takemuchimaginationtoseehowthefactthatapoliticianhadfrequented certainsexsitescouldruinhiscareer.Again,youprobablyhaveadecentidea ofwhetheryouronlinemovementscouldbeinanywaydamaging. Last,andmostimportant,isaccountaccessinformation,which,whenstolen, presentstwotypesofrisk.First,sincemostpeopletendtousethesamepasswords inmultipleplaces,havingyouremailpasswordstolencouldcompromiseamoresensitivesystem,likeyouronlinebankingaccount.Second,attackersoftenuse apasswordtooneaccounttobreakintoanotheraccount,workingtheirway everdeeperintoacomputerwiththeeventualgoalofstealingdata,causing damage,orusingthecomputertorunanautomatedprogramthatattacksother computers.Inthisrespect,protectingyourpasswordsisn’tsomethingyoudo justforyourownbenefit,it’ssomethingyoudoforthebenefitofeveryonewho maybeaffectediftheattackertakesoutaserverthatyouuse. TIP Withtheunderstandingthatit’snearlyimpossibletorememberdifferent passwordsforeverypossibleservice,werecommendusingthreedifferent passwords.Thefirstshouldbesimpleandeasilyremembered,butusedonly forWebsitesthatdon’tstorepersonalinformationaboutyou(suchasyour address,birthdate,orcreditcardnumber).Thesecondshouldbeharderto type;shouldincludeupper-andlowercaseletters,numbers,andpunctuation; andshouldbeusedforaccountswheresomepersonaldataisatrisk.Lastly, everyoneshouldhaveonehighlysecurepasswordthatislong,hardtotype, andessentiallyimpossibletoguess.Usethatforaccounts,likeyourbankand PayPal,wheremoneyisinvolved.Usingalongerpasswordwon’tpreventit frombeingstolenviaanunprotectedwirelesstransaction,butrealistically, mostpasswordsarestolenbybeingguessedorbecausesomeonewrotethem onaPost-itnote.
Ingeneral,becauseanythingyousendorreceivecouldbeinterceptedandread (text)orused(filesandprograms),youmustacceptthenotionthateverything couldbeexaminedorstolenifyou’reinalocationwhereotherpeoplemight beabletoconnecttothenetworkyou’reusing.
291
292
TheWirelessNetworkingStarterKit
Sowhat’syourliability?Obviouslyitdependsonthedatayou’retransferring, butnoonewantstheirpasswordsinotherpeople’shands,andwestrongly encourageeveryonetotakesomebasicprecautionsthatweoutlineinChapter 26,SecuringDatainTransit.Andifyou’remoreconcerned,thatchapteralso hassolutionsforeventhemostanxious.
ComputerIntrusionLiability Thefinalformofliabilityyoushouldconsiderwhenthinkingaboutsecurityfor yourwirelessnetworkiswhathappensifsomeoneusesyourwirelessnetwork tobreakintoyourcomputer. NOTE Protecting computers from intrusion via your wireless network isn’t fundamentallydifferentfromprotectingthemfromintrusionviayourInternet connection.However,manyintrusionprogramstrustcomputersonthesame localnetworkmorethancomputersontherestoftheInternet,andyoumust makesureyoursettingsreflectyourdegreeofrisk.
Weseeseveraltypesofconcernshere.
• Datatheft.Ifsomeonecangainremoteaccesstoacomputeranditsfiles,she couldeasilystealsensitivefiles.Allittakesisafewminutesofinattention, oramisconfiguredsetting,forsomeonetocopyfilesfromyourcomputer. Glennfoundthisoutbackin1994,whenhisUnixserver’spasswordfile wasfirststolen(butthepasswordsweren’tcracked,atleast).And,more recently,AdamwasirritatedwithhimselfafterhisISPaskedifheknew thatanyonecouldseefilesononeofhisMacsviaAppleShare.
• Datadamage.Youmayneverknowifsomeonehasstolenfilesfromyour computer,butyou’llcertainlyrealizeifheinsteadvandalizedyoursystemand deletedallyourfiles.Worse,someattacksfocusonmoresubtledestruction ormanipulationthatyouwouldn’tnoticeatall.Ifsomeoneweretotweak Excelspreadsheetswithhundredsofnumbersinthem,couldyoutell?
TIP A package called Tripwire ( w w w.tripwire.org for open source and www.tripwire.comforcommercialware)isdesignedtoscanyoursystem andcreateacryptographicsignatureforeachfile.You’rethensupposedto storethesesignaturesonunchangeablemedia,likeaCD-ROM.Eachtime Tripwireruns,itreportsonanychangedfiles,whichcouldhelpyoupinpoint compromises.
• Exploitation.Someattacksfocusonknownbugsinsoftwarethatallowa
remoteprogramorpersontoinfiltrateyourcomputerandtakecontrolof
Chapter24 | WirelessWorries
someofyoursoftwareortheentireoperatingsystem.Oncetheattacker hasestablishedthatlevelofcontrol,hecaninstallsoftwarethatattacks othercomputers,turningyourcomputerintowhat’scalledazombie. MostattacksareaimedatcomputersrunningsomeversionofMicrosoft WindowsorothersoftwarefromMicrosoft,suchasOutlookorInternet InformationServer.Overtheyears,manydifferentbugshavebeenfound thatallowattackerstotakeoveramachine;equallyasproblematicare wormsandvirusesthatmaycausedamage,replicatethemselves,turn theinfectedcomputerintoazombie,orallthree.Microsofthaspatched knownholes,butmanyWindowsusersdon’tdownloadandinstallthese securitypatches,leavingtheircomputersopentofurtherexploitationand infection.Otherattacksuseadenialofservice(DoS)approach,wherethe attackersendssomuchdatatoyourcomputerthatit’soverwhelmed.DoS attacksdon’tcausedamage,perse,buttheypreventnormaloperationand canbedifficulttoshutdown. NOTE Glennoncehadtospendafulldaywatchinghisnetworkbesaturation-bombed withgarbagetrafficbeforehecouldconvinceanISPfromwhosenetworkthe attackwaslaunchedthathehadaseriousproblem.Glennfinally,withinformal advicefromtheFBI,suggestedhemighthavetosuetheISP—afterwhichit tookactionandshutdowntheoffendingDSLcustomer(whowaslikelythe victimofanattackthathadturnedhiscomputerintoazombie).
Theliabilityforeachofthesescenariosisfairlysevere;butluckilyit’seasyto takesimpleprecautionsthatsignificantlyreducethelikelihoodofanythingbad happening.Chapter27,ProtectingYourSystems,offersthenecessaryadvice.
WhoShouldWorryAboutWhat Let’scombinelikelihoodandliabilityforanumberofsampleuserstoevaluate yourreal-worldrisksanddeterminewhichchaptersinthissectionaremost importantforyoutoread.
• Ifyou’reahomeuserwithnoimmediateneighborsornearbypublicspaces, andifyoudon’tbelieveyourdataisparticularlysensitive,youdon’thave muchtoworryabout.Atmost,readChapter27,ProtectingYourSystems, toseeifyouwanttotakestepstopreventanyonefromattackingyour computersovertheInternet.Otherwise,justskiptherestofthissection.
• Ifyou’reahomeuserinanurbanenvironment,youshoulddefinitely readChapter25,PreventingAccesstoYourNetwork,andthediscussion ofprotectingemailpasswordsinChapter26,SecuringDatainTransit.If
293
294
TheWirelessNetworkingStarterKit
you’reconcernedaboutthesensitivityofyourdata,readtherestofthat chapteraswell.It’salsoworthreadingChapter27,ProtectingYourSystems, justincase.
• Ifyoumaintainawirelessnetworkinabusiness,youshouldreadallthe
chaptersinthissection,thinkinghardaboutyourcompany’sriskfactorsas yougo.Inparticular,inChapter26,SecuringDatainTransit,considerhow faryouwanttogotoprotectyourcompany’ssensitivedata.Alsoimportant isChapter27,ProtectingYourSystems,becauseyourdataisprobablymore attractivetoelectronicthievesthanthedataofahomeuser.
• Ifyouregularlyusewirelessnetworkswhiletraveling,besuretoread
Chapter26,SecuringDatainTransit.Themoresensitiveyourdata,the moreseriouslyyoushouldconsidertheapproachesinthatchapter.
NOTE There’snoeasywaytosaythis.Security,whetheryou’retalkingabout protectingyourcar,yourhome,oryourwirelessnetwork,ishard,mostly becauseit’salwaysabattlewithanotherhumanbeing.Lockingyourdoor withasimpleknoblockstopsamateurthieves,butkeepingmoreexperienced thievesoutrequiresastrongdeadbolt.Andifyoulivewhereburglaryislikely, orifyouhaveespeciallyvaluableproperty,youhavetothinkaboutwhether multiplelocks,alarmsystems,orbarsonthewindowsarealsonecessary. Unfortunately,thekindofpeoplewhobreakintonetworksareusuallymuch smarterthangarden-varietythieves,andasaresult,thesecuritymeasures youmusttaketostopthemarecommensuratelymorecomplicated.So,our apologiesupfront,butthechaptersinthissectionareinherentlymoretechnical thanmuchoftherestofthebook.
25
PreventingAccessto YourNetwork
Untilmid-2003,thetoolsavailabletopreventbothcrackersandcasualpassersby fromaccessingyournetworkandthecomputersonitrangedfromfairtopoor. Thankfully,abroad-basedindustryalliancehasbroughtrealsecuritytohome andsmall-officeuserswithoutincreasingcomplexity,thoughsupportforthis new,securestandardisstillmakingitswayintothemarketplace. Westart,however,withtwotechniquesyou’veheardalotabout,andwhich companieshavetendedtoemphasizeinthepast,butwhicharealmostcompletely uselessagainstanyonewithafewsimpletools. Wethenmovetotherealsecuritymeasures:theoldtechniques,andwhythey’re broken;plusthenewmethod,andhowtouseit.
SopstoSecurity Intherealworld,peopleinterestedinsecuritymayremovethestreetnumbers fromhousesortakethecompanynameoffthefrontdoor.Stillothersputup large“NoTrespassing!”signs.Theseapproachesdon’tpreventburglarsfrom breakingin,andthey’reunfortunatelyanalogoustoseveralcommonapproaches tosecuringawirelessnetwork.
296
TheWirelessNetworkingStarterKit
ClosingYourNetwork Mostwirelessaccesspointsenableyouto“close”yournetwork,whichturnsoff amessagewiththenetwork’snamethattheaccesspointotherwisebroadcasts continuously.Thesebroadcastsmakeiteasyforwirelessadapterstofindand connecttonetworks. Someaccesspointscallthisoptiona“closednetwork,”andothersaskifyou wantto“disablebroadcastname.”Nomatterwhattheterminology,aclosed network’snamedoesn’tappearinthelistofavailablenetworksinordinary clientsoftware(Figure25.1). Figure25.1 Closingyour networkprevents casualusersfrom seeingthenetwork name.
SSID:ClosedNet
Internet
Butwithalittleeffort,a snoopercandetermine thenetwork’sname.
Don’tbelulledintoafalsesenseofcomplacency.Althoughaclosednetwork offersprotectionfromthemostcasualobserver,manyprogramsthatcanmonitor wirelessnetworks—fromcommercialdowntoopen-sourcefreeware—can easilyseethenamesofclosednetworks. Inshort,ifyoudon’twantaveragepeopleconnectingtoyournetwork,there’s nothingwrongwithmakingitaclosednetwork,buttheonlypeopleyou’re keepingoutarethosewhoalmostcertainlyweren’tasecurityriskanyway.
AccessControlbyNetworkAdapter There’sanothermostlyuselesswaytorestrictaccesstoanetwork:allowonly specificnetworkadapterstoconnect(Figure25.2).LikeallEthernetnetwork adapters,aWi-FiadapterisidentifiedbyitsMAC(MediaAccessControl) address,auniqueserialnumberassignedtoeverynetworkadapter. However,aswenoteinAppendixA,NetworkingBasics,MACaddressesare notimmutableandcanbespoofedrelativelyeasily.Forinstance,manygateways andaccesspointsletyouchangetheirEthernetadapter’sMACaddressto simplifyconnectingtoISPsthatlockconnectionstoaspecificnetworkadapter. Theydon’tposeasecuritythreat,butit’snotmuchhardertochangetheMAC addressofawirelessnetworkadapter.
Chapter25 | PreventingAccesstoYourNetwork
Figure25.2 Restrictingaccess byMACaddress keepsunauthorized computersout ofyourwireless network.
Internet
Attacker’scomputerisn’t allowedtoconnecttoyour wirelessnetworkbecauseits MACaddressisn’tauthorized.
Thisflexibility,combinedwiththefactthatMACaddressesaresentinthe clearevenonencryptednetworks,meansthatacrackercaneasilyseeMAC addressesinuseandthenassignoneofthoseaddressestoherequipment.As withaclosednetwork,restrictingaccessbyMACaddresswillkeephonest peoplehonest,butitwon’tdosquatagainstadeterminedintruder. TIP Manynetworksdon’tevenusetheMACaddresstoauthenticate,butrather usetheDHCP-assignedIPaddress—whichiseveneasiertoguess!Readthis disturbingaccountinNewArchitectmagazineatwww.newarchitectmag.com/ documents/s=2445/na0902h/.
EncryptionandControl Let’sgettothegoodstuff.Whileclosednetworksandadapteraddresslimitations don’tdomuchgood,thereishope!Insteadoftryingtohideorrestrictaccess, youcanusetechnologycalledWEP(WiredEquivalentPrivacy)torequire thatusersenterapasswordtojoinanetwork;thatsamepasswordisusedto scrambleallthedatapassingoverthenetwork.Withoutthepassword,noone canconnecttothenetworkorinterceptthedata. Thiskindofencryptionappearedalongside802.11bbackin1999,butavariety offlawsmadeiteasilycrackable.Itsreplacementisnowathand.Wefirsttellyou aboutWEP,becauseit’sstillinwideuse,andthenaboutitssuccessor,WPA, whichwestronglyrecommendyouupgradetoifyoucurrentlyuseWEP.
WEPEncryption Thedevelopersof802.11bintendedWEPtodopreciselywhatthenameitself says:offeranequivalentlevelofprivacytowhatcouldbefoundonastandard wirednetwork.Tocompromiseawirednetwork,anattackergenerallyneeds tobreakintoaroomandinstallanetwork-sniffingprogramthatwatches traffictravelingoverthewire.
297
298
TheWirelessNetworkingStarterKit
WEPwasdesignedtoactmerelyasalockeddoor,tokeepintrudersfrom penetratingtothewirelessnetworktrafficitself;othermeasuresweresupposed tobolsterthisinitiallineofdefense.WEPbasicallyencryptsallthedatathat flowsoverawirelessnetwork,preventingattackersfromeavesdroppingon networktraffic(Figure25.3). Figure25.3 TurningonWEP preventsattackers fromeavesdropping onnetworktraffic.
Internet
Attackercan’tunderstand WEP-encryptedtrafficwithout theappropriateWEPkey.
Unfortunately,eventhisrelativelyminimalprotectionwascrippledbecause ofseveralbrain-deaddecisionsmadeonthecryptographicfront,andbecause someoptionswerebuiltinbutneverenabled.Also,eventhoughWEPstill offerssomelevelofprotection,mostpeopledon’tturnWEPonbecauseit’s apaintouse. WEPworksbyusinga“sharedsecret”:anencryptionkey(uptofourper network)sharedbyeveryoneonthenetwork.Yourwirelessnetworkadapter usestheencryptionkeytoencodealltrafficbeforeitleavesyourcomputer. Then,whenthedataarrives,theaccesspointusesthekeytodecodeitintoits originalform. UsersmustentertheWEPkeymanually(andtediously)oneverycomputer thattheywanttoconnecttoaWEP-protectednetwork.Worse,thekeyis oftenexpressedinthebase-16hexadecimalnumberingsysteminwhichthe lettersAthroughFrepresent10to15asasingledigit.Mostusershaven’tthe slightestideaofhowtodealwithhex(reasonablyenough—that’swhatcomputers arefor!).Ifyoucombineuserconfusionwiththetediumofinventing(onthe accesspoint)andenteringstringsofhexadecimalnumbers,youcanseewhy WEPisannoyingtouse. YouenableWEPinanaccesspointbyinventingasequenceof10or26 hexadecimaldigits(correspondingtoa40/56/64-bitkeyora104/128-bitkey). Luckily,someaccesspointshaveafeatureinwhichyoutypeapassphraseand thentheaccesspointtranslatesthatintohexadecimaldigitsforyou.Alladapters andaccesspointsmustusethesamelengthofkeyonasinglenetwork.
Chapter25 | PreventingAccesstoYourNetwork
NOTE KudostoMicrosoftforhowitsetupitsWirelessBaseStation:thedefault walkstheuserthroughaddinga128-bitWEPkeyandstoringthebackup onafloppydisk.
TIP SeeChapter17,SettingupaGateway,fortipsonenteringWEPkeysin accesspoints.
HowWEPisBroken Asidefromtheusabilityproblems,howisWEPbrokenfromasecurity standpoint?Here’saquickrundownofWEP’smajorflaws:
• Sharedsecret.EverycomputeronaWEP-protectedwirelessnetwork
needsasetofonetofourkeysthatusersmusttypicallytypeandwhich cansometimesbereadasplaintext.Thecomplexityofmanagingkeys makesiteasyforanattackertocomebyakeythroughsocialengineering (askingsomeoneforthekey),carelessness(thekeywrittenonapieceof paper),ordisgruntlement(afiredemployee).Mostkeysareneverchanged afterthefirsttimethey’reentered.
• Encryptionweaknesses.BecauseofhowWEPgeneratesuniquekeys
bycombiningtheactualWEPkeywitha24-bitnumberknownasan initializationvector,theactualkeycanbeextractedrelativelyeasily.The initializationvectorisn’tusedcorrectlybysomemanufacturers(whosetit tothesamenumberforeverypacket),oriscreatedinapredictablefashion byothers.Thisresultsinthereuseofkeys,makingiteasiertobreakthe code,defeatingthestrengthsoftheunderlyingencryptionsystem.
TIP EverwonderedwhywetalkaboutWEPkeysasbeing40/56/64-bitand104/ 128-bitinsteadofjust64-bitand128-bit?Somecompaniesanddiscussions excludeorincorrectlyaccountforthe24-bitinitializationvectoraspartof theoverallkeylength.
• Lackofintegrity.Whilethisisusuallysomethingthatpoliticalopponents accuseeachotherof,integrityindatatransmissionmeansthatanadapter sendingapacketprovidessomeinformationthatallowsareceivingstation tocheckthatthedatathatarrivedwasn’ttamperedwithinprocess.WEP’s systemusesasimplemathematicalformulathatwouldallowanintruderto rewritepacketsanddisruptanetworkorcorruptdatawithoutdetection.
299
300
TheWirelessNetworkingStarterKit
Theselasttwoproblemsmaysoundobscure,butanattackerneedsnospecial knowledgetoexploitthem;freeautomatedtoolsperformallthehardwork (see“ExtractingWEPKeys,”laterinthischapter). TIP Formoreaboutwirelessencryptionproblemsandsolutions,seeGlenn’s regularlyupdatedsecuritystatusreportat http://wifinetnews.com/ weak.defense.html.
DespitethesefaultswithWEP,auserwithrelativelylittletrafficonhisnetwork and/orwithlittletoworryaboutintermsofinterception(passwordsbutnot proprietarydata)cangenerallyrelyonWEPastheonlymeansofprotecting thenetwork.Apotentialattackerwouldhavetobeverydetermined,scanninga networkforperhapsseveraldaysorevenweeks,toassemblethepiecesnecessary tobreakaWEPkey.
ASenseofSecurity Withalltheseflaws,you’dhopethatsomeofthegiantbrainsthatdevelop wirelessnetworkingstandardswouldfixthesecuritysystem.Yourhopehas paidoff:theIEEE802.11itaskgrouphasbeenworkingforyearstoreplace WEPwithaforward-thinking,yetbackward-compatible,solutionthatwould returnWEPtoitsrightfulroleasafirstlineofdefense.Thefirstfruitsofthat workhavenowappearedinWi-FiProtectedAccess.
Wi-FiProtectedAccessand802.11i RememberthoseflawswementionedinWEPafewparagraphsabove?They’re gone.Poof.Nomore!With802.11i,phantomsecurityhasbeenreplacedwith therealthing.Aswewrotethiseditionofthebook,802.11iwasn’tfinalized, buttheWi-FiAlliancehadtakenmattersintoitsownhandsbyreleasingan interimversionof802.11icalledWi-FiProtectedAccess(WPA). WPAisasubsetof802.11i,lackingjustafewfeaturesthataren’tcriticalto near-termsecurity,anddesignedtoallowupgradestofull802.11iwhenthe taskgroupfinishesitswork.IfitsoundsliketheWi-FiAlliancewasacting highhanded,rememberthatthecompaniesthataremembersofthetradegroup arealsomembersoftheIEEEcommitteesthatdevelopthesestandards. Forclarity,wetalkaboutthesefeaturesasbeingpartofWPA,sinceithasno uniqueelementsthatwon’tbeincludedin802.11i.
WPA/802.11i’sFixes Let’stakethefixespoint-by-pointaswedidabove:
Chapter25 | PreventingAccesstoYourNetwork
• Sharedsecret.LikeWEP,WPAusesuptofourkeysthateveryonewho
accessesanetworkagreeson,butratherthanusingobscurehexadecimal numbers,thesystemallowsforaplaintextpassword.InWPA,thisis calledthepre-sharedsecret.Sometoolscallitthepre-sharedkeyorPSK, whichisn’tquiteaccurate.UnlikeWEP,thepre-sharedsecretisn’tactually theencryptionkeyitself.Instead,thekeyismathematicallyderivedfrom thatpassword.Ofcourse,ifsomeoneobtainsthepre-sharedsecret,they canstillaccessyournetwork,butcrackerscan’textractthatpasswordfrom thenetworkdata,aswaspossiblewithWEP.
TIP Officeandacademicnetworks—networkswithcentraluserdatabases, mostly—canbypassthepre-sharedsecretandhaveeachclientassigneda constantlychangingkeyafteritlogsin.802.11iwillmakethistaskeveneasier bypassinginformationaboutwhoisalreadyloggedinamongaccesspoints, allowingeasierroamingacrossacompany.SeeChapter22,SmallOffice Wi-FiNetworking,fordetails.
• Encryptionfixes.WPAintroducesanewkindofkeyusingTKIP(Temporal
KeyIntegrityProtocol),whichincreasesthesizeoftheinitializationvector to48bits,andensuresthatthechoiceofthatnumberisn’tpredictable. Thischangevastlyincreasesthecomplexityofbreakingtheencryption system—byseveralordersofmagnitude.Engineersestimatethatakey won’trepeatforover100yearsonasingledevice.Evenmoreremarkable, eachpacketwillhaveitsownuniquekeycreatedbymixingthevectorwith amasterkey.
NOTE Withthefull802.11istandard,userswillalsohaveaccesstoencryptionusing AES(AdvancedEncryptionSystem),whichisvastlymoresecurethaneven TKIP.
• Betterintegrity.Theintegrityofpacketsisnowensured,eliminatingthe chanceofnetworkdisruption.
TheonlygotchawithWPAand802.11iisthatdevicesthatdon’tusethenewer securitystandardmustrevertbacktoWEP,andpacketssentbetweenthose devicesandtheaccesspointaresusceptibletobeingbroken.
WPA/802.11iAvailability WPAand802.11iwerebothdesignedtoallowuserstoupgradeolderhardware tosupportthenewTKIPstandardviafirmwareupdates.Newerequipmentis requiredonlyformoreadvancedencryption,whichisn’tstrictlynecessaryfor
301
302
TheWirelessNetworkingStarterKit
non-militaryusesrightnow.(Computationalwaysmovesforward,soencryption expertswantsystemsthatcan’tbebrokenforepochalperiodswhentheusual advancesintechnologyarefactoredin.) Unfortunately,todate,we’veseenWPAupgradesonlyforhardwarethatshipped during2003,mostly802.11gdevices.Manufacturersmadesomanypromises aboutfixingsecuritythatweferventlyhopetheywillultimatelyreleasefirmware upgradesforallexisting802.11a,b,andgdevices,butwe’restillwaiting. BecausetheWi-FiAlliancecertifieshardwarecompliance,bytheendof2003 theWPAstandardwillbecomearequiredpartofwhatmanufacturersmust supporttohavehardwarecertifiedwiththeWi-Fitrademark.Microsoftreleased clientsupportforWindowsXP,2000,and2003inearly2003,whileApple haspromisedsupportinMacOSX10.3Panther.SeeChapter6,Connecting YourWindowsPC,andChapter8,ConnectingYourMacintosh,forinstructions onhowtoconfigureWPAforeachplatform. TIP For the latest details on WPA’s availability and support, see Glenn’s regularlyupdatedsecuritystatusreportat http://wifinetnews.com/ weak.defense.html.
KnowYourEnemy So,whoarethesepeopleattackingyournetworkandhowaretheydoingit? ToparaphrasetheHarryPotterbooks,youmustlearnaboutdarkmagicto defendagainstit. Thetoolsavailabletomonitorandevenbreakintowirelessnetworksaren’t designedwithevilintent.Forthemostpart,theyweredevelopedtodemonstrate thatpotentialweaknesseswereinfactsecurityholes.Networkadministrators needthesekindsoftoolstounderstandhowtobettersecurethedatathat flowsovertheirnetworks.They’realsotremendouslyusefulwhensearching foropenwirelessnetworkswhenyou’reoutandabout,fortroubleshooting certaintypesofnetworkproblemsonyourownnetwork,andforplanninga newwirelessnetwork. Thesetoolsfallintothreecategories.Somescanconstantlytohelpyoufind openorclosedwirelessnetworks,reportingsignalstrengthandwhetheror notWEP/WPAisenabled.Othersinterceptwirelessdataandconvertitinto somethingyoucanread.And,incaseyoudidn’tbelieveuswhenwesaiditwas easytobreakWEPkeys,there’sevenatoolthatdoesthatwithnoeffort.
Chapter25 | PreventingAccesstoYourNetwork
NOTE Wedon’tevenplaylawyersonTV,butwestilladviseyoutoconsiderwhether ornotit’slegaltorunanyofthesetoolsinyourcountry,state,county,province, canton,city,ortown.Anincreasingnumberoflawsmakeitillegaltoscan networks—evenpassively—unlessyoueitherownthenetworkorhaveexplicit written(onpaper,notemail)permission.
StumblingontoWi-Fi MosttypesofwirelessclientsoftwareautomaticallydetectopenWi-Finetworks andpresentyouwithalistofpossibilitiestowhichyoucanconnect.Butfew oftheprogramsbuiltintotheoperatingsystemorprovidedbyWi-Fiadapter manufacturersgomuchfurtherthanthat.Foradditionalinformationabout thewirelessnetworksinyourvicinity,turntooneofthestumblerprograms. Theseutilitiessniffforaccessiblewirelessnetworks,displaythosethatthey find,andpresentyouwithadditionalinformationabouteachone. Datathatthestumblerprogramscanprovideincludesnetworkname,channel, signalstrength,andWEP/WPAencryptionstatus.Allareusefulforseeing howsignalstrengthforagivenWi-Finetworkchangesasyoumovearound; somecanevenprovideagraphofsignalstrengthovertime,whichcouldbe usefulfordetermininghowenvironmentalconditionsaffectalong-range wirelessInternetconnection. Here’salistofthemainstumblerutilities;notethattheytendtoworkonly withspecificWi-Fiadapters,soit’sworthcheckingcompatibilitybeforeyou download.Unfortunately,therearen’tanystumblerutilitiesforthePalmyet.
WindowsStumblers
• Netstumbler(www.stumbler.net)isthebestknownofthestumblerutilities
(Figure25.4).ItworksonlyinWindows98/Me,Windows2000,and WindowsXP,anditsupportsalargenumberofWi-Fiadapters,including some802.11acardsinWindowsXP.Itsetthestandardforthebasicset ofstumblingfeatures,includingsupportformappingdiscoveredaccess pointswithaGPSdevice,thoughitcan’tdetectclosednetworks.
• ApSniff(www.bretmounet.com/ApSniff/)isasimplewirelessnetwork
snifferthatworksonlywithWindows2000andWi-Fiadaptersthatuse thePrism2chipset.
• Aerosol(www.stolenshoes.net/sniph/aerosol.html)is,likeApSniff,a
simplewirelessnetworksnifferforWindowsandWi-Fiadaptersthat usetheIntersilPrism2chipset,alongwiththeOrinocoadapters.
303
304
TheWirelessNetworkingStarterKit Figure25.4 ANetstumbler screencapture sharedonthe Internetshowingan enormousarrayof interestingpoints.
MacintoshStumblers
• MacStumbler(www.macstumbler.com)fillsNetstumbler’sroleasthebest
knownoftheMacintoshstumblingutilities(Figure25.5).Itoffersall thebasicfeaturesofdiscoveringaccesspoints,andwiththemostrecent release,itgainedGPSsupportformappingthelocationofdiscovered accesspoints.ItworksonlywithAppleAirPortcards,butsinceitdoesn’t workinmonitoringmode,itcan’tdetectclosednetworks.
Figure25.5 MacStumbler scanningGlenn’s network.
• KisMAC(www.binaervarianz.de/projekte/programmieren/kismac/)is
relatedtoKismet(see“UnixStumblers,”next)onlyinnameandbasic function(Figure25.6).ItworksonlyonMacOSX,andonlywith AppleAirPort(notAirPortExtreme)cards,alongwithOrinocoand CiscoAironetPCCards.ItcandoroughlywhatKismetcan,including theGPSmapping.KisMACistheonlyMacintoshstumblerprogram thatputstheAirPortcardinmonitoringmode,thusenablingittofind closednetworks,andallwhilebeingcompletelypassive(otherprograms sendoutproberequests).
Chapter25 | PreventingAccesstoYourNetwork
Figure25.6 KisMACmapping locationsinan examplefromthe developer’ssite.
• iStumbler(www.istumbler.net)isafreeopen-sourcestumblingtoolfor
MacOSXthatprovidesacleanAquainterface.It’sayoungprogram, soitworksonlywithAppleAirPortcards,hasonlyexperimentalGPS support,anddoesn’tyetofferthefullfeaturesetofotherstumblers.It’s pretty,though.
UnixStumblers
• dstumbler(www.dachb0den.com/projects/dstumbler.html)worksinBSD-
basedUnixoperatingsystems.Alongwiththeusualfeatures,dstumbler offers color signal-to-noise graphs that can help you troubleshoot interference,GPSsupportformappingthelocationofdiscoveredaccess points,audiosupportforreportingaccesspoints,anddatalogging.
• Kismet(www.kismetwireless.net)isaUnix-basedwirelessnetworksniffer thatcandiscoverclosednetworks,identifythemanufacturersofdiscovered accesspoints,mapaccesspointlocationsviaGPS,crackWEPkeys,and muchmore.Itworkswithalargenumberof802.11bcards,andeven 802.11acardsusingaspecificchipset.Kismetisdistributedonlyinsource codeform;it’snotforthetechnicallyinexperienced.
PocketPCStumblers
• Ministumbler(www.stumbler.net)isaportofNetstumblerforuseon
PocketPChandheldsrunningPocketPC3.0and2002.It’savailable fromtheNetstumblersite,butit’salmostimpossibletofindanydetails aboutitthere.MinistumblerrunningonaPocketPCprobablymakesfor ahighlyportableWi-Fidetector,thoughthecombinationmightbenefit fromanexternalantennaforpickingupweakernetworks.
305
306
TheWirelessNetworkingStarterKit
OtherStumblers
• RedFangisthefirstprogramthatdemonstrateshowdatacanbestolen fromBluetoothdevicesunprotectedbydefaultsecuritysettings.Ofcourse, sinceBluetoothhasarathershortrange,andsincemanyBluetoothdevices arequitemobile,therealsecurityrisksarelikelytobequiteminimal.Red Fangisn’tavailablefordownloadasfaraswe’vebeenabletofind.
ListeningIn Onceyou’reconnectedtoawirelessnetwork,youcanlistenintoallthetraffic onitbyplacingyournetworkinterfaceinwhat’scalledpromiscuousmode.A computerinpromiscuousmodelistenstoalltrafficonthenetwork,notjust packetsintendedfortheparticulardevice. Themostgraphicalapproachtolisteninginisaproof-of-conceptMacintosh toolcalledEtherPEG(www.etherpeg.org),whichextractsimagesastheyflyby fromWebpageviewingandcreatesarandomcollageonscreen(Figure25.7). It’safuntoolforaconferencewhereyoucanwatchpeoplebecomeboredand startbrowsingtheWebinsteadofpayingattentiontothepresentations.The goaloftheEtherPEGcreatorswastodemonstratejusthoweasilysomeone canlistentoyourwirelessnetworktrafficifyoudon’ttakebasicprecautions liketurningonWEP. Figure25.7 EtherPEGwatching thegraphics whizzingbyonthe wirelessnetwork.
Closertothenetworklevelistcpdump,acommand-lineutilityfoundinmost UnixandLinuxdistributions,andalsoavailablefromtheMacOSXcommand line.ThetcpdumputilityshowstheheadersfromTCP/IPpacketstransiting thenetwork.ThisletsyouseewhichIPnumbersareinuseandwhatkinds oftrafficnetworkusersareengagedin.It’sausefulnetworktroubleshooting tool,butisn’teasytouse.
Chapter25 | PreventingAccesstoYourNetwork
TheUnixandWindowsntoputility(www.ntop.org)collectsdatacomprehensively, buildingadatabaseasitworks,andthenpresentsaWebinterfacethrough whichyoucanexamineconnectionsandtrafficstatistics.Aswithtcpdump, ntopcanproveextremelyusefulwhentrackingdownnetworkproblems.
TheWarPrefix Youmighthavereadarticles—someofthem writtenbyGlenn—aboutwardriving,warflying,warwalking,warcycling,andwarchalking. Allthesetermsessentiallydescribedifferent waysoffindingotherpeople’swirelessnetworks.The“war”prefixinthesewordshas nothingtodowithactualviolentconflict,but isborrowedfromWarGames,a1983movie demonstratingthethreatofcomputer-driven nuclearwar.WarGameswasoneofthefirst mainstreammoviesaboutcomputerhackers. InWarGames,MatthewBroderick’scharacter findsopenmodemconnectionsbyhavinghis computerdiallotsofnumbersuntilithitsan answeringtone.Onceconnected,hetriesto breakintothecomputerconnectedtothatmodem.Hackerscallthisprocess“wardialing.” Thefirsttakeoffwas“wardriving,”which is the technique of driving around with NetstumblerorMacStumblerrunningona laptopcomputerinthecar.Asyoudrive,the programgathersinformationaboutwireless networksthatyoupass(see“ListeningIn,” next).Warwalking,warcycling,andwarflyingareallthesameidea,varyingonlybythe modeoftransportationused. Warchalkingisasortofsecond-orderderivativeword.MattJones,aLondonresident,decidedthatthehobochalklanguage usedinthelate1800sandthroughWorld WarIIbyitinerantscouldbeadoptedtothe
taskofmarkinginformationinthephysical spaceaboutnearbywirelessaccesspoints (www.warchalking.org). The media quickly leapt on this—that’s whenGlennwrotewhathedescribesasa well-balanced story about it for TheNew YorkTimes—andspunthestoryquicklythat warchalkingwasusedtoidentifynetworksthat couldbecracked.Infact,thereisnowayto determinehowcommonwarchalkingis.And, there’snorealtellingwhetherit’sbeingusedto showcommunitynetworks,individualaccess pointsthatpeoplehavepurposelyshared,or networksthatwereintendedtobeprivateand secure(Figure25.8). Atthiswriting,mostwarchalkingreportscome fromindividualswhochalktheirownaccess points.Somesuspectthatthemediahysteria maybefedbypranksterswhowarchalkin nonsenselocations.We’veneverseenamark inthewild,norhasanyoneweknowthroughoutanextensivegroupofWi-Fienthusiasts andjournalists.Eventhepictureweshowin Chapter32,WorkingontheRoad,wasofamark madebyafriendofMattJones! Weobjecttotheunfortunatechoiceof“war,” becauseitlendsitselftothepublicperception ofhackerinvolvement.Youcan’tcontrolthe evolutionoflanguage,butit’sabaddevelopmentwhenlegitimateandfunpurposesseem maliciousbecauseoftheirnames.
307
308
TheWirelessNetworkingStarterKit Figure25.8 Oneviewof warchalking.
Finally,althoughithasotherusesaswell,theUnix,MacOSX,andWindows utilityettercap(ettercap.sourceforge.net)isanetworktrafficsnifferthat’s optimizedforfindingpasswordsfromseveraldifferentprotocols,likeemail andFTP.Thebestuseofettercapisforconvincingpeoplethattheyshould turnonsomesortofpasswordprotection.Ataconferencewewereatrecently, oneguyranettercapallthetime,andwouldperiodicallycalloutthingslike“If yourusernameisace,youshouldchangeyourpasswordandturnonAPOP.” Ouradviceistoavoidettercap,sinceit’shardtoclaimyou’reusingitonlyfor legitimatepurposes.
ExtractingWEPKeys TheLinuxutilityAirSnort(airsnort.shmoo.com)isasimpletoolthatlistens toseveralmillionpacketsacrossanetworkandthenproducestheWEPkey. Yup,it’sthateasy.Don’tdoit. Actually,thereasontorunAirSnortistodeterminehowlongitwouldtakefor anintrudertocaptureenoughdatatobreakyourWEPkey.Ifitwouldtake 30minutes,youknowadditionalsecurityprecautionsareessential,butifit wouldtakeaweek,youknowthere’smuchlessreasontoworryaboutsomeone crackingyourWEPkey. NOTE Eventhoughwewarnedyoubefore,wewarnyouagain:checkwithalawyer ifyouhaveanyquestionsaboutthelegalityofusingAirSnort.Checkbefore yousuffertheconsequences.
26
SecuringDatainTransit
Inthelasttwochapters,we’vediscussedwhetherornotyoushouldworry aboutthesecurityofthedatacrossingyournetwork,andexplainedhowto preventpeoplefromaccessingyourwirelessnetwork.However,youmaystill findyourselfincircumstancesinwhichyouwantprotectionbutrestricting accesstothenetworkwon’thelp:
• You’resharingyourlocalwirelessnetworkorusingasharednetworkon whichencryptioncan’tbeenabled.
• You’reusingapublicwirelessnetworkinacoffeeshop,hotel,airport,or elsewhere,oracommunitynetworkinghotspot.
• Atleastoneofyourcomputerscan’tsupportWPA(Wi-FiProtected
Access),andtheuseofWEP(WiredEquivalentPrivacy)exposesyour wholenetworktoWEP’sproblems(seethepreviouschapter).
• Yourcorporationwon’tletyouuseanynetworkexceptthelocalonewithout usingsomeformofencryption.
Youdohaveanalternative:youcanencryptthedatabeforeitleavesyourmachine, andhaveitdecryptedonlywhenitarrivesatsomedestination.Bycreating end-to-endencryptionlinksusingstrong,currentlyunbreakablestandards, youcankeepyourdatacompletelysafefrompryingnetworksniffers.Evenif peoplecanjoinyournetworkandreachtheInternet—hijackingyourlink—they stillcan’tseeyourdata.Encryptingyourdataintransitisalotmoredifficult thansettingupaclosedWEP/WPA-protectednetwork,butit’seminently moresensible.
310
TheWirelessNetworkingStarterKit
TIP Anaddedbonusofencryptingdatafromendtoendisthatthedatayousend andreceivebecomescompletelyunreadablenotjustonyourwirelessnetwork, butalsooneverynetworklinkbetweenyourcomputerandthedestination machine.That’sthereasonlargeorganizationstypicallyrequiretheiremployees touseencryptiontechnology.
Welookatfourpopularcategoriesandmethodsofsecuringdata,rangingfrom simplepasswordprotectionuptofullnetworkencryptionofalldata.
EmailPasswordEncryption Evenifyouaren’tworriedthatpeoplemightreadyouremail,youshouldworry aboutprotectingyouraccountpasswords(Figure26.1). Figure26.1 Encryptingemail passwordsprevents themfrombeing stolen.
user: ace password: sparkle
user: ace password:
user: ace password: sparkle
Internet
user: ace password:
Attackercan’treadany passwordsprotectedby APOPandSMTPAUTH.
NOTE Don’tforgetthatmanyWebsitesuseusernamesandpasswordsmerelyfor identificationandthusdon’tusesecurepageswhenaskingforthosepasswords. Sincethesepasswordsareeasilystolen,makesurethey’redifferentfromyour emailpasswordsandpasswordstosensitiveinformation.
Therearetwoprimarymethodsofencryptingjustyourpassword,bothof whichrequiresupportinyourmailserver,thoughmostmodernmailservers havetheseoptions.YourISPornetworkadministratorhasprobablyalready enabledthem,requiringthatyoujustsetanoptioninyouremailprogram.
APOP APOP(AuthenticatedPOP)protectsyourpasswordwhenyouretrieve inboundemailfromaPOP(PostOfficeProtocol)server.Insteadofsending yourpasswordintheclear,APOPsendsaunique,per-sessiontokenthatthe serverusestoconfirmthatyouremailprogramknowsthecorrectpassword. Thetokencan’tbereusedorreverseengineered.
Chapter26 | SecuringDatainTransit
APOPdoesnotencryptemailmessagesordoanythingotherthanprotectyour password.Werecommenditasasensibleminimumsecurityprecaution;most homeuserswon’tneedtheprotectiondescribedintherestofthischapter.
SMTPAUTH SMTP AUTH (the AUTH part is actually an SMTP command), or AuthenticatedSMTP,identifiesyoutoyourSMTPserverwhenyouwantto sendoutgoingmessages.Technically,there’snoreasontorequireauthentication forsendingemail,butAuthenticatedSMTPhasbecomecommonplacein thisageofspam,becauseifanSMTPserverrequiresSMTPAUTH,that preventsaspammerfromsendingspamthroughthatserver.SMTPAUTH typicallyusesthesameusernameandpasswordthatyouuseforcheckingmail viaPOPorIMAP. TIP AnotherbenefitofSMTPAUTHisthatitenablesyoutosendemailfrom anywhereontheInternet(suchasfromawireless-enabledcoffeeshop inanothercity),insteadofjustfromspecificnetworklocationsthatyour systemadministratorhasdefined.ManyWISPs,likeBoingoWireless,offer AuthenticatedSMTPforoutboundemailontheirnetworks.
Unfortunately,notallserversthatauthenticateoutboundtrafficrequire encryptiontoexchangeyourlogininformation.There’snowaytoknowunless youaskyoursystemadministratororISPandcheckthatyouremailprogram canencryptSMTPAUTHtransactions.
ContentEncryption Althoughwerecommendprotectingyourpasswords,thereisamiddleground betweenencryptingpasswordsandencryptingallyourdata—usingcontent encryptiononspecificfilesandemailmessages.Thisapproachletsyouprotect thepiecesofcontentthatyoufeelarethemostsensitive. Contentencryptionmakesitalmostimpossiblethatanyoneotherthanyour intendedrecipientcouldreadthefileoremailmessage,eveniftheyobtained accesstoyourmachine,amailserver,ortherecipient’scomputer.That’sbecause whenyouencryptcontentmanuallyonyourend,itusuallyrequirestherecipient todecryptitwithamanualactionontheotherend. Themostpopularsoftwarethatencryptsthecontentsofmessagesorentirefiles isPGP(PrettyGoodPrivacy).PGPusespublic-keycryptographytosecurea messagesoonlytheintendedrecipientcanreadit(Figure26.2).
311
312
TheWirelessNetworkingStarterKit Figure26.2 Encryptingemail messagesand specificfileswith PGPprevents crackersfrom readingjustthose messagesorfiles. Attackercan’tread anymessagesandfiles encryptedwithPGP.
NOTE ThePGPproductwassoldbyitsdeveloperstoNetworkAssociates.In2002, NetworkAssociatessolditbacktoPGPCorporation(www.pgp.com),which hasreleasednewfreeandcommercialversions.
TIP Anopen-sourcealternativetoPGPisGPGorGNUPrivacyGuard( www. gnupg.org);aMacversionisalsoindevelopment(http://macgpg.source forge.net).GPGworkswithmostfilescreatedbynewerversionsofPGPand viceversa,butreadtheGPGFAQifyouplantousethetwotogether.
HowPublic-KeyCryptographyWorks Inpublic-keycryptographysystems,eachusergeneratesapairofkeys,one public,oneprivate.Usingcombinationsofthosekeys,userscansignfilesor messagestoprovethattheysentthemandcanencryptfilesormessagesso onlytheintendedrecipientcanopenthem.Thekeysworktogetherlikepuzzle pieces—ifsomeoneencryptssomethingwithyourpublickey,onlyyourprivate keycanopenit.And,ifyousignsomethingwithyourprivatekey,onlyyour publickeycanverifythatyousignedit.
GettingStarted Asanexample,assumethatGlennandAdamsetupPGPsotheycanexchange encrypteddraftsofthisbookwithoutconcernaboutindustrialspiesfrom otherpublisherssneakingalookbeforethebookispublished.(Inreality,we’re nowherenearthatparanoid.) Thefirststepinpublic-keycryptographyistogenerateapublickeyanda privatekey.Alongwiththekeys,youmustgenerateapassphrasethatenables youtodecryptandunlockyourownprivatekeywhenyouwanttouseit.Adam andGlennbothrunthroughthesesteps,sotheyeachhavepublicandprivate keys,andthentheysharetheirpublickeyswitheachother.Now,here’show theycanusetheirkeys.
Chapter26 | SecuringDatainTransit
AdamwantstosendGlennanextremelyimportantemailmessageregarding thebookschedule.Adam’snotworriedaboutsomeoneelseseeingthismessage, buthedoeswanttomakecertainthatGlennbelievesitcomesfromhim,and hasn’tbeenforgedbysomejokerontheInternet.(Emailforgeryisremarkably simple,thoughdoingitinsuchawaythatitcan’tbetracedeasilyoridentifiedas aforgeryismoredifficult.)SoAdamsignsthemessageusinghisprivatekey. WhenGlennreceivesthemessage,hecanreaditwithnoextraeffort,butto verifythatitdidindeedcomefromAdam,heusesAdam’spublickeytocheck thesignature.Whentheymatch,Glennknowsthatthemessageislegitimate (Figure26.3).Hadsomeoneusedanyotherprivatekeytosignthemessage,it wouldn’thavematchedwithAdam’spublickeyandthesignatureverification wouldhavefailed. Figure26.3 Signingand verifying amessage.
Hi Glenn, Looks
Hi Glenn, Looks
like we may finish
like we may finish
a bit early.
a bit early. —Adam
Adamsignsthemessage withhisprivatekey.
—Adam
GlennusesAdam’s publickeytoverify themessage.
Next,assumethatGlennwantstosendAdamadraftofthebook,butbecause he’sworriedthatoneofhisneighborsmaybeeavesdroppingonhiswireless networktraffic,hedecidestoencryptthefilebeforesendingit.Thistime,Glenn usesAdam’spublickeytoencryptthefile,andthensendsthefilealong.When Adamreceivesthefile,heuseshisprivatekeytodecryptit(Figure26.4).If someoneweretointerceptthefileandtrytodecryptit,shecouldn’tbecause onlyAdam’sprivatekeycandecryptfilesencryptedwithhispublickey. Figure26.4 Encryptingand decryptinga document.
Glennencryptsthefile withAdam’spublickey. Adamdecryptsthefile withhisprivatekey.
TIP Youcanseefromthisexamplehowimportantitisthatyoukeepyourprivate keysafeanddon’tshareitwithanyone.Ifsomeoneweretolearnyourprivate
313
314
TheWirelessNetworkingStarterKit key,thatpersoncouldpretendtobeyouandcoulddecryptanyencrypted informationsenttoyou.Inreality,ifyourprivatekeywerecompromised,you’d havetorevokeitspublickeypartner.
DistributingKeys Thefactthatpublickeyscanbesharedwithoutjeopardizingencryptioniswhat makesthepublic-keycryptographymethodunique.Butsharingpublickeysis alsoanAchillesheel:howdoyoudistributeyourpublickeyandreceivekeys fromothersforthefirsttransaction?Youcanjustsendittopeopleinemail; includeitinyouremailsignature;putitonyourWebsite;orpostittoapublic directory,calledakeyserver(suchaskeyserver.pgp.com,whichisavailablefrom withinPGP). Althoughthesemethodsallwork,noneofthemarewatertight,because someonebentonimpersonatingyoucouldforgemailfromyouorpostakey toakeyserverwhilepretendingtobeyou.Oncethefakekeyisoutinthewild, revokingitistricky. Thesolutionisforpeopletoexchangekeysinwaysthatensuretheotherparty’s identity.Forinstance,GlennandAdamcouldhavecreatedtheirpublickeys whileatlunchtogether;beingabletoseetheotherpersonacrossthetableis asmuchverificationofidentityasisusuallynecessary.Slightlylesssure,but morereasonable,isusingatelephoneorfaxmachine;inthosecasesyoudon’t readoutorwritetheentirepublickey(whichiswaytoolongforaccurate transcribing).Instead,youconveyashortersequenceoflettersandnumbers thatverifiestotheotherpersonthatthepublickeyyou’vesentthemisindeed yourpublickey—thesequenceoflettersandnumbersiscalledafingerprint. Somepeopleputtheirfingerprintsintheiremailsignatures,assumingthata recipientcanemailthemtoverifyidentity. TIP PGPoffersaneatfingerprintingmethod:itassociatesuniquewordswith eachnumberfrom0to255inhexadecimaltomakeiteasiertoreadout. Glenn’sfingerprintstarts“soybeandrunkenstormyuncutOakland.”Sounds likeBeatpoetry.
Luckily,althoughitcanbetrickytoverifythatapublickeydoesindeedbelong toaspecificperson,theworstpossibleoutcomeisthatsomeonecoulddistribute apublickeyunderyourname,thusbringingdocumentsostensiblysignedby youintoquestion.Butwhensomebodysendsyouanencryptedfileormessage thatusesthisfakepublickey,youcan’tdecryptitwithyourprivatekey.This shouldalertyoutopotentialproblems,butyoursecurityisintact.
Chapter26 | SecuringDatainTransit
Onceyouhaveapublickeyforsomeoneandhaveverifiedwhosheis,youcan exchangemessagesforthelifeofthekey.Manypublickeysaresettoexpire onacertaindateforadditionalsecurity.
UsingPGP Specialsoftwareisnecessarytosignorencrypt(andverifyordecrypt)files andmessagesusingPGP.Youcaneitherdownloadfreeversionsorbuya commercialversion—bothfromPGPCorporation(www.pgp.com).(Thefree versionisslightlyhiddenontheProductspage.) Thecommercialversioncomeswithvariouslevelsoftechnicalsupportand includesmountable,encrypteddiskimagesandplug-insforpopularemail programs,suchasMicrosoftEntourageforMacOSXandLotusNotesfor Windows.TheMacOSX-onlyMailsmithemailclient,whichGlennswears by,hasbuilt-inPGPsupportallowingyoutoautomaticallysignalloutgoing messages,amongothershortcuts(Figure26.5). Figure26.5 Mailsmith’sbuilt-in supportforPGP.
Mailsmith’soptionsforPGP.
Insideanyemailprogramthathasplug-ins,youcancomposeamessage,selectan option,andhavethemessagereplacedwithitsencryptedversionbeforesending. Likewise,youcandecryptanincomingmessagewithamenuselection.
SSH(SecureShell) SSHwasoriginallycreatedasawaytoestablishencryptedterminalsessionsthat tunnel—orcreatesimpleend-to-endconnections—betweenaclientcomputer andaservercomputer(Figure26.6).SSHwasnecessarybecausethetelnet protocolsentallinformationintheclearasplaintext,allowinganynetwork snoopertograboftencriticaldata. SSHhasexpandedfarbeyondthisoriginalpurpose.Itnowletsyoucreate tunnelsforanykindofprotocol,whetherPOPandSMTP,FTP,Web,oreven TimbuktuPro.Itdoesthiswithatrickcalledportforwarding,whichconnects alocalportonyourcomputerwitharemoteportonaserver.
315
316
TheWirelessNetworkingStarterKit Figure26.6 Creatingasecure tunnelwithSSH protectsdatainside thetunnel.
Attackercan’treadanyFTP trafficinsidetheSSHtunnel.
WithSSH,you’reprotectingbothpasswordsandallthecontentthatyousend orreceiveviathespecificInternetservicesyouchoosetotunnel.
HowSSHWorks SSHencryptstheentirecontentsofanysession,andit’sconsideredhighly secure.SSHdoesn’t,bydefault,useoutsidetrust:theinitialexchangebetween aserverandaclienttosetupatrustedrelationshipforfuturesessionsrequires eitherblindfaithortheuseofaconfirmationcode,alsocalledafingerprint. NOTE AnSSHservergeneratesafingerprintforitsencryptionkey,andwhen youconnectforthefirsttimefromaclient,youcandouble-checkthatthe fingerprintyourclientseesisidenticaltotheoneontheserver.Ifyourunyour ownserver,youcanretrievethefingerprintyourself(seethedocumentation forOpenSSH).Otherwise,askasystemadministrator.
NOTE SSHusespublickeyencryption,asdescribedabove,asthefirststepofa session.Aftertrustisestablishedbyexchangingpublickeys,asessionisstarted byencryptingamuchshortersessionkeywithapublickey.Theserverand clientcansafelyconfirmtheshorterkey.Ashorterkeyspeedsencryptionfor real-timedatatransfer.
PortforwardingwithSSHinvolvesconnectingaportonyourlocalcomputer withaportonaremotemachineusinganencryptedSSHtunnelasthe connector.Forinstance,ifyouwanttoretrieveemailviaanSSHtunnel,you firstsetupthetunnelbetweenthePOP(PostOfficeProtocol)port(110)on yourcomputerandtheremoteserver’sPOPport.Thenyouconfigureyour emailprogramtoretrieveemailfromIPaddress127.0.0.1,whichisageneric aliasforyourlocalmachine,onthatsameport110.
Chapter26 | SecuringDatainTransit
TheSSHsoftwareinterceptsrequestsforconnectionsonthatportfromyour mailprogramandforwardsthoseconnections,securelyencrypted,tothemail serveryouspecify;responsespassalongthesameencryptedtunnel. ThemaindrawbackofSSHisthatyoumusthaveaccesstoaserverthatcanrun SSHonitsendoftheconnection.(IttakestwototangointheSSHtunnel.) YoumaybeabletoavoidthisproblembyrunningyourownSSH-equippedor -capableserversorbyworkingwithanISPoranetworkadministratorwilling tosetuptheconnection. TIP IfSSHisn’tanoptiononyourservers,youcantryservicessuchasAnonymizer.com (www.anonymizer.com)thatofferfor-feeSSHtunnelingservicesaswellaswhat thecompanycalls“privatesurfing”usingSSLencryptiondescribedlaterin thischapter.
SSHSoftware SettingupanSSHconnectionrequiresadditionalsoftwareforallWindows usersandforMacintoshuserswithversionsoftheMacOSbeforeMacOS X.Aswithmanyothertypesofsoftware,youcaneithertrysoftwarefromthe freeware/sharewareworldorpayforfull-fledgedcommercialsoftware. Inbothcases,thesoftwarehelpsyouconfigurealltheports,hostnames,and otherdetails,afterwhichyouclickasingleconnectbuttontoactivatethe forwardingconnectionthroughthegraphicalinterface. Forfreewareandshareware,checkoutthelistmaintainedatwww.openssh.com/ windows.html.SSHCommunicationsSecurityoffersanon-commercialversionof itsSSHsoftwareforWindowsatwww.ssh.com/support/downloads/secureshellwks/ non-commercial.html.Itscommercialofferingscanbefoundatwww.ssh.com. YoucanalsoobtaincommercialSSHpackagesfromF-Secure(www.f-secure.com) andVanDykeSoftware(www.vandyke.com).
FTP MacOSXuserscanalsouseFTPoverSSHwithInterarchy(www.stairways.com), asharewarefiletransferprogram.Interarchysupportstwomethodsthatitcalls FTP/SSHandSFTP(SSHFTP),bothofwhichuseSSH.Justtobeconfusing, SSHFTPissometimescalledSecureFTP,butSecureFTPserversmayalso useSSLinsteadofSSH:there’sseeminglynostandardterminology. There’sasimilarprogramforWindowsfromtheopen-sourceworldcalled WinSCP(http://winscp.sourceforge.net/eng/).
317
318
TheWirelessNetworkingStarterKit
TIP What’sthedifferencebetweenanFTPsessionencryptedwithSSHandone encryptedwithSSL?WithSSL,theFTPservermusttalktheSSLlingo.With SSH,anFTPclientcantryafewmethodsthatdon’trequirespecialsupport fromtheFTPserver.
TerminalSSH BecauseSSHispartofmostUnixandLinuxdistributions,anditisbuiltinto theMacOSXUnixcore,it’sfrequentlyinvokedfromaterminalpromptusing acommandline.
SettingUpForwarding Atanyprompt,orinascriptthatyouwriteandthenexecute,enterthe following: ssh -l username -L port:host.domain:port host.domain -f -N -C
Forinstance,ifuser“billg”hadSSHaccessonhisPOP(whichusesport110) mailserver“mail.example.com”,theSSHcommandwouldbe: ssh -l billg -L 110:mail.example.com:110 mail.example.com -f -N -C
NOTE Fortheextra-geeky,thecommandlineswitches(thepartswithadash,followed byaletter)mean:-l=user,-L=forwardports,-f=don’texitifterminalis closed,-N=don’tbufferorwaitforoutput,and-C=compress.
Youcanputallyourportforwardingcommandsonasinglelinebysimply addinganother-L.Inthisexample,we’realsoforwardingport25(SMTP) andport80(Web): ssh -l billg -L 110:mail.example.com:110 -L 25:mail.example.com:25 -L 80: mail.example.com:8080 mail.example.com -f -N -C
Notethelastitem,80:mail.example.com:8080.ItforwardsWebrequests(port 80)toport8080onthefarsideoftheconnectionwhere,inthisexample,a proxyserverlivesthatreceivesrequests,sendsthem,andreturnsthemtothe requestingmachine.Foradditionalsecurity,youcanforwardrequestsfrom oneporttoacompletelydifferentportontheremotemachine.Thiscanhelp preventcertainautomatedattacks. Whenyoushutdown,putyourmachinetosleep,orchangewirelessnetworks, youmustreinitiatetheSSHconnection.YoumayhavetostopthecurrentSSH connectionsfirst,however.Toaccomplishthistask,GlennrunsthesmallPerl
Chapter26 | SecuringDatainTransit
scriptbelow.Replacehostname.domainwithyourfullyqualifiedhostname,and substituteyourusernameforusername.Also,addany-Lstatementsyouneed forportsotherthanthePOPandSMTPportsthatwelisthere. #!/usr/bin/perl @jobs = grep(/ssh -C/, `ps auxw`); foreach (@jobs) { (undef, $job) = split /\s+/; `sudo kill -9 $job`; print "Killed ssh job $job\n"; } system("sudo ssh -C -l username hostname.domain \ -L25:hostname.domain:25 -L110:hostname.domain:110 -p 23 -N -f");
TIP Ifyou’veneverusedPerlbefore,typethescriptintoatexteditorandsaveitasa textfile(notasaWorddocumentorotherformatteddocument)inyourhome directorywiththenametunnel.pl.Ataterminalprompt,typechmod u+x tunnel.Then,whenyouwanttoexecuteit,justnavigatetothedirectorythat holdsthescriptandtypethescript’snameprecededbyaperiodandaslash: ./tunnel—don’ttypeaperiodoranythingafterthel.
UsingSCP(SecureCopy) Forjustlimitedfilecopying,youcanuseacommandlinetoolcalledscpor securecopy,whichusesSSHbehindthescenestocopyfilesfromonecomputer toanother.Thesyntaxforthecommandis: scp -C localfile [email protected]:/path
Thesoftwarepromptsyouforapasswordafteryouenterthiscommand.You canalsousewildcardstomatchthelocalfile,suchas*.htmltomatchallfiles thatendwith.html. Werecommendincludingthe-C flag,whichcompressesdatabeforeit’ssent, thusreducingthetimeittakestotransmitfiles.
SSL(SecureSocketsLayer) SSLwasinitiallydevelopedtosecurefinancialtransactionsontheWeb,butit isnowwidelyusedtosecureInternettransactionsofallkinds. SSLsolvesthe“sharedsecret”problemfoundinWEPbyusinganexpanded versionofpublic-keycryptography(see“ContentEncryption”earlier).Insteadof requiringthatpeopleagreeonasecret(theencryptionkeyinWEP)inadvance orrequiringthatpublickeysbepublished,anSSL-equippedbrowserandserver
319
320
TheWirelessNetworkingStarterKit
useatrustedthirdpartyknownasacertificateauthoritytoagreeoneachother’s identity.(SSHdependsonfingerprintingforthesameeffect,althoughyoucan alsostorepublickeysoncomputersthatwanttocreatesecuredtunnels.) Typically,SSLisusedforshortsession-basedinteractions,likesendingcredit cardinformationviaaWebform.Butitcanbeusedtoencryptemailsessions (sendingandreceiving)includingtheentirecontentsofemailfromtheclient totheserver,forFTP(inaformknownasSecureFTPeventhoughsome flavorsofSecureFTPworkonlywithSSH),andformanyothertransaction types.SSLworksforanyInternetservicethatexchangesdatainchunksrather thanasastreamofinformation.(Forexample,youcanuseSSLforinstant messaging,butnotforRealAudiomusicplayback.) BecauseSSLcanbeverifiedbyathirdparty,youdon’thavetorelyontrust (blindorconfirmed)asyoudowithSSH. YoucanalsoworkwithSSLwherethere’snocertificateauthority,justapersonal certificateorself-signedcertificate.Thiscertificateisn’tsignedbyanotherparty, butforcertaincases,likeaprivatemailserver,it’sgoodenough.Someprograms don’tliketheseself-signedcertificates,andmightcauseyougrief.Entourage forMacOSX,forinstance,requiresthatyouacceptthecertificatethrough InternetExplorer(somehow)beforeitallowsyoutosendemail. NOTE SSLisnowwidelyusedbecausetheunderlyingpatentsexpired.Often,the developersreplacethenameSSL(Netscape’scoinage)withTLSorTransport LayerSecurity.Forinstance,inEAP-TLS,whichisusedwith802.1X,an encapsulatedauthenticationprotocolmessageissecuredwithSSL.
UnlikeSSH,inwhichyoucanconnectanytwoarbitraryportsthrougha tunnel(porttoport),SSLworksfromprogramtoprogram,withtheclient encryptingdataandtheserverdecryptingit(Figure26.7).But,justlikeSSH, alldatasentoverthattunnel,includingpasswordsandallsentandreceived content,issecurelyencrypted.
HowSSLWorks WhenyouconnecttoanSSL-protectedWebpage,yourWebbrowserand theremoteWebservermustnegotiatetheexchangeofkeys. First,yourbrowsersendsamessagethatonlytheservercanread,andtheserver usesinformationinthatmessagetopackageapublic-sessionkeyalongwith thecertificate.Next,theserversendsthepublic-sessionkeyandcertificate toyourbrowser,whichthenverifiesthatthecertificatecomesfromatrusted
Chapter26 | SecuringDatainTransit
Figure26.7 Encryptingselect transactionswith SSLprotectsjust thecontentsofthat transaction. Internet
Attackercan’treadany trafficencryptedwithSSL.
certificateauthorityandthattheserver’ssessionkeyislegitimate.Becausethis firstexchange,whenconductedwiththird-partycertificates,isentirelysecure andtheserver’skeysareverifiedindependently,thesessionkeycanbeused withnoworriesthatitwasintercepted.
EnablingSSL IncontrastwithPGPandSSH,whenitcomestoSSL,youseldomneedto enterapassword,runascript,oruseaseparateprogram.Theclientsoftware handlescommunicationandauthenticationjustasitwouldwithanunencrypted connection.WiththeWeb,modernbrowsersandserversuseSSLwhennecessary (assumingthewebmastershavesetitupproperly).Youcantellwhenyouare viewinganSSL-protectedWebpagebecausethere’softenalittleclosed-lock iconinoneoftheextremecornersofthewindow.Also,lookforthetelltalesign inaURL:insteadoftheURLstartingwithhttp,itstartswithhttps. ManyemailprogramssupportSSL,andturningonSSLsimplyrequiresthatyou setanoption,oftenhiddeninanadvancedconfigurationdialog.Unfortunately, notallmailserverssupportSSL,andofthosethatdo,notallhandleSSLinthe sameway.Asaresult,someSSL-capablemailserversaren’tcompatiblewith someSSL-capableemailprograms.TolearnifSSLisanoptionforprotecting youremail,checkwithyourISPorsystemadministrator,orbesuretoinstall amailserverthatiscompatiblewiththesoftwareyou’vechosentouse. TIP Inthemiddleof2003,PGPCorporationreleasedamailproxythathandles everykindofencryptedconnectionforeverykindofemailprogram.Thislets systemadministratorsavoidsupportingmultipleconfigurations.
321
322
TheWirelessNetworkingStarterKit
FTPcanbesecuredwithSSLbyusingfreeandcommercialsoftwareaslongas theFTPserveryouwanttoconnecttohandlesSSLconnections.Onthefree side,checkoutGlubTech(www.glub.com)tofindaJava-based,secureFTPclient. Onthecommercialside,readthearticle“SecureFTP101”tofindanoverview ofsecureFTPandalistofcommercialsoftware(www.intranetjournal.com/ articles/200208/se_08_14_02a.html).Also,varioussoftwarecompanieshave addedSSLsupporttotheirFTPclientsoftware.(OtherFTPpackageshave optedforSSH;seedetailsunder“SSH(SecureShell),”above.) TIP AUnixandWindowspackagecalledStunnel(www.stunnel.org)letsasystem administratoraddSSLtopracticallyanyservicebywrappingSSLaroundexisting serversoftwareinsteadofrequiringadifferentFTPoremailserver.
VPN(VirtualPrivateNetwork) Asyou’veundoubtedlynoticed,alltheencryptionsolutionswe’vediscussed sofararespecifictoatypeofInternetservice,specificfilesormessages,or certainsoftware.Whynotjustencrypteverything?ForthatyouneedaVPN,or virtualprivatenetwork.VPNsaretheultimatesolutionforsecuringyourdata becausetheycreateanencryptedpipe,calledatunnel,betweenyourcomputer andaVPNserver.Sincethedatayousendorreceive—email,FTP,Web,and anythingelse—betweenyourcomputerandtheVPNserverisencrypted,you don’thavetoworryaboutanintruderbreakingintoyourwirelessnetwork. Evenifsomeoneweretobreakin,shecouldn’tdecryptthetunnelthatcarries allyourcommunications(Figure26.8). ThedownsidetousingaVPNisthatsettingupaVPNserverisnottrivial.It requiresdedicatedhardware,aswellasongoingmonitoringandmaintenance. Apple’sinclusionofVPNserversoftwareinitsMacOSXServer10.3 package—$499or$999for10orunlimitedusers,respectively—mightease thecostanddifficultyenormously. Also,atleastonequasi-ISP,BoingoWireless,letsyoucreateaVPNtunnel usingitsVPNservers.BoingoisanationalwirelessISPthataggregatesaccess fromotherwirelessnetworks,providingasingleloginaccountandasinglebill, nomatterwhichoftheirpartners’wirelessISPnetworksyoumightuse(see Chapter28,FindingWi-FiontheRoad).Boingo’sWindowsclientsoftware featuresabuilt-inVPNclient.Whenyouconnecttoawirelessnetworkusing thisclient,theVPNsoftwaretunnelsalltraffictoBoingo’snetworkoperations center,atwhichpointit’sdecryptedtotraversetherestoftheInternet.
Chapter26 | SecuringDatainTransit
Figure26.8 Encryptingalltraffic insideaVPNtunnel.
Attackercan’treadany trafficatallbecauseofthe encryptedVPNtunnel.
NOTE BoingoplansaMacclientaswell,andmaychargeamonthlyfeetouseits VPNserviceandauthenticatedSMTPoutboundmailserver.
TwopopularprotocolsareusedforVPNs:PPTP(Point-to-PointTunneling Protocol)andIPsec(shortfor“IPsecurity”).MicrosoftdevelopedPPTP, soPPTPclientsoftwareshipswithmostversionsofWindows.Inaddition, PPTPisbuiltintoMacOSX10.2andlater,andPPTPclientsareavailable forUnixandLinux. SecurityexpertsconsiderIPsecamorerobuststandard,andIPsecclientsoftware iswidelyavailableforWindows,aswellasbuiltintoMacOSX10.2atthe commandlineandinto10.3intheInternetConnectsoftware(Figure26.9). NOTE IPsecusedwithVPNsistechnicallycalledIPsec-over-L2TP,becauseIPsecisan encryptionprotocol,whileLayer2TunnelingProtocolisthemethodofrunning IPsecoveranInternetconnection.We’vealsoseenitcalledL2TP-over-IPsec forreasonswecan’texplain.
GraphicalclientsaregenerallynecessaryforIPsecbecauseitissubstantially morecomplicatedtoconfigurethanSSH,currentlyrequiringanumberof configurationfilesandcommand-linesettings. VPNsusingIPsecoftendon’tworkoverwirelessnetworksthatuseNAT becauseofhowthecontentisencrypted.TheVPNserverneedstoseeaspecific, publicIPaddressattachedtotheclient,butbecauseNATrewritespacketsto includetheIPnumberoftheNATgatewayinsteadoftheactualclient,there’s amismatchthatdisablesstartingaconnection.However,manygatewaysand accesspointshavebeenupdatedinthelastyeartosupportIPsec.Ifyouraccess pointdoesn’tsupportIPsec,seeifthemanufactureroffersafirmwareupgrade, orbuyanaccesspointthatcanhandleit.
323
324
TheWirelessNetworkingStarterKit Figure26.9 Connectingtoan IPsecVPNin MacOSX10.3and WindowsXP.
Ourbottomline:ifyouneedtouseanexistingVPN,yourcompanyalmost certainlyoffersinternalsupporttohelpyouconfigureit.Ifyouwanttosetup aVPN,youshouldinvestigatetheoptionsandseeiftheyofferenoughbenefits tooutweightheinitialandongoingcosts;weoffersomeinsightintothisin Chapter22,SmallOfficeWi-FiNetworking. MostlargeorganizationshaveadoptedVPNsasacomprehensiveapproach tosecurityforemployeesconnectingfrominsecureremotelocations,suchas theirhomewirelessnetworks.
27
ProtectingYourSystems
Onepartofsecurityisprotectingyourdataintransit;theotherpartis protectingyoursystems—yourcomputers,anyInternetserversyourun,your wirelessgateway,andsoon—fromonlineintruders.Becausewirelessnetworks potentiallyexposeyoursystemstoattackerswhowouldneverhavethesame kindofaccessonawirednetwork—unlesstheybrokeintoyourhouseor business—youneedtoexercisegreatercarewhenprotectingyourcomputers onwirelessnetworks. NOTE Wecouldgointogreatdepthhere,butthistopictakesusfarafieldfromwireless networkingitself.Instead,ifyou’reinterestedinreadingmoreaboutthistopic, werecommendcheckingoutInternetSecurityforYourMacintosh:AGuide fortheRestofUsbyAlanOppenheimerandCharlesWhitaker.Althoughthe bookisfullofhow-toinformationforMacusers,theconceptualoverviews applytoMac,Windows,Linux,andUnix.
Youcansecureyourcomputersagainstsnoopingorattackintwoways:an activefirewallornetworkaddresstranslation.Youcanusethemseparatelyor, foradditionalsecurity,combined.Andofcourse,it’sessentialtoruncurrent anti-virussoftware,particularlyifyouuseWindows.Butfirst,whyworry?
WhyWorry? Youmightthinkthatyoudon’tneedtoprotectyourcomputers,but,unfortunately, thereareseeminglyhundredsofthousandsofbored,amoralpeopleoutthere, constantlyandautomaticallyscanninglargeblocksofInternetaddressesfor weaknesses.Thesedays,itcanbeonlyamatterofminutesafteracomputer
326
TheWirelessNetworkingStarterKit
firstreceivesapublicIPaddressbeforethefirstattackislaunchedagainstit. Mostoftheseattacksareentirelyautomatedusingscriptsdeployedbyscript kiddies,orinexperiencedcrackerswhouseprefabricatedsoftware. Theseattacksfocusonknownbugsinsoftwarethatallowaremoteprogram orpersontoinfiltrateyourcomputerandtakecontrolofsomeofyoursoftware ortheentireoperatingsystem.Oncetheattackerhasestablishedthatlevelof control,hecaneitherdestroyyoursystemorinstallsoftwarethatattacksother computers,turningyourcomputerintowhat’scalledazombie. Don’tassumethatattacksnecessarilycomefrompeople.It’sevenmorelikely thatyourcomputerwillbeattackedbyawormthat’salreadytakenover someoneelse’smachine.Wormspropagateviruseswhichinturnpropagate worms.Thevirusmayalsocauseotherdamageorturnthecomputerintoa zombieforlaterattacks. NOTE We’renotkiddingaboutbeinginfectedwithinminutesofturningonanew computer.GlennwastestingaWindowsXPHomelaptopinAugust2003:he had—nojoke—poweredthemachineupandhadjustrunthebrowserwhen themachinewasinfectedandrebooted.HewasabletodownloadtheBlaster patchonthenextgoroundandfixit.Butithadbeenoneortwominutesat mostbeforetheinfectiontookplace.
MostattacksareaimedatcomputersrunningsomeversionofMicrosoftWindows orothersoftwarefromMicrosoft,suchasOutlookorInternetInformation Server.Microsofthaspatchedknownholes,butmanyWindowsusersdon’t downloadandinstallthesesecuritypatches,leavingtheircomputersopento furtherexploitationandinfection. TIP Ifyou’reusingWindows,putthisbookdownrightnowanduseWindows SoftwareUpdatetoinstallallsecuritypatchesreleasedbyMicrosoft!Ifyou’re aMacorUnixuser,makesuretoencourageallyourWindows-usingfriends andcolleaguestodothesame.Ifeveryonewouldjuststaycurrentonsecurity patches,mostwormswouldhavemuchlessimpact.
AlthoughsomevirusesexistforMacs,thenumberisafraction(andavery smallfraction,atthat)ofthoseaimedatWindows,whichreducestheworry forMacintoshusers.Also,sinceMacsareamuchsmallerpercentageofthe overallmarket,mostcrackershaven’tbeenparticularlyinterestedinbreaking intoMacs.It’salsoverydifficulttoforceaMacusertoexecuteanattachment inanemailprogramunintentionally,ortoconvinceaMacintoshemailprogram toexecutemaliciouscodeattachedtoanemailmessage,whicharetwoofthe primarymethodsbywhichWindowsvirusesspread.
Chapter27 | ProtectingYourSystems
Whenyoucombinethatlackofinterestwiththearchitecturalaccidentsthat madeMacOS9andearlierhighlysecure,youcanseewhyMacshaven’t sufferedmuchfromsecurityconcerns.ThatischangingnowthatAppleuses UnixunderneathMacOSX;althoughUnixisn’tinherentlyinsecure,it’sa morelikelytargetforcrackers,andsecurityholesinwidelyusedprogramslike Apacheareregularlyreported.ButMacOSXandthevariousflavorsofUnix systemsseemtoresistspreadingdisease:attacksgenerallycompromiseone boxatatime.LikeMicrosoft,Appleregularlyreleasessecurityupdatesviathe SoftwareUpdateutility;wealwaysrecommendinstallingthem. Otherattacksusewhat’scalleda“denialofservice”(DoS)approach,where theattackersendssomuchdatatoyourcomputerthatit’soverwhelmed.DoS attacksdon’tcausedamage,perse,buttheypreventnormaloperationandcan bedifficulttoshutdown.They’reunfortunatelyquitefrequent. NOTE ADoSattackoncesaturatedAdam’sdedicatedInternetconnection;onlycalling hisISPandhavingitblocktheoffendingtrafficfixedtheproblem.
Theentireissueofprotectingyourcomputerbecomesmuchmorecomplicated whenyou’reroaming.Thewirelessnetworksthemselvescouldbeuntrustworthy (istheInternetcafé’sresidentgeekprobingyoursystem?)oracrackeratthenext tablecouldbeprobingyourcomputerdirectly.Remember,ifsomeonecanmonitoryourunencryptednetworktrafficandstealyourpasswords,shecanoftenuse thosepasswordstoenteryourmachineitselfwhileit’sstillonthenetwork. Alittleprecaution,suchasencryptingyourpasswordsandinstallingafirewall, goesalongwaytowardpreventinganoceanofpainandsuffering.Evenmore important,alwaysbackupyourdatabeforeyoutakealaptopontheroad—even ifyou’recompletelysafefromcrackers,youmaydropandbreakthecomputer whilegoingthroughanairportsecuritycheckorsomeonemaystealitwhile you’relookingtheotherway.Everyonewilllosedataatsomepoint,andthose withbackupswillsuffertheleastbecauseofit.
Anti-VirusSoftware Therearetensofthousandsofvirusesthatcanattackcomputersrunning MicrosoftWindows,andafewviruseshavebeenreportedforcomputersrunning theMacOSandUnixaswell.Thesevirusesuseavarietyofmethodsofinfecting computers,andalthoughmanyareessentiallyharmless(perhapsonlycausing crashesduetopoorprogramming),manyothersareinherentlymalevolent,with codethatcausesthemtodeleteorcorruptfilesoreveneraseyourharddisk.
327
328
TheWirelessNetworkingStarterKit
Equallyasproblematicaremacroviruses,whichliveinsidedocumentswritten withprogramsthathavesomesortofscripting—theymostcommonlyinfect MicrosoftOfficedocumentsduetoOffice’sbuilt-inscriptingsupport. TIP Avenuesforinfectionincludeinsertinganinfectedremovable-mediadiskfrom afriendintoyourcomputer,downloadinganinfectedfilefromtheInternet, receivingandopeninganinfectedattachmentviaemail,beingattackedover theInternetbyanautomatedprogram,andmore.There’snowaytoclose everypossiblewayyoucouldbeinfected(althoughexercisingcautionisalways worthwhile),whichiswhyanti-virussoftwarethatconstantlyscansyour computerissoimportant.
Putbluntly,ifyou’reusingaWindowscomputer,youwilleventuallybeinfected byavirusunlessyourunanti-virussoftwareandyoukeepituptodate.Since somanyWindowsvirusesappeareverymonth,makersofanti-virussoftware alwaysprovideanautomaticupdateservicethatensuresthattheirsoftware canidentifyanderadicatenewlydiscoveredviruses. Numerouscompanieshavesprunguptoprovideanti-virussoftware,butthetwo mostcommonpackagesareNortonAntiVirusfromSymantec(www.symantec.com) andMcAfee’sVirusScan(www.mcafee.com).Ourimpressionisthatmostantiviruspackagesarefairlycomparableintermsofbasicfunctions,soyou’llwant tochooseamongthembasedonprice,usability,support,andotherfeatures. Wedon’tcarewhichyouchoose,justmakesureyourunsomeformofantivirussoftwareandkeepituptodate.
ActiveFirewalls Anactivefirewallmonitorsalldataenteringandleavingacomputerornetwork. Itcouldbeinstalledonindividualcomputersoronanetworkgatewayorrouter. Activefirewallsexamineinboundandoutbounddataandblockparticularbits (andsometimesalertyou)ifthedatamatchescertaincriteria.Insideyournetwork, usingafirewallsoyournetwork’sservicesareopenonlytolocalcomputersis afinewaytodiscouragene’er-do-wellsfromwreakinghavoc. Inanactivefirewall,youcanchoosetoblockorpassonlycertainprotocols, onlyconnectionsthatusespecificportnumbers,oronlyspecificusers.Inlarger networks,youcancombineuserauthenticationwithafirewalltoensurethat onlycertainpeoplecancarryoutcertaintasksonthenetwork. Moreadvancedfirewallsoftwareidentifiespatternsofdata,andwhenit recognizesanattackpatterninprogress,locksouttheIPaddressthedatais
Chapter27 | ProtectingYourSystems
comingfrom,andoptionallyalertsyou.Extremelyexpensivenetworkfirewall hardwarecanrecognizethousandsoftheseattackpatterns. Manyfirewallsalsoletyousetaccessrulesthatvarybydayofweekandtime ofday.Thus,whenyou’repayingattentiontothenetwork,itcanoperateat alowerlevelofsecurity.Thismakesiteasiertocarryoutroutinetasksthat otherwisemightbetediouswiththefirewallinplace. Practicallyeverygatewaywe’velookedatincludesabuilt-infirewall,although thesebundledfirewallstendtobeprimitive.Refertoyourmanualfordetails onhowtoconfigureyourgateway’sfirewall. Ifyou’reroaming,orwantmoregranularcontrol,youcaninstallpersonal firewallsoftwareonindividualcomputers.YoucouldtryWindowsXP’s built-infirewall,butwerecommendthemorefull-featuredZoneAlarmPro (www.zonelabs.com)forWindows,apowerfulbuteasy-to-usepackagethat’s cheapandwellsupported.OntheMac,GlennswearsbyIntego’sNetBarrier X3(www.intego.com/netbarrier/).UnderMacOS9,AdamlikesSustainable Softworks’IPNetSentry(www.sustworks.com/site/prod_ipns_overview.html);in MacOSX,heusesthebuilt-infirewallorSustainableSoftworks’IPNetSentryX (www.sustworks.com/site/prod_sentryx_overview.html).Ifyouwantmorecontrol overMacOSX’sbuilt-infirewall,checkoutthesharewareBrickHouseutility athttp://personalpages.tds.net/~brian_hill/brickhouse.html. NOTE ZoneLabsoffersaversionofZoneAlarmthatworkshand-in-handwithsome Linksysgateways,liketheEtherFastBEFW11S4wecoverinChapter17,Setting upaGateway.SeeLinksys’sWebsiteatwww.linksys.comfordetails.
TIP Whenconfiguringafirewall,thestandardapproachistodenyallaccess, thenopenspecificholesinthefirewall.Thatway,it’smucheasiertofigure outwhat’shappeninginanattack,sincethesetofpossiblewaysthroughthe firewallissmall.Theonlydownsideisthatyoumustspendtimedetermining whichportstoopen.
TIP IfyouuseDantzDevelopment’sRetrospectbackupprogramorNetopia’s TimbuktuProremotecontrolprogram,youmightgocrazytroubleshooting connectionproblemswithcertainremotemachines.It’salmostalwaysbecause thefirewallison.ReadtheFAQsatwww.dantz.comandwww.netopia.com onwhichportstoopen.
329
330
TheWirelessNetworkingStarterKit
EnablingtheWindowsXPFirewall Commercialfirewallsoftwaremaygiveyoumoreoptionsandabetterinterface, butthebuilt-infirewallsoftwareinWindowsXPwilldothejob. InWindowsXP,followthesedirectionstosetupafirewall: 1. OpenControlPanel,andthendouble-clickNetworkConnections. 2. Selecttheconnectionyouwanttosecure(youcanrepeatthisformultiple
connections). 3. Intheleftpane,clickChangeSettingsofThisConnectionunderthe
NetworkTasksarea. 4. ClicktheAdvancedbutton. 5. CheckProtectMyComputerandNetworkbyLimitingorPreventing
AccesstoThisComputerfromtheInternet.
EnablingtheMacOSXFirewall InMacOSX,enablingthefirewallisextremelyeasy.Followthesesteps: 1. OpenSystemPreferences,andclickSharingtoopentheSharingpreferences
pane. 2. ClicktheFirewalltab,andclickStart. 3. Selectanyservicesthatneedoutsideaccess. 4. ClickNeworEdittomodifytheserviceslisted.
NAT(NetworkAddressTranslation) RunningNATonyourgatewayeliminatesthepossibilityofmanybreak-ins becauseNATaddressesaretypicallyprivate—restrictedtothelocalnetwork— andthusunreachablefromtheoutsideworld(seeAppendixA,Networking Basics,andChapter16,BuyingaWirelessGateway,formoredetailsonNAT). Wheneveracomputerwithaprivateaddressonthelocalnetworkrequestsa connectionwithanothermachineontheInternet,theNATgatewayrewrites therequestsoitappearstohavecomefromtheNATgateway,whichmustrun onapubliclyreachablecomputer. IfsomeonetriestoattackanetworkprotectedbyNAT,onlythegatewayis exposed.Agatewaymayhavesomevulnerability,butgatewaysaretypically muchmorecapableofresistingattacksbecausetheirsoftwareissosimpleand theydon’thavemanyportsopen—possiblynoneatall.Becausegatewaysdon’t dothatmuch,it’shardtohijackthem.
Chapter27 | ProtectingYourSystems
SomepeoplecallNATa“passivefirewall,”andmanymanufacturersthat advertisegatewayswithfirewallsarereallyofferingonlyNAT. YoushouldbeawarethatNATdoesn’tprotectyoufromotherusersonthe samenetwork,suchasinacoffeehouseorhotel.
331
V
TakingItontheRoad
Usingawirelessnetworkathomeorinyourofficeisfreeing,ofcourse,but youhaven’tliveduntilyou’veopenedupyourlaptopinsomerandomairport orcoffeeshopandbeenrewardedwithwirelessInternetaccess.Talkabout oneoflife’slittlevictories! Buthowdoyoufindwirelessnetworkswhenyou’retraveling(orbetteryet, beforeyouleave)?TurntoChapter28,FindingWi-FiontheRoad,foraslew oftipsandpointersforwhereyoucanfindaccesstoanInternet-connected wirelessnetwork.Mostofthosenetworksaren’tfree,andthecommercial wirelessISPsoftenprovidetheirownconnectionsoftware—whichiswhat youlearntouseinChapter29,ConfiguringWISPSoftware. AndasmuchasWi-Fiisbecomingincreasinglyavailablealmostanywhereyou thinktotravel,cellularphonesworkinmanymoreplacesaroundtheworld, soinChapter30,UsingCellularDataNetworks,weinvestigateusingyourcell phonetocheckemailandbrowsetheWeb. Chapter31,PreppingfortheRoad,andChapter32,WorkingontheRoad,distill ouryearsofexperiencerelatedtoaccessingandusingwirelessnetworkswhile (andbefore)traveling.Youcanmakeyourlifealoteasierwithsomepreparation, andonceyou’reactuallyoutonthestreetsofanunfamiliarcity,ourtipswill helpmakeyouasproductiveaspossible.
28
FindingWi-FiontheRoad
InthisageoftheInternet,beingoutoftouchwhiletravelingcanbeincredibly frustrating.Cellphoneshelp,certainly.Butformanyofus,emailformsthe hubformostofourcommunications.Whenourcustomers,clients,colleagues, friends,andfamilydon’trealizethatwearetraveling,theyexpectustocheck ouremailasfrequentlyaswenormallydo.Forustravelers,thelifelinebackto therestofourlives—ourdigitallivesatleast—isincreasinglybecomingWi-Fi networksfoundinpublicplaces. Forthemostpart,usingawirelessnetworkwhileyou’reontheroadisexactly thesameasusingoneathomeorattheoffice.Themaindifferenceisthat collectingalltheinformationyouneedtoconnecttoapotentiallyunknown networksuccessfullycantaketime,and—inmostcases—youmustcompile theinformationbeforeyouleave. TIP Nomatterhowreliableyoubelieveyourwirelessconnectivitywillbeduring atrip,alwaysmakesureyoucanusethemodeminyourlaptoporlow-speed serviceviayourcellphonetoconnecttoanISPaswell.Itmightbecostlyto diallong-distanceifyourISPdoesn’thavealocalnumberinyourarea,and per-megabytechargeswithyourcellcarriercanaddup,butevenexpensive Internetaccessisbetterthannoneatallinsomesituations.
Youmayfindwirelessnetworksinunlikelyandfar-flungspotssoit’sworth takingafewminutesbeforeyouleavetodeterminewhereyoucanfindwireless networksatyourdestination.
336
TheWirelessNetworkingStarterKit
FreeWirelessNetworks Remarkably,therearethousandsofplaceswhereyoucanhoponawireless networktoaccesstheInternetforfree.Therearenoserviceguarantees,of course,andthespeedoftheconnectioncanrangefromatrickleatthespeed ofa56Kbpsdial-uptoaNiagaraFallsatthespeedofmultipleT-1s.Butfor aquickemailcheck,afreenetworkcouldbejusttheticket. Allthat’snecessarytoaccesstheInternetviaoneofthesefreenetworksisthat youselectthenetworknamefromyourlistofavailablesignals.Afewcommunity networksredirectyourfirstWebbrowserrequesttoapagethatidentifies legitimateuseofthenetworkandasksyoutoagreetoitbeforeproceeding. TIP Ifacommunitynetworkrequiresyoutoclickthroughanacceptableuse agreementbeforeyouareallowedtoconnect,youcan’tcheckemailuntil youlaunchaWebbrowserandagreetotheacceptableusepolicy.
CommunityWirelessNetworks Manycommunitieshavesmall,orevenlarge,collectionsoflooselyaggregated opennetworkscreatedbyindividualsinthecommunity.Thesecommunity networksprovideisolatedhotspotsinmostcities,andcertainneighborhoods havenearlycompletecoverage.Forinstance,severalparksinNewYorkCity haveexcellenthigh-speedservice,includinglocationsinLowerManhattan. ThesehotspotsaregenerallyoperatedbybusinessdistrictsorNYCwireless (www.nycwireless.net). Althoughthere’snocomprehensivewaytofindanup-to-datelistofallthesehot spotsnationwideorworldwide,thebestapproachistolookforawirelesscommunity networkwhereyou’regoing,andthenseeifitsWebsitemaintainsalistofcurrent hotspots.PersonalTelco,aPortland,Oregon–basedgrassrootsorganization devotedtocommunity-basedcommunicationsnetworks,publishesthemost extensivelistofwirelesscommunitynetworksathttp://personaltelco.net/ index.cgi/WirelessCommunities.
Libraries Manycommunitieshaveadded(orplantoadd)wirelessInternetaccessto theirpubliclibraries.Adam’swife,Tonya,servesontheTompkinsCounty PublicLibraryBoardofTrusteesinIthaca,NewYork;aswewritethisbook, Adamishelpingthelibraryconsiderwhatitwouldtaketoinstallandusethe necessaryaccesspointsforwirelessInternetaccess.
Chapter28 | FindingWi-FiontheRoad
OurTopFiveCoolestWi-FiLocations Wi-Fiitselfiskindofcool,butthereare someuniqueplacesyoucanconnecttothe InternetthatprovideWi-Fi–squared.Here’s asampling. 1. MountEverest.SherpasattheNepalap-
proachtoMountEveresthavebuiltasatellite-linkedwirelessnetworkthatenables expeditionstoconnecttotheirhomesand institutions,whilealsoprovidingservice toanearbyvillagethatlostphoneservice andothercontactwiththerestoftheworld followinganattackbyCommunistrebels. It’saseveral-dayyaktrip(we’renotkidding)fromKathmandutothebasecamp, andconditionsareextreme,butthathasn’t stoppedtheSherpas.Althoughthecostwill bethousandsofdollarsperexpedition,it’s worthittosurfnear—butnotat—thetop oftheworld. 2.Aboardaflight.TheBoeingConnexion
servicewentintotestingforasingleFrankfurt–D.C.Lufthansaflightin2003,and itwasahitwithbothpassengersandthe airline.Startingin2004,severalairlines willoffertheseveralmegabits-per-secondsatellite-basedservicethroughouta planeviaWi-Fiforabout$35foralong internationalflight.Althoughdowntime isimportantforanytraveler,it’salsogreat tousesomeofthoselongemptyperiods togoodeffect.
3. Driving down a highway. The driver
shouldn’t attempt this, but passengers might. Using a Bluetooth-enabled cell phoneoraPCCardthatcommunicates viacellstandards,alaptoppluggedinto thecar’scigarettelighterwithasoftware accesspointenabledcanprovideInternet accesstootherpassengers—eventhosein nearbycars!Severalconvoystovariousgeek festshaveproventheconceptworks.Ascell networksincreaseinspeed,moreCarArea Networksareboundtoform. 4. PioneerCourthouseSquareinPortland,
Oregon.AnearbybusinesshelpedPersonal Telco,acommunitynetworkinggroup,offer freeInternetaccessviaWi-Fialloverthe heartofPortland’srejuvenateddowntown. Whenthatfirmrelocateditsofficesinthe middleof2003,alocalISPandabusiness groupwithofficesonthe10thfloorofa nearbybuildingpickeduptheslack.It’sa lovelyplacetopeople-watchwhilesurfing theWebandcheckingemail. 5. SanFranciscoInternationalAirport.
StartinginMarch2003,theSanFrancisco airport,whichistheprimaryairportfor thehigh-techdenizensofSiliconValley, finallystartedtoofferwirelessnetworkaccess.Bytheendof2003,thewholecomplex issupposedtobeagiantWi-Fihotspot. Sitneartheheartofthedotcomrevolution andkeepthecordcut:nomorepayphone struggles.
337
338
TheWirelessNetworkingStarterKit
NOTE Wirelessnetworkaccesshasmanypotentialbenefitsinalibrary.Adamand TonyahopethatwirelessnetworkaccessintheTompkinsCountyPublicLibrary willtakesomeofthepressureoffthedesktopInternetcomputers,allowpatrons tocarrylaptop-baseddisplaysoftheonlinecatalogintotheshelvingareas,and providemoremobilityandefficiencytostaffoperations.FreewirelessInternet accesscouldalsoenhancetheabilityofthepubliclibrarytodrawmorepeople intothedowntownbusinessdistrict.
AdamandGlenn’scolleagueNeilBauman,theimpresariobehindandcaptain ofGeekCruises,liveswithinconnectionrangeofhislocallibrary’swireless network.(Neilalsohascable,DSL,andgigabitfiberopticInternetconnections thankstohislocationinPaloAlto,California.We’resojealous.) FindingwirelessInternetaccessinapubliclibrarywhenyou’reonatripmay involvemoreeffortthanit’sworth,however,unlessyouknowpeopleinthe community.Librariestypicallydon’tadvertisetheirserviceswidely,andthey mayimposeloginorotheraccessrestrictions—althoughaparkinglotoroutside benchmightbecloseenough. Moreimportantly,however,youmaynotbeabletofindapubliclibraryeasily intheplacesyouvisit.
CollegesandUniversities It’saprettygoodbetthatmostcollegesanduniversitiesprovidewirelessInternet access.Ifyou’reattendingaconferenceheldat(ornear)auniversity,it’sworth checkingifitofferspublicaccess. Unfortunatelyforvisitorsandtravelers,manycollegesanduniversities,suchas CornellUniversityandtheUniversityofWashington,usecentralauthentication serverstorestricttheirwirelessnetworkstostudents,faculty,andstaff,making itdifficulttoarrangeaccessforavisitor. Ontheflipside,institutionslikeCaseWesternReserveUniversityinCleveland, Ohio,havedesignedtheirnetworksspecificallytohandlepublictrafficwhile securinguniversitybusiness.Casehas1200accesspointssprawlingacrossits campus,whichintersectswithbusinessdistricts.ReadabouttheOneCleveland projectatwww.case.edu/its/strategic/OneCleveland.htm. NOTE At a landmark conference examining open versus licensed spectrum at Stanford University in early 2003, organizers were slightly embarrassed becausemanyattendeeswereunabletousetheWi-Finetwork.Although
Chapter28 | FindingWi-FiontheRoad the conference organizers had asked for MAC addresses from attendees, afewtyposandalackofresponsecoupledwithaweekendeventwithno techiesonsitealmostderailedaccess.Fortunately,oneaudiencemember ranacompanythatmakesWi-Figatewaysandhadaunitwithhim.After alittlefiddling,hespoofedalegitimateMACaddressandprovidedaccess totherestofthosepresent.
Althoughprimaryandsecondaryschoolsarelesslikelytohavewireless networksinstalled,they’realsolesslikelytorestrictaccesstothem.Ifyouend upatameetinginaschoolconferenceroom,openyourlaptopandseeifyou canconnecttoawirelessnetwork.
FreeCommercialLocations We’reseeinganincreasingnumberofcompaniesofferfreewirelessInternet accessinexchangeforasplashscreenandadvertisingintheneighborhood.
HotSpotDirectories We’vefoundanumberofWebsitesthatattempttotrackthemanydifferenthotspots acrossboththeU.S.andtherestoftheworld. Visitthemfirstinanysearchforwirelessnetworksatatraveldestination.
• Jiwire(www.jiwire.com)actuallysendsscouts outinthefieldwhomakesurethatWi-Fi accessreallyexistsatthelocationsthatsay theyhaveit.Theguidesalsotakephotos andreportonamenities,suchaselectrical outletsandthekindoffoodserved.Jiwire listslocationstheyhaven’tchecked,too. Thesiteprovidesproximityinformation,so thatyoucanenterastreetaddressandseea listofhotspots,freeandfor-fee,inorderof distancefromyourlocation.Youcanfilter byprovider,whetheralocationcharges, andothercharacteristics.(Fulldisclosure: GlennisasenioreditoratJiwire,butwe wouldthinktheywerecoolanyway.)
• HotSpotList.com(www.wi-fihotspotlist. com),Hotspot-Locations(www.hotspot-
locations.com),WiFinder(www.wifinder. com),EZGoalHotspots(www.ezgoal.com/ hotspots/wireless/),andTheWireless
NodeDatabaseProject(www.nodedb.com). Thesedirectorieshaveagrabbagoflocations,andoftenshowmanycommunity nodes—sometimesstandalonelocations inanapartmentorprivatehome.
• TheWi-FiFreeSpotDirectory(www.wifi
freespot.com)isrunbyJimSullivan,who
isgenerouswithhistimeandefforton behalfofothers.Itprovidesaprettygood listoflocationsthathavefreeWi-Fi.It’s notexhaustive,butit’sagreatstartwhen you’retraveling. Somehotspotdirectoriesacceptsubmissions fromusers,soifyouknowaboutapubliclyaccessiblehotspot,weencourageyoutohelpother wirelesstravelersbyaddingittodirectories.
339
340
TheWirelessNetworkingStarterKit
• AppleStores(nationwide,mostlyinupscaleshoppingdistricts).Apple’s retailstores(www.apple.com/retail/)offerfreeWi-Fi,andAppledoesn’t carewhoknowsaboutit.Wehaveaskedifthecompanyhasanyrestrictions onwhousestheseopenAirPortnetworks,andtheanswerisno:Apple wantspeopleinthedoor,doinginterestingthings,preferablyonMacs. Fromwhatwecantell,thestoresallhaveT-1speedlines.
• Newbury Open.net (Boston). Michael Oh, founder of Tech
Superpowers,(www.techsuperpowers.com)operatesNewburyOpen.net (www.newburyopen.net),ahigh-speedWi-Finetworkthatusesaseries ofantennastoshootservicedownBoston’sfamouscommercialwalk, NewburyStreet.
• St.Louis.InSt.Louis,Missouri,awirelessISPcalledO2Connect
(www.o2connect.net )—asin“Oh!Toconnect!”—recentlyworkedwith thecitytoprovidefreeWi-Fiserviceacrossahugeswathofdowntown, donatingtheequipment(about$25,000)andmonthlyservicebills(estimated at$1000)toenhancedowntownandpromoteO2Connect’sofferings.
ThelowcostofbroadbandInternetconnectionsandtheeaseofsettingupa wirelessnetworkhasresultedinmanypublicshopsprovidingwirelessInternet accessasawayofenticingcustomerstocomeandspendtime(andsamplethe wares,ofcourse).Someofthecompaniesthatmanagecommercialhotspots forretailstores,inlate2003,startedofferingafixed-ratemanagedservicefor businessesthatwanttoprovidefreeaccess,makingiteveneasier. Overtheyears,we’vefoundanumberofone-offhotspotsthatofferfree service.Forinstance,theDanaStreetRoastingCompanyinMountainView, California,hasfreewirelessaccessbecauseacustomerwhowantedtosurf theInternetwhilehedrankhislattespaidforit(www.live.com/danastreet/). Meanwhile,downthestreetfromGlenn’soffice,ajavajointnamedHerkimer Coffee(www.herkimercoffee.com)openedwithfreeWi-Fi,andthebuzz(caffeine andotherwise)keepstheplacebusyevenduringtraditionallyslowjoetimes intheafternoon. Theseisolatedhotspotsmaynevershowupindirectories,sotheonlywayto findthemaheadoftimeistosearchinGoogle(www.google.com).Forexample, tofindwirelessnetworksinRochester,NewYork,youmightsearchonterms like“wirelessInternetaccessRochester”.Sometimesyoumayhavetowait untilyouarriveatyourdestination,findalikelylocation(coffeehousesare yourbestbet),andask.
Chapter28 | FindingWi-FiontheRoad
OurfriendandcolleagueJeffCarlsononcefoundacoffeeshopinhisformer townofRenton,Washington,thatofferedfreewirelessInternetaccess,butonly ifyouaskedsomeonetoturnthenetworkon.Why?Theshopdidn’twantpeople toparkoutsideandusethenetworkwithoutbuyingcoffee.(Morerecently,the ownersdivorcedandtheWi-Fiservicedisappearedentirely—anotherreason whyyoumaynotbeabletorelyonfreeservice.)
ConferencesandTradeShows Atmanyconferencesandtradeshows,particularlythosewithatechnicalbent, theconferenceorganizersmaysetupanareawhereyoucanaccesstheInternet wirelesslyforfree.Theonlydownsideisthattheseareasareoftencrowded, makingtheInternetaccesssomewhatpokyattimesandmakingitdifficultto findachairinwhichtosit. As2003comestoaclose,wearefindingthatconferenceorganizershavegotten wiseandstartedtoputWi-Fieverywhere:inseminarrooms,diningareas, andtradeshowspaces.However,thebacklashhasalsostarted:thewideuse oflaptopsandWi-Fiinsessionscanmakeitsoundlikelightsleetisfalling whilespeakersarepresenting. We’vealsohearddisturbingnewstothecontrary,whichisthatthecompanies handlingthetelecommunicationsfortradeshowsandconferencesmightstart chargingegregiousamountsforaccess.Onefirmreportedlyplansoncharging attendeesabout$25adayfor64Kbpsservice—roughlytheequivalentofcell datarates.Giventhatcelldataisbecomingeasiertouse,itdoesn’tmakesense tochargethatmuchorofferthatlittle. TIP It’salwaysworthcheckingfornearbyadhocwirelessnetworkswhenyou’re ataconferencehotel.Sincemosthotelsthatofferhigh-speedInternetaccess chargebytheday,ifsomeonedecidestopayfortheconnection,hemayalso decidetorunasoftwareaccesspointandmaketheInternetaccessavailable tootherwirelessuserswithinrange.Weoncesawa“Sendbeertoroom1471 forpassword”networkatMacworldExpo—meaningifyouwanttheWEPkey, sendbeertothatperson’sroom.Unfortunately,wewerereceivingthewireless signalfromanearbyhotel,sowedidn’tknowwheretosendthebeer!
CommercialWirelessNetworks Freewirelessnetworksaregreat,butsometimesyougetwhatyoupayfor.Free networksseldomofferformaltechsupportifyouhavetroubleconnecting, theydon’tguaranteeacertainlevelofInternetbandwidth(suchasa1.544 MbpsT-1lineoraDSLequivalentthatabusinesswouldtypicallyoffer),and
341
342
TheWirelessNetworkingStarterKit
theydon’tprovidemuchassurancethattheywillbeaccessiblefromonedayto thenext.IfyouneedtouseaVPNtoconnecttoyouroffice,thatmaynotbe possiblethroughafreenetworkifitreliesonanincompatibleNATgateway. Andwithoutaguaranteeofsomekindonthehotspot,youmightbereluctant tomakeplansaroundusingthatlocation,particularlyforsensitivedata. It’snotdifficulttooffertechsupport,guaranteeacertainthroughput,andprovide overallreliability—andanumberofcompaniesnowofferthoseservicestoretail storesandbusinessvenuesandsplittheincomingrevenue—butitisexpensive. We’veseenestimatesthatofferingcommercialservicescouldcost$30perday whenyouincludethecostofbandwidthandpayingoffstartupcosts,whilefree wirelessmightcostjust$6perday.BusinessesthatprovidewirelessInternet accessgenerallyhavechargesfromabout$4to$12perhour,from$5to$10 perday,orflatratesforunlimitedservicefrom$20to$50permonth. Thegrowthrateofcommercialhotspotshasparalleledanincreaseinthe numberofwirelessISPsthatofferserviceinnumerouslocations.Aswewrite this,theideaofsubscribingtoonewirelessISP’snetworkandroamingacross others,muchthewaycellularcarriersallowothercompanies’customersto usetheirnetworksforafee,isonewhosetimehascome.Currently,abusiness travelermuststillmaintainaccountsonseveralnetworkstoenjoyuninterrupted servicethroughoutmuchoftheUnitedStates. We’realsoseeingincreasedinterestinandcoverageareasforaggregated wirelessserviceresellerslikeBoingo,iPass,andGRIC.Thesecompanies offeraccountsthatletyouaccesstheInternetviadial-up,Wi-Fi,andwired Ethernetinthousandsoflocationsaroundtheworld,allforasinglefee.We talkaboutthesecompanieslaterinthischapter. TIP Toconnecttoacommercialhotspot,eitheryouchooseanactivenetwork anduseaWebbrowsertologintoacaptiveportalWebpage,oryouuse specialclientsoftwarethathandlesthelogin.Wetalkmoreaboutthesespecial programsinChapter29,ConfiguringWISPSoftware.
WirelessISPs WirelessISPs,knowncommonlyasWISPsorwISPs(anirritatingcapitalization style),aboundworldwide,offeringaccessforafeetotheirwirelessnetworks.Some peoplealsocallthemHotSpotOperatorsorHSOs,butthetermseemslimited mostlytobusinessplans,andisn’tonewe’veheardincommonparlance.An increasingnumberofWISPsofferdozenstohundredsoreventhousandsofhot spots,butmostspecializeinacertainkindofvenue,likehotelsorcoffeeshops.
Chapter28 | FindingWi-FiontheRoad
Until2002,atypicalWISPranitsnetworks,soldaccessdirectlytocustomers, andpromoteditsownbrandname.Butby2002,itwasclearthatnoone companycouldbuildenoughserviceonitsown.MostexistingWISPsnow resellservicetoaggregators,whichinturnoffercustomersaccesstonumerous wirelessnetworksworldwide.Infact,newerWISPs,likeCometa,werefounded onthenotionofbuildinganetworktowhichtheyonlyresellservice.Other WISPschosetocompetebyspecializinginparticularindustries.Forinstance, STSNisMarriott’spreferredhotelprovider,offeringbothwiredEthernet andWi-Fiinhotels. Ultimately,manyoftheseWISPswillbelikethelogosonanautomatedteller machinethattellsyouwhichATMnetworksthecashdispensersupports.No oneknowsorcareswhatCirrusis,butyouknowthatifthere’saCirruslogo onyourcardandontheATM,youcanusethatmachine.Theevolutionof thattrendhastodowithretailstores:astoredoesn’twant15logosonitsdoor forthe15differentnetworksitpartnerswith.
Pricing We’resureyou’dliketoknowexactlyhow muchWi-Fiaccesswillcost,butwe’vegone tosomepainstobevagueaboutdetails.The reason?Pricinghaschangeddramaticallyand non-intuitivelyintheyearswe’vebeenwatchingthewirelessISPmarketevolve. Atonepoint,itcostcloseto$75permonthfor unlimitedaccess,andthatwasonlyonsmaller networks.AsthewirelessISPs’networkshave grown,andasroamingdealshavecomeinto being,cheaperunlimitedplanshaveemerged. WirelessISPswithlargernetworkswantto signupasmanyusersaspossible,andreducing pricesisanecessarypartofthatgoal. Aswewritethisbook,BoingoWirelessoffers anunlimitedservicepromotionpricedat$21.95 permonthfor12months.After12months, Boingosaysitspricewillincreaseto$34.95
permonth(a$40-per-monthreductionover pricingayearago),butwedon’tseethatas likely.TogetunlimitedStarbucks,Borders, andairportserviceonT-Mobile’snetwork, youcouldpayaslittleas$19.95permonthif you’reaT-Mobilecellularcustomer,or$29.95 permonthwitha1-yearcommitmentanda $200cancellationpenalty. Priceshaven’tdroppedinpay-as-you-goservice.Typically,youstillpayabout$5to$10 perhour,justliketwoyearsago,or$7to$10 perdayfora24-hoursession. Weexpectthatby2004,asingle$25-permonthaccount,probablydiscountedwhen bundledwithacellularvoiceplan,willprovide unlimitedwirelessInternetaccessacrossmost currentnetworks.
343
344
TheWirelessNetworkingStarterKit
Here’salistofthemajorWISPsintheU.S.andCanadaaswewritethis. Unlessnotedotherwise,allthesenetworksreselltheiraccesstoatleastoneof theaggregatorswediscussnext.
• AirpathWireless(www.airpath.com),NetNearU(www.netnearu.com),and ProntoNetworks(www.prontonetworks.com).Thesethreefirmshandle billing,customerservice,andloginsforanyvenueornetworkthatwants toinstallWi-Fiservice.Theycanalsoprovidethenecessaryhardware. Somefirmsbecome“virtualWISPs”bysigningcontractsatvenueslike ahotelorcoffeeshopandthenusingoneofthesecompaniestomanage accountsandotherdetails.AirpathandNetNearUalsoprovideroaming acrossmanyofthehotspotsthattheymanageonbehalfoftheselocations andcompanies,givingthemaninterestingpatchworkthatincludesmany smallerairportsthatmighthavejustasingleaccesspointinawaitingarea orshop.Eachcompanyletsindividualnetworksorlocationssetpricingfor service,whichcanincludehourly,daily,monthly,andotheroptions.Airpath hasover350locationsatthiswriting,and900morenearingdeployment. Airpathestimates4500locationsbymid-2004.NetNearUhasabout200 locations;Prontodoesn’tseemtodiscloseitsnetworksize.
• CometaNetworks(www.cometanetworks.com).Cometawasfoundedwith moneyfromAT&T,IBM,andIntel,andhadagoalofbuildingout20,000 hotspotlocationswithintwoyears.Itsplanisonlytoresellserviceto wirelessproviders,mostlycellularandtelephonecompaniesthatwantto runvirtualnetworks.Cometahadaslowstart,takingseveralmonthsto getrolling,butinSeptemberof2003,thecompanyrevealedthefirstmajor stageinitsplan:250hotspotsingreaterSeattle,includingtwohigh-end malls(UniversityVillageandBellevueSquare),severaldowntownoffice buildings,theTully’scoffeestorechain,localBarnes&Noblestores, localMcDonald’srestaurants,andotherlocations.TheCEOofCometa toldGlennthatthecompanyplanstorolloutonlyinmajorchunks,city bycity.TheSeattlerolloutincludedannouncementsthatCometawould resellservicetoAT&T(theparentcompany),AT&TWireless,iPass,and SprintPCS.WeexpecttheCometajuggernauttostartrollingby2004.
• FatPort(www.fatport.com).ThisVancouver,BritishColumbia,firmhas dozensofitsownlocationsandhundredsmoreacrossCanadarunbyother companiesforwhichFatPorthandlesbillingandsupport.FatPortoffers pay-as-you-goservice,prepaidcards,andsubscriptionplans.Thecompany alsohasroamingagreementsandpartnershipstoextenditsterritoryand userbase.
Chapter28 | FindingWi-FiontheRoad
• SurfandSip(www.surfandsip.com).SurfandSipstartedintheSanFrancisco BayAreawithseveraldozenhotspots,butnowhasserviceworldwide, withapileoflocationsintheUnitedKingdomandarapidlyexpanding presenceintheCzechRepublic,Slovakia,andPoland.SurfandSipoffers hourlypay-as-you-goaccess,prepaidcards,andmonthlyserviceplans. SurfandSipinstallssomelocationsitselfandsellshardwareforsetting upaturnkeyhotspot.
• T-MobileHotSpot(http://t-mobile.com/hotspot/).T-MobileUSA,a divisionofDeutscheTelekomandthesixthlargestcellularcarrierinthe U.S.,boughttheassetsofthebankruptMobileStarserviceinearly2002. Inmid-2002,itrelaunchedtheMobileStarserviceundertheT-Mobile nameasaStarbuckspartnerinover1200locations.Bylate2003,TMobilehadover3000locationsinStarbucks,Borders,andKinko’sstores throughouttheU.S.,aswellasserviceinSanFranciscoInternational Airport.However,T-Mobiledoesn’tcurrentlyshareitsnetworkwithany otherWISPsoraggregators,exceptfortheSFOairportlocation,which T-Mobileisrequiredtosharebycontract.T-Mobileoffersamonthly subscriptionandtwopay-as-you-goplans,withdiscountsavailabletoits cellphonecustomers.T-Mobilealsoplanstoprovidesoftwarethatwould letyouconnecteitheroverthecompany’s2.5Gcelldatanetworkorvia Wi-Fiwithasingleaccount.
• STSN(www.stsn.com).STSNisMarriottInternational’spreferrednetwork
providerpartlybecauseMarriottinvestedinthecompany(asdidIntel Capital,later).STSNhasabout500hotelsconnectedtotheInternet withwiredbroadbandinrooms.MostalsohaveWi-Fiinpublicspaces. AlthoughSTSNresellsaccess,Marriott’spay-as-you-gopricingisway toohigh:whileitchargesonly$9.95pernightforInternetaccesscoupled withunlimitedlocalandlong-distance(domestic)calls,Marriottcharges Wi-Fiatarateof$2.95for15minutesand25centsperadditionalminute. Oddly,MarriottwillgiveawayfreewiredandWi-FiInternetserviceto guestsstayinginits1700budgethotels,andwillchargeonlyinitspremier MarriottandRenaissancehotels.
• Wayport(www.wayport.com).ThegranddaddyofwirelessISPs,Wayport
hasover550locationsinstalledsince1999,mostlyinhotelsandairports. Inhotels,WayporttypicallyofferswiredbroadbandinroomsandWi-Fi incommonareasandmeetingrooms.Wayporthasthebiggestcollection ofairportlocations,includingexclusiveserviceinSeattle-Tacoma, Minneapolis-St.Paul,LaGuardia(NewYork),andSanJoseandOakland
345
346
TheWirelessNetworkingStarterKit
(California),andcompetingservicewithT-MobileinAustinandDallas. Wayportoffersdayrates,includingdiscountsforbuyingseveralconnections atonce,andmonthlyserviceplans.Wayport’snetworkshouldexpand dramaticallyin2004,becausegianttelcoSBChashiredthemtoinstall thousandsoflocations.
RoamingAggregators It’sfinanciallyimpossibleforanysingleWISPtodominatethehotspotworld. Therearetoomanyplaceswherepeoplewanttoconnect—evenjustconsidering hotels,airports,andconferencecenters—forasinglecompanytomakeallthe deals.Already,severaldifferentWISPsareoperatingairportlocationsunder long-termleases. AllofthismeansthatsubscribingtoasingleWISPmakeslittlesensefor anyonewhotravelsmuchatall,andthatanyWISPthatdoesn’tresellaccess toitslocationsisforgoingrevenue. Entertheaggregators.Anumberofcompanies,includingthreecellcarriers, offeraccesstomanyseparatenetworksthroughapieceofsoftwarethatcontrols theloginprocess.Withoutthesoftware,youcannotuseanaggregator’s network. Sixcompaniescurrentlyoffersomeformofaggregation,andwetellyoualittle abouteachhere.Formoreabouttheirsoftware,seeChapter29,Configuring WISPSoftware.Weexpectmanymorefirmstoenterthemarketafterthis bookgoestopress,soyoushouldhaveanincreasingnumberofsubscription choices.
BoingoWireless BoingoWireless(www.boingo.com)istheonlyaggregatorthatresellsonlyWiFiaccess.Alltheotherssellsomemixofdial-up,broadband,andWi-Fi,or cellvoice/dataandWi-Fi.FoundedbySkyDayton,thefellowwhobrought usEarthLink,Boingohasbuiltitssystemuptoover2600locationsaswe writethis.Daytonhadoriginallypredictedthousandsmorelocationsbythe endof2002,butthehotspotworlddidn’tcatchuptothescalehepredicted untillatein2003. Boingopricesitsservicebytheconnection,astandardunitofbroadband measurement:noontonooninhotels,usually,andmidnighttomidnightin otherlocations.Ifyoupayasyougo,eachconnectionis$7.95.Amonthlyplan withunlimitedconnectionsis$39.95,butaswewritethisbook,Boingois offeringa12-month,$21.95/monthplanwithnocancellationpenalty.
Chapter28 | FindingWi-FiontheRoad
TheBoingosoftwareincludesaVPNclientthatletsyoutunnelallyourtraffic fromyourmachinetoBoingo’snetworkoperationcenterbeforeit’sdecrypted andsentoverthepublicInternet.(FormoreaboutVPNs,seeChapter26, SecuringDatainTransit.) BoingoalsoincludesoutboundemailservicethroughauthenticatedSMTP, whichrequiresyoutoreconfigureyouremailsoftwaretemporarilywithyour
WanttoBecomeaHotSpot? Ifyou’reinterestedinlaunchingahotspot servicefromyourhome,business,orcommunitycenter,youfirsthavetochoosewhether ornottochargeforservice.Ifyouwanttogo thefreeroute,andyou’reaself-starter,check out http://nocat.net, www.bawug.org,and www.personaltelco.net,allofwhichhaveexcellentadviceandlinks.WealsorecommendRob Flickenger’sbook,BuildingWirelessCommunity Networks.YoumightalsolookintoSputnik’s wirelessLANsystem(www.sputnik.com)which allowsyoutomanageanetworkwithdifferent classesofusers,soyoucanreservebandwidth foryourownpurposesandmanagesecurity. Finally,evenifyouwantyournetworkto befree,someWISPsnowoffermanaged servicesfor$50permonthorlessplussome setupexpense.
Youmightalsoneedtopurchasebusinessgradebandwidth.ManyISPsdon’tletyou resellaccessfrombasicDSLorcableaccounts, requiringmoreexpensivebusinessaccounts. SomeWISPsandturnkeynetworkshave specialarrangementswithISPstogetyoua gooddeal.AndSpeakeasy(www.speakeasy.net) offersDSLandT-1servicenationwidewith norestrictionsonresellingaccesstoanyofits kindsofaccounts,anditdoesn’tchargefees forexcessbandwidthuse.
Ifyouwanttochargeafeeforaccesstoyour network,wedon’trecommendputtingtogether yourownsystem,asmanycompanieshave solvedtheproblemsalready.Asmentioned inourlistofWISPsandaggregators,many offerwhat’sknownasOSS(operationssupport systems):billing,useraccountmanagement, authenticationorlogin,customerservice,technicalsupport,andnetworkmanagement.
Werecommendyoufindacompanythatwill includeyourhotspotinagroupoffrequently usedwirelesslocations,andthatallowsyouto sellserviceflexibly:bythehour,day,month, andothercombinations.Providersoffering bothbenefitsincludeAirpath,NetNearU, ProntoNetworks,andSurfandSip.Youcan findthelatestlistofoptionsatGlenn’sWi-Fi NetworkingNewssiteatwww.wifinetnews.com/ turnkey_hotspots.html.
Youcaneitherbuyhardwaredirectlyfrom thesecompaniesasacompleteturnkeyoption,orbuycertainaccesspointmodelsand thencontractwiththesefirmstohandleyour network.Aturnkeyaccesspointcancost from$200to$1000dependingonoptions andexpectedusage.
347
348
TheWirelessNetworkingStarterKit
Boingoaccountnameandpassword.Thisservicehelpsyouavoidawhole categoryofoutboundemailproblems,whichwediscussinChapter31,Prepping fortheRoad. Software:AlthoughBoingo’ssoftwareiscurrentlyavailableonlyforWindows andPocketPCs,BoingoisworkingonaMacOSXclient.
iPass iPass(www.ipass.com)startedasawaytoletcompaniesgivearoamingroad warriorasingleaccountthatwouldallowheraccesstodial-upInternetservice nomatterwhereintheworldshelandedwithoutsettingupindividualaccounts orpayingoutrageousprices.WithISPpartnershipsaroundtheglobe—inover 150countriesandwith19,000pointsofpresence—iPasshasmetthatmark. Dial-upInternetaccessfromiPasscostsuptoabout$15perhourdepending ontheamountofserviceyoubuy,whereintheworldyou’reusingtheservice, whetheryou’reacompanyoranindividual,andwhetheryou’redialingatoll ortoll-freenumber.AccordingtoarecentfilingwheniPassoffereditsstockto thepublic,thecompanystillmakes99percentofitsmoneyfromdial-up. Butthathasn’tstoppediPassfromaggressivelyexpandingtoincludeWi-Fi andwiredbroadbandaccess.Ithasover2500locationswithoneortheother, withWayportandSTSNformingabigpartofitshotel/wirednetworkatover 1000locations.iPass’spricingforhotspotsismorevariedworldwide,with$7 to$20per24-hourperiodbeingtypical.Thecompanychargesperminuteup toadailymaximuminmostlocations,whichcanbecheaperthanadailyfee forcheckingemailforjustafewminutes. iPassdoesn’tselltoindividualsdirectly.Mostofthetime,itworkswith corporationsthathavehundredsorthousandsofemployees,anditdirectly connectsthecompany’suserlogindatabasewithiPass’saccounts.Employees thenusetheirnormalnetworkpasswordstouseiPassandthecompanydoesn’t havetosetupindividualaccounts.Prettynifty. However,iPassdoesworkwithvalue-addedresellers,whocanofferservice toindividualsandsmallercompanies.VisittheiPassWebsite,clickPartners, thenclickResellers,andanswerthequestiononlocationandcompanysizeto bedirectedtoindividualresellers. Software:iPassConnectisavailableforWindows,Macintosh(MacOS9and MacOSX),andvarioushandhelds.Version3ofthesoftwareisavailableonly forWindowsatthetimeofthiswriting.
Chapter28 | FindingWi-FiontheRoad
GRICCommunications GRIC(www.gric.com)offersservicessimilartoiPass,thoughwewereableto findoutonlythatitpartnerswithAirpathandWayportforwirelessInternet access.Thecompany’sWebsitenotesmanypointsofpresence,butprovides noinformationoncostorotherdetails. Software:AvailableforWindowsonly.
AT&TWireless IntheDenverairport,AT&TWirelessoperatesWi-Fiservicethatwas originallybuiltbyNokia,whichsearchedforyearstofindanoperatortorun thenetwork.AT&TalsoresellsWayport’sservice,butdoesn’tseemtoyethave aplantoexpandaccessorbuilditsownnetwork.AT&TWirelesschargesare currentlyegregiouslyhigh,butweexpectthatthey’llcomeinlineasAT&T Wireless’scellularbrethrenstartofferingWi-Fiatamorereasonablerate. Software:AT&TWirelesshassaidthatitwillofferasoftwareconnection manager,butwe’renotsurewhatformitwilltake.
SprintPCS SprintPCSannouncedplansinmid-2003toresellaccesstoWayportand Airpathlocations,andtohaveAirpathprovidetheback-endbillingandaccount managementasSprintPCSbuilds1300ofitsownlocationsbytheendof2003. (YoucancheckourWebsitetoseeifthecompanymetitsgoal!) SprintPCShasn’tyetannouncedpricing.Thecompanyalsosaidthatitwon’t beabletobilltheserviceonasinglebillwithcellularfeesuntillate2003;it’s expectedthatexistingSprintPCScellcustomerswillgetadiscountonadding unlimitedmonthlyservice. Software:SprintPCSusesacustomWindowssoftwareclientbasedonthe iPasssoftware.YoucannothaveiPassConnect3andtheSprintPCSsoftware installedatthesametimeononemachine.
VerizonWireless VerizonWirelesssaysitwillresellWayport’snetwork,butlittleelseisknown. Software:AlmostcertainlyWindowsonly.
TravelPoints Manytravelersareincreasinglymakingplansbasedonwheretheycanfindhighspeedaccess.We’vebothmadespecifichotelreservationstoensurethatwehad
349
350
TheWirelessNetworkingStarterKit
Wi-Fiorwiredbroadbandinourroomsoratleastnearby.Fortunately,more airportsandhotelsareprovidingWi-Fi(and,lessoften,wiredbroadband).
Airports IntheworldaftertheterroristattacksofSeptember11,2001,peoplewhostill travelextensivelyfindthemselvesspendingmanymorehoursthanbeforein airports:youarriveearlyandifpassingthroughsecuritytakesonlyashort time,youendupwithnearlytwohoursonyourhands.Plus,someconnection timesarelonger,soyoumighthaveamulti-hourlayoverbetweenflights.Even ifyouflyonlyafewtimesayear,theseextrahoursaddup. GlennrecentlytalkedwithamanageratBoozAllenHamilton,abusiness consultingfirmwith10,000employees,70percentofwhomspendadaya weekormoreontheroad.Surprisingly,they’retravelingmorethaneverin thelasttwoyears,andspendingmuchmoredowntimeinairports—andtheir timeismoney,sincetheybillhourly. It’sanaturalmatch,therefore,toprovidewirelessInternetaccessinairports, whetherinspecialhotspotlocationsorcafés,orthroughoutentireterminals. Unfortunately,thewirelessInternetserviceprovidermarketislitteredwith bankruptcies,andmanyofthosebankruptfirmshadmadearrangementswith airportauthoritiestoinstallwirelessservice.Thesebrokendeals,alongwith earlypoorrevenuefiguresfromairportsthatdidinstallwirelessnetworks, madesomeairportauthoritieswary,andtheentireindustrysloweddown from2001to2003. Fortunately,withtheeconomyontheslightuptickaswewritethis,business travelcreepinghigher,andademandforWi-Fiontherise,severalmajor airportshavejustlitupwirelessnetworks,includingSanFranciscoandtwo NewYorkmetroairports:LaGuardiaandNewark.Moremajorairportsare expectedsoon,asthey’vejuststartedsolicitingbidsfromWISPstobuild Wi-Finetworks. Also,T-MobilepartneredwithAmerican,Delta,andUnitedAirlinestoput Wi-Fiintheirmembershipclublounges,mostofwhichwillberunningbythe endof2003;T-Mobileanditspredecessor,MobileStar,hasprovidedWi-Fi serviceinAmericanloungesforyears.Afewscatterednetworkproviderslike AirpathandNetNearUhavelimitedserviceinwaitingareasorshops,too. Almostallairportwirelessnetworksareresoldbyaggregatorservices.Denver isthelargestexception,butserviceinSeattle-Tacoma,Austin,LaGuardia,and elsewherecanbepurchasedthroughanyoftheaggregators.
Chapter28 | FindingWi-FiontheRoad
NOTE Inseveralairports,WayportalsorunslittleslicesofheavencalledLaptop Lanes( www.wayport.com/laptoplane),whichitboughtfromanearly into-and-then-out-of-itwirelessISP’sparentcompany.LaptopLanesare tiny,self-containedoffices,soundproofedandwithtelephonesandwired high-speedInternetconnections.Youpayafairlyhighhourlyfee,butit’s quiet,calm,andprivate.
TIP Becauseairportterminalsarelongmetaltunnelswithcutoutsforlounges,you mayneedtowanderaroundlookingforasignalthatyoucanlockonto.Even inairportsthatprovide“100-percentcoverage,”therearecertainlyplaces wherenoservicegetsthrough.SeeChapter18,WirelessGadgets,fordetails onportableWi-Fifinders.
OutsidetheU.S.,youcanfindwirelessaccessinmanyairports,including Amsterdam’sSchiphol,partsofHeathrowinLondon,andanumberoflounges inairportswhereSweden’sSASairlinelands.It’swellworthsearchingGoogle beforeyouleavetofindinformationaboutwirelessInternetaccessatyour intermediateanddestinationairports.
Hotels Hotels,recognizingtheoften-pressingneedsoftheirgueststoconnecttothe Internet(andperhapsadmittingtheridiculousnatureoftheper-minutecharges theyapplyeventolocalandtoll-freetelephonecalls),increasinglyoffersome formofbroadbandInternetaccessinguestroomsandWi-Fiinpublicareas likeloungesandlobbies. Hotelsstartedbywiringeachroom,whichworkswell,butisanexpensive propositionforthehotelsandmayrequirethatguestsbringanEthernetcable (somehotelsprovidethenecessarycable).Morerecently,however,somehotels havepartneredwithaWISP,primarilyWayport,StayOnline,orSTSN,to offerin-roomwirelessInternetaccess.Hotelanalyststellusthatinthefuture, hotelswillalmostcertainlybypasstheexpenseandcomplexityofEthernet forWi-Fi. Typically,hotelschargeabout$10perday,withadaydefinedasnoontonoon. (Someusedtodefineadayasmidnighttomidnight,whichisridiculousfora hotel—somestilldo,socheckthefineprint!)Manyhotelsarenowtryingto avoidcustomerirritationatnigglingchargesbybundlingunlimitedbroadband, localcalls,andlong-distancecallsforasinglerate.AWestinoutpostinSanta Clara,California,charges$15.95pernightforthatprivilege,whileMarriott andRenaissancehotelscharge$9.95.
351
352
TheWirelessNetworkingStarterKit
Youcanalsofindaremarkableoptionthat’sbecomingmoreandmorecommon: entirelyfreeservice.It’smorelikelythatyoucangetfreebroadband(and oftenfreecalls,too)inhotelsthatcatertothemid-leveltravelerthaninthe high-endhotels.Theexpensivelocationshavemoreloyalty,andthecostof communicationsislesslikelytoraiseaneyebrowwhenabreakfastoftoast andorangejuicecosts$22.Butbudget-mindedtravelershavemoreoptions forwheretostay,sofreeservicemightswaythem. Wecurrentlyknowoftwomajorchainsthatareintheprocessofrollingout freeservice.MarriottInternationaloperates1700hotelsunderthenames Courtyard,FairfieldInn,ResidenceInn,TownePlaceSuitesandSpringHill Suites.MarriottsaysallwillprovidefreeInternetaccessviaWi-Fiinpublic areasandwiredEthernetinroomsbytheendof2004,withmosthookedup beforetheendof2003. WyndhamHotelsandResortshasseveralhundredlocations,andisseenasjust anotchbelowthehigh-endhotels.Tostandout,thechainprovidesguestswho belongtotheByRequestprogramwithfreelocalandlong-distancecalls,free broadband,afreebeverageonarrival,andanumberofothernicetouches.The bestpart?ByRequestisfree.However,youmustsignupbeforeyouarriveto getthegoodiesonthatvisit;gotowww.wyndham.comandclickJoinWyndham ByRequest. There’sanotherwaytoget“free”accessinahotel,too,althoughit’snotexactly free.WiththecostofpurchasingunlimitedWi-Fiservicehavingdroppedto aslittleas$22permonthfromanaggregator,itmaybemostcosteffectiveto useBoingoWirelessoranotheraggregatorandthenpicktherighthotelsand travelhubstoavoidadditionalchargesbeyondyourmonthlysubscription.
RetailChains ChainstoresareaddingWi-Fiserviceindroves,sincetheythink—rightly orwrongly—thattheycanfillupnon-peakhourswithnewcustomers.We’re notsurethatthecostofprovidingthescaleofWi-Fithattheselocationsoffer canberepaidthroughadditionalcustomersbuyingmorefood,butitisagrand experimentcurrentlybeingconductedinthousandsoflocations.
Starbucks ThecoffeehousechainStarbuckswilltellyouagainandagain:it’snotan Internetcafé.Rather,Starbuckswantsyoutobringyourexpensivelaptopin andbuyexpensivedrinksusingits,well,slightlyexpensivenetwork.Starbucks
Chapter28 | FindingWi-FiontheRoad
hasover5200storesintheU.S.,anditpartneredfirstwithMobileStar,which wentbankrupt,andthenwithT-Mobiletobuildhigh-quality,T-1–basedhot spotsinitsU.S.storesandelsewhere. Inmid-2002,StarbucksandT-MobileannouncedfullwirelessInternetaccess in1200storesinanumberofcitiesandmetropolitanareas.Overthenextyear, thepairuppedthatnumbertowellover2500indozensofcities,including somesmalltownsnearmetropolitanareas.They’realsoaddingservicegradually inEurope. Youcanseethelatestlistat http://locations.hotspot.t-mobile.com/ starbucks.htm.Theonlyflawwe’vefoundwithsomuchWi-Ficoverageisthat T-Mobilewon’tallowanyotherWISPoraggregatoraccesstoitslocations.It wouldbeidealifwecouldsubscribetooneplanandhitStarbucks,theAustin airport,andaMcDonald’sinNewYorkCity.(Wehopethishaschangedby thetimeyoureadthis.)
McDonald’s “Yes,IdowantWi-FiwiththatExtraValueMeal!”criesthecustomerashe standsbeforethecashier.McDonald’sistryinganinterestingexperimentby deployingWi-Fiinfourtestmetropolitanareas:Chicago,NewYork,San Francisco,andSeattle. McDonald’sisexperimentingwithpricingandproviders,too:Wayportruns theSanFranciscoshow,charging$4.95fortwohours;Cometa’sWISPpartner inNewYork,AT&T,charges$2.99aday;andwehaven’tseenpricingfrom itspartnersforSeattleyet.Wayportalsogivestheserviceforfreetoexisting Wayportsubscribers.InChicago,Toshibaisoperatingthenetworkaspartof itsefforttosell$199turnkeyhotspotkits.ChicagoMcDonald’sstorescharge $4.95perhouror$7.95perday. Aswewritethis,theNewYorkmetroandSanFranciscoBayAreaeach have75storeswithWi-Fiaccess,andMcDonald’shasn’tdecidedwhether all14,000ofitsrestaurantswillhaveserviceornot.Formoredetails,visit www.mcdwireless.com.
Schlotzsky’sDeli Schlotzsky’sDeliinstalledfreewirelessInternetaccessandseveralAppleLCD iMaccomputersinabout20locationsinTexas,Georgia,Ohio,andNorth Carolina,mostlycompany-ownedoutlets(www.cooldeli.com/wireless.html). Schlotzsky’sfoundanenormousemotionalresponsefromcustomersofallages.
353
354
TheWirelessNetworkingStarterKit
Often,theCEOsaidataconferencepanelGlennarranged,youthsportsteams showupandthekidspileononecomputerandtheadultspulloutlaptops. Thecompanyhopestoconvinceitsfranchiseestobuyintothisfreeideaand rolloutservicenationwide.
Bookstores Wi-Fiisnotjustaboutcoffeeandburgers.Barnes&NobleandBordershave dealswithCometaandT-Mobile,respectively,toequiphundredsofU.S.stores withWi-Fi.Inmanyways,it’sasensiblecombinationbecausethesetwochains typicallyhavecafésattachedorinside,andplentyofplacestositandwork. Althoughwedon’tknowwhenalltheBarnes&Noblestoreswillgolive—Seattle outletsareslatedtogofirst—BordershasrolledoutT-Mobile’sWi-Fiservice toalmostallofits400-pluslocations. YoucanfindBordersstoresviaitsstorelocator(www.bordersstores.com/locator/ locator.jsp)orBarnes&Noblelocationsbyvisitingthecompany’shomepage (www.bn.com)andenteringaZIPcode.
Kinko’s Kinko’sandT-MobilehaveannouncedthatallKinko’scopyshopsintheU.S. willhaveT-Mobileserviceby2004,andwhilethat’sausefuladdition,we’re notentirelysurehowitplaysout.IfyouhaveanunlimitedT-Mobileaccount, canyoucomeinandsquatforaslongasyouwant—andwherewouldyouset up?WillKinko’sstillrentcomputersatthesameratesasitusedto? Kinko’salsosaidthattheWi-Fiservicewon’tconnectdirectlytoprintersin Kinko’slocationsinitially,butthatcustomerswillhavetosendprintjobsvia emailtothestore,evenwhenthey’reinthestore. Still,it’sanaturaladjunctforabusinesstraveler,whooftenneedstoprint,fax, orcopymaterialwhileontheroad.
Up,UpintheAir Manybusinesstravelersspendenormousamountsoftimeinairportsandon airplanes.AsairportshaveslowlyaddedWi-Fiserviceandcellcompanies haveincreaseddataoptionsonthego,airlinespickeduponthenotionthat passengersmightwanttousesomeofthemanyin-transithoursonairplanes toworkandentertainthemselvesontheInternet. Twoservicescurrentlyofferin-airwirelessInternetaccess,butwithentirely differentmindsets.
Chapter28 | FindingWi-FiontheRoad
ConnexionbyBoeing Boeing’sConnexionservice(www.connexionbyboeing.com)usesphase-array antennasoneachplane.Theseantennascommunicatewithsatellitestoprovide anasymmetric1MbpsofbandwidthupstreamtotheInternetandfrom5to20 MbpsfromtheInternetbacktotheplane.Connexionhascommitmentsfrom LufthansaandScandinavianAirlinestoequiptheir100-oddlong-haulplanes; ANA(All-NipponAirlines),JAL(JapanAirlines),andBritishAirwayshave agreedtoinstalltheservicebuthaven’treleasedtheirplansatthistime. Connexion’sserviceisdistributedontheplaneviaWi-Fiorwiredconnections, dependingontheairline.Thecostwillwindupbeingabout$30to$35per flightforeighthoursorso,andpossiblylessforshorterflights.
TenzingCommunications Tenzing(www.tenzing.com)offersamoreaffordable,butmorebandwidthlimitedservice—only128Kbpsperplane—thatit’sresellingthroughVerizon Airfoneandothers. TheTenzingserviceallowsanunlimitednumberofemailsofupto2Keach perflightfor$15.95.Eachkilobyteabove2runsyou10cents.Mostemail messagesareseveralkilobytes,butyoucanusuallygetthegistofamessagein afewhundredwordsfornon-HTMLemail. Worse,youmustusespecialWeb-basedsoftwaretoaccessyouremail,and youmustprovidetheservicewithyourconnectiondetails,suchasmailserver, accountname,andpassword.Theserverthenusesaproxytoretrieveyour emailwhileyouwait.Travelerswhouseencryptedconnections(virtualprivate networks,SSH,orSSL)willbeunabletousethisservice. UnitedAirlineshascommittedtoinstallingitonallitsdomesticplanes.
355
29
ConfiguringWISPSoftware
AgreatadvantageofWi-Finetworksisthatusingthemissosimple:aonetimeconfiguration,maybeaclickortwo,andyou’reon.Atleastthat’strueof networksthatindividualssetupinhomesandsmalloffices.Butwhenyouuse publicspacenetworksinhotspots,you’reforcedtonavigatethroughcaptive portalpagesandsign-upscreensinwhichyouenteraccountinformation,credit carddetails,orone-timescratch-offusagecardcodes. Couldn’titbeeasier?Sure.Butsincethataccountinformationisnecessary, insteadofusingcaptiveportalpages,youmustinstallsoftwareonyourlaptop orPDA.SeveralwirelessISPsandserviceaggregators—seetheprevious chapter—offerserviceacrossmanyWi-Finetworks,andtheyuseasoftware programtoestablishtheconnectionandprovideyouraccountinformationin theappropriateformat. NOTE WeexpectthattheintegrationofcellulardatanetworksandWi-Fimayresult inyouusinganidentificationmodulethatallowsyoutobypassanyloginand potentiallyanyspecialsoftware.NokiahasalreadydemonstratedPCCardsthat usethemodulethatGSMphonesrelyontoactivateaphoneandbillauser.
Aspecialsoftwareprogramisnecessarybecausetheprocessbehindthescenes forbillingandauthentication(checkingthatausernameandpasswordare valid)issoincrediblyvariedamongtheWISPnetworksthatit’smuchsimpler tobuildtherulesintoaprogramthantosetupacomplexback-endsystem thatcouldsomehowmeettheneedsofmanyWISPs.
358
TheWirelessNetworkingStarterKit
Acustomprogramisn’tnecessarilyaconsumerbenefit;infact,itincreases thehasslefactorbecauseyouhavetolearnandmanageyetanotherpieceof software.However,theWISPs—theoneswhoareresellingaccesstomany differentnetworks—likeitbecausetheycansplashtheirownlogosallover thesoftware,hidingthefactthattheydon’tactuallyownorrunthelocations you’reconnectingto.Thetrendisformoreofthesepackagestoappear,as morecompaniesstartresellingWi-Fiserviceonhotspotnetworksthatthey haven’tbuilt. NOTE Whenthesepackagesarerunning,theytypicallydisabletheoperatingsystem’s owncontroloverawirelessnetwork.InWindowsXP,forinstance,expectto seeallkindsofSystemTrayballoonsappearwhenyourun,configure,orexit aWISPapplication.
NOTE It’spossibletohaveseveralofthesepackagesinstalledatthesametime,but someofthemconflict:afewfirmsarewritingsoftwareforoperators,andyou canofteninstallonlyasingleversionoftheunderlyingsoftwareatatime.
BoingoWireless BoingoWirelesswasthefirstWi-Fi–onlynetworkaggregator,andaswe writethis,thecompanyconnectsitsuserstoover2500locationsintheU.S. WewritemoreaboutBoingoanditsnetworkinChapter28,FindingWi-Fi ontheRoad. Boingo’spackageisoptimizedaroundmaintainingprofilesfordifferentlocations, becauseitassumesthatmanyWi-Fi–totingtravelerswillhaveoffice,home, friend,colleague,andrandomconnectionsinadditiontothepaidnetwork connectionsthatBoingomanagesforthem. Togetstarted,downloadtheBoingoclientsoftwarefromwww.boingo.com/ download.html.YoumustalsosetupaBoingoaccount.Atthiswriting,you cansetupanaccountwithoutpayingasetupfee.BecauseBoingo’sprofile managementissogood,wesuggestusingBoingo’ssoftwareinsteadofWindows XP’sbuilt-inclientsoftware. NOTE Wecoverversion1.3oftheWindows98SE,Me,2000,andXPsoftwarehere, butBoingoissuesnewreleasesquitefrequently.BoingohaspromisedaMac OSXclientforsometime,andthecompanystillexpectsittoappearin2003. ChecktheBoingoWebsiteforupdates.
Chapter29 | ConfiguringWISPSoftware
WhenyouruntheBoingosoftwareforthefirsttime,you’repromptedforyour accountinformation,afterwhichyoucanstartconfiguringtheclient.
SettingUpaConnection YoushouldstartwiththeBoingoclientbyselectingMySignalProfilesfrom theProfilesmenu.ThedefaultsetupshowstheBoingonetworkconnection, whichletsyouconnecttoanyBoingopartner,andanOtherSignalsprofilefor unconfigurednetworks—turnedoffbydefault(Figure29.1). Figure29.1 MySignalProfilesin theBoingoclient.
Let’sstartwithaddingaprofileforyourhomenetwork. 1. ClickAddtoopentheProfileEditordialog,whichpresentsyouwithfour
tabs. 2. IntheNetwork(SSID)field,enterthenameofthenetworkorclickBrowse
toviewlocallybroadcastingnetworks.Ifyournetworkisclosed,check DoesNotBroadcastItsSSID(Figure29.2). Figure29.2 Choosingyour networkinthe ProfileEditordialog.
359
360
TheWirelessNetworkingStarterKit 3. Ifyournetworkisprotected,clicktheWEPKeytab,checkWEP
Encryption,andclicktheIProvidetheWEPKeyDataradiobutton. EnterthekeyintheDatafield.Formoreoptions,suchaschoosingbetween ASCIIorhexadecimalkeys,checkAdvanced(Figure29.3). Figure29.3 SettingWEPoptions intheProfileEditor dialog.
4. ClicktheAutoConnecttab,andthenselecthowthisprofileisactivated:
asanoption(Offer),automaticallyifyou’renotconnected(Connect),or automaticallyevenifyou’reconnectedtoanothernetwork(Switch).You canalsohavetheBoingoclientrunaprogramlikeaWebbrowserafter connecting(Figure29.4). Figure29.4 Configuring connection preferencesinthe ProfileEditordialog.
TIP ForthepresetBoingoprofile,theonlysettingsyoucanchangeareintheAuto Connecttab.
5. IntheIPSettingstab,youcanchoosebetweenusingastaticIPaddress
orthemorecommonDHCPoption(Figure29.5). 6. ClickOKtoclosetheProfileEditordialogandsaveyourchanges.
Chapter29 | ConfiguringWISPSoftware
Figure29.5 ConfiguringIP settingsinthe ProfileEditordialog.
7. SelectaprofileandclicktheupordownOrderarrowstochoosetheorder
inwhichtheAutoConnecttab’soptionsarecarriedout. TIP IfyouplantouseBoingoexclusivelytomanageyourwirelessconnections, selectPreferencesfromtheProfilesmenu,clickAdvanced,andcheckLaunch BoingoWhenMyComputerStarts(Figure29.6). Figure29.6 SettingtheBoingo clienttolaunch automaticallyat startup.
ConnectingandDisconnecting ClicktheAvailableSignalslinkintheleftnavigationbarofthemainBoingo screentoseeanyactivenetworks,includingthoseyou’veconfigured.You canselectoneandclickConnecttoconnecttoit,dependingonyourAuto Connectoptions.ClickDisconnectinthelowerrightcornertoseveranetwork connection. TheBoingoclientalwaysdisplaysthesignalstrengthoftheconnectednetwork atthebottomofthescreen,whileAvailableSignalsshowsthesignalstrength ofallnetworksinyourvicinity.
361
362
TheWirelessNetworkingStarterKit
TIP YoucanselectPreferencesfromtheProfilesmenuandclickAdvanced,and thenclickRenewtotelltheDHCPserveryouwantanewIPoryourcurrent IP’sleaseextended.
MyVPN BoingooffersaVPNconnectionthattunnelsencryptedtrafficleavingand enteringyourcomputerallthewaytoBoingo’snetworkoperationcenter(NOC) farawayontheInternet.ThisVPNprotectsyourdataslightlylesswellthan anend-to-endVPNthatterminatesatyourcompany’snetworkbecauseyour trafficisexposedwhenitleavesBoingo’sNOC.Itdoeseliminatelocalsniffing andsnooping,andweconsiderthelikelihoodofamalefactorgainingaccess toyourinformationasittravelsfromBoingo’sNOCtoyourdestinationvery, veryunlikely. NOTE Currently,theMyVPNserviceisfree,althoughBoingoexpectstochargea feeforitatsomepoint.
TouseMyVPN,selectMyVPNfromtheProfilesmenu.Itrequiresno configuration;yousimplyclickConnect,orchecktheboxbeneaththeConnect buttontoalwaysuseaVPNatBoingolocations(Figure29.7). Figure29.7 TurningonMy VPN.
OtherOptions TheBoingoclientsoftwareservesafewotherusefulfunctions.
• FindingLocations.Boingofrequentlyaddsnewlocationstoitshotspot
network,andtheBoingoclientsoftwarecanhelpyoufindthem.Click FindALocationtosearchBoingo’sfrequentlyupdatedlistoflocations (Figure29.8).
Chapter29 | ConfiguringWISPSoftware
Figure29.8 FindingBoingo locations.
TIP ConfigureBoingotoretrievedirectoryupdatesautomaticallybychoosing PreferencesfromtheProfilesmenuandconfirmingthatoneofthefirsttwo optionsischosenunderDirectoryUpdates.
• MaintainingAccountInformation.Ifyouwanttomodifyyouraccount
details,includingbillinginformation,clickBoingoAccountandthenlog in.BoingoencapsulatesaWebpageinsideitsinterface;youcanalsomake thesechangesdirectlyviathecompany’sWebsite.Inthisbillingarea,you canchangeyourbillingaddress,yourpaymentplan,andyourcreditcard information.
• TroubleshootingTools.TheBoingoclient’sDetailsmenufeaturesfour
optionsfortroubleshooting.AvailableSignalDetailsshowsspecificsof networksinthearea,providingroughlythesamefeaturesasastumbler tool.SignalPerformancetracksradiostrengthovertime,whichmightbe helpfulwhentrackingdownsignalstrengthproblemsonyourownnetwork. ConnectionHistoryshowswhenyou’veconnectedorfailedtoconnect. And,finally,SystemInformationoffersdriverandnetworkdetails.
iPass iPasscallsitselfapremium,worldwide,corporateaccessprovider.Translatedfrom marketing-speak,thismeansthatthecompanyusesanetworkofISPstooffer arangeofInternetservices,includingdial-up,wiredbroadband,wireless,anda Japan-specifictechnology,tohugecompanieswithfleetsofroamingusers.We describeiPassmorespecificallyinChapter28,FindingWi-FiontheRoad. ThebasicnotionbehindiPassisthatasyouwanderthiswideglobeofours, you’relookingforserviceintheplaceyou’reat—asensibleconclusion.Asaresult, iPass’sclientsoftware,iPassConnect,isdesignedtohelpyoufindsomewhere youcangetInternetaccessandthenmakeaconnection.
363
364
TheWirelessNetworkingStarterKit
NOTE iPass’sclientsoftwarecanvarydependingonwhetheryoupurchasedaccess througharesellerdirectlyasanindividual,andarethususingthegeneric versionofiPassConnect,oryouworkforafirmthathadiPasscustomizethe interfaceorenforcespecificpoliciesviasoftware(suchasonly30-minute sessionsor“mustuseaVPN”).Inthischapter,wecoverthegenericeditionof iPassConnect3forWindowsandiPassConnect2.3forMacOSX.
Windows TheWindowsversionofiPassConnect3worksunderWindows98SE,Me, NT4,2000,andXP.
ConnectionSettings ChooseConnectionSettingsfromiPassConnect’sSettingsmenutoconfigure thedetailsforyourconnectionsineachoffourtabs:General,Dialup,ISDN, andWireless.
• General.Chooseprogramsyouwanttolaunchafteraconnectionismade (Figure29.9).
Figure29.9 iPassConnect’s Generalsettings.
• Dialup.Yourmodemshouldalreadybechosenhere,andyoucanconfigure redialoptions(Figure29.10).Sure,thisisabookaboutWi-Fi,butyou stillmightneedtouseyourmodem,particularlywhentravelinginplaces whereWi-Fiisscarce!
• ISDN.ToU.S.readers,theideaofconnectingtoISDNatanarbitrary locationmayseemodd,sinceISDNintheU.S.requiresaspecialcircuit andaspecialadapter.InplacesoutsideNorthAmericawherehigh-speed servicehaslaggeduntilrecently,ISDNismorecommonlyavailable.
Chapter29 | ConfiguringWISPSoftware
Figure29.10 iPassConnect’s Dialupsettings.
• Wireless.Chooseyouradapterandthepowermode.iPassConnectlets
youdefineonenon-iPassnetwork,suchasyourlocalnetwork,under PersonalWirelessSettings(Figure29.11).Entertheusualconnection details:SSIDandWEPkeysifyouuseencryption.
Figure29.11 iPassConnect’s Wirelesssettings.
MakingaConnection iPassConnect’smainscreenletsyousearchforlocationsthatarepartofthe iPassnetwork(Figure29.12). TIP SelectLoginInformationfromtheSettingsmenuandchooseyourDefault Countrytohavethesearchalwayspre-fillthatfield.
Inthisexample,we’retravelingtoNewHampshireandwanttoseewhat’s available.Becausewedidn’tnarrowthesearchtoaspecificcity,wecansee thatiPassoffers144phonenumbers,73ISDNnumbers,1wiredbroadband location,and2wirelesshotspotsfortheentirestate.
365
366
TheWirelessNetworkingStarterKit Figure29.12 Findinglocationsin iPassConnect.
IfwedrilldowntotheNashuaMarriottinNashua,andclickthe“i”(info) button,iPassConnectprovidesdetailsaboutthelocation,itsservice,andthe SSIDforthenetwork(Figure29.13).Thisinformationwillhelpyouplan trips,tobesure. Figure29.13 Drillingdownto seedetailsofa specificlocationin iPassConnect.
Ifyou’reactuallyinagivenlocation,youcansimplyselectthesiteandclick theConnectbutton.Thesoftwarehandlestherest.
ManagingLocations It’simportanttokeepiPassConnectanditsdial-uplistuptodate.Toupdate thelistwhenyou’reconnected,chooseUpdateiPassConnectfromtheSettings menu,andthenchooseeitherPhonebooktocheckfornewlocationsorSoftware tocheckforaprogramupdate. WheneveryouselectalocationinthePhonebooklist,youcanclickAdd Bookmarktomakeitmoreeasilyavailable.
Chapter29 | ConfiguringWISPSoftware
Macintosh iPassConnect2.3fortheMacworkswithMacOSX10.2andlater.(iPassalso makesaversionforMacOS8.6/9.xthatlooksquitesimilar.)
ConnectionSettings InMacOSX10.2.8,connectionsettingswereunavailableforconfiguration: choosingPreferencesfromtheiPassConnectmenucausedthesoftwaretoquit inourtesting.SinceyoucanconfigureyourAirPortorAirPortExtremecard andyourinternalmodemusingtheNetworkpreferencespaneinMacOSX, notbeingabletodosoiniPassConnectshouldn’tcauseanydifficulties.
MakingaConnection iPassConnect’smainscreenisdividedintotabscorrespondingtothekinds ofserviceoffered.ClicktheWirelessBroadbandtab(Figure29.14).Inthis example,we’vesearchedforlocationsinNewHampshire.Ifyouwantmore informationaboutalocation,selectitandchooseShowPOPInfofromthe Editmenu(Figure29.15). Needlesstosay,ifyoucan’tfindanywirelesslocationswhereyou’regoing,check theModemandWiredBroadbandtabsforothertypesofInternetaccess.It alwayspaystohavebackupplans! TIP Becauselocationsarefrequentlyaddedorchanged,selectUpdatePhonebook fromtheiPassConnectmenutodownloadthecurrentlist.
Toconnecttoalocationyou’reat,justselectitandclickConnect. Figure29.14 FindingWi-Fi hotspotsin iPassConnect.
367
368
TheWirelessNetworkingStarterKit Figure29.15 Gettingmore informationabouta location.
GRIC GRIC,acompanymuchlikeiPass,didn’trespondtoanumberofrequestsover thelastcoupleofyearstoprovideuswithitsWindowsorMacclientsoftware towriteabout.
SprintPCS SprintPCSisalargecellularcarrierthatstartedofferingWi-Fiservicein September2003,mostlythroughlocationsrunbyotheroperators.SprintPCS’s softwareisderivedfromtheiPassConnect3client,althoughithassubstantially feweroptions.DownloadtheWindows-onlysoftwarefromhttp://sprint.com/ pcsbusiness/products_services/data/wifi/advantages.html. TIP WhenyouinstallPCSConnectionManager,youcanchoosePCSWi-FiAccess asoneoftheseveraloptionsinthesoftware;ifyou’realsousingorplanningon usingSprintPCS’s2.5Gcelldataservice,youcanmanagethoseconnections withPCSConnectionManageraswell(Figure29.16).
Theessentialoperationisstraightforward:ifthere’sanetworkintheareathat SprintPCSresellsaccesstooroperates,youcanconnecttoit.Aswewritethis, there’saper-connectionfeewithnounlimitedmonthlyoption. TIP Youcansetupyourservicetoconnectatalltimes(andthuscontinuouslyincur newfees)byclickingtheMenuiconandthenchoosingPCSWi-Fifromthe Settingssubmenu(Figure29.17).CheckKeepBuyingMoreTime.
Chapter29 | ConfiguringWISPSoftware
Figure29.16 Choosingoptions wheninstalling.
Figure29.17 SettingthePCS Connection Managertokeep buyingmoretime.
ChoosePCSWi-FifromtheSettingsmenu toreachthedialogboxwhereyoucan checkKeepBuyingMoreTime.
Tofindotherlocations,clickFindaNetworkinthemainPCSConnection Managerscreen.IntheFindaNetworkdialog,enterpartofanaddress, includingcity,state,orZIPcode(Figure29.18). Figure29.18 Searchingfor locations.
369
370
TheWirelessNetworkingStarterKit
OtherWISPs Aswenotedatthestartofthischapter,othercellularandlandlinephone companieswillsoonoffertheirowncustomconnectionclients.Thisincludes AT&T(theparentcompany),AT&TWireless(thecellularcompany),Verizon Wireless(expectedtowardtheendof2003),SBC(alsobytheendof2003), Cingular(by2005),andT-Mobile.T-MobilehaslicensedBoingo’ssoftware. Inmostcases,thesecustomconnectionprogramswillallowyoutoconnectnot justtoWi-Finetworks,butalsoto2.5Gandeventually3Gcelldatanetworks. BecausehardwaremakersarecreatinglaptopPCCards,PDAchips,andcell phonesthatcanhandlecellandWi-Fiinasingleslotordevice,softwarethat canmanageeverytypeofconnectionwillbecomeincreasinglyuseful.
30
UsingCellularDataNetworks AswenotedbackinChapter4,OtherWirelessStandards,cellulartelephone operatorsoffer(andwillcontinuetooffer)avarietyofmethodstoconnectto theInternetoveracellnetworkusingaPCCardoracellphone.Inthatchapter, wediscussedtheunderpinningsandtechnologythatmakeitup;here,welook atactuallyusingcelldataservice. Althoughdozensofoptionsareavailable,weexaminetwopopularones here:connectingtoGSMandGPRSnetworksviaacellphoneandusinga CDMA2000networkwithalaptopandaPCCard. Beforewegetstarted,however,youmightbeinterestedinwhatitcurrently coststosendandreceivecellulardata(Table30.1).Weexpectpricestochange constantly,butalwaysinthedirectionofbecomingmoreaffordable.
ConnectingwithGSMandGPRS ThepopularSonyEricssonT68icellphoneusesboththeGSMandGPRS standards,whicharecommoninEuropeandincreasinglyfoundintheUnited States.DatacallsmadeoveraGSMnetworkrunat9600bitspersecond(bps), whileoveraGPRSnetwork,thespeedcanrangefromabout10to50Kbps, dependingonthecongestiononthenetworkandthelocalinfrastructure. TheeasiestwaytomakeamodemcallusingtheT68iisviaBluetooth.InChapter 11,ConnectingviaBluetooth,weprovidedetailsonhowtopaircomputersand otherdevicesusingBluetooth.Asanexample,herearethestepsforpairinga T68iandaMacintosh:
372
TheWirelessNetworkingStarterKit Table30.1
ComparisonofU.S.cellulardataplansasofNovember2003 Operator
PlanorFeature Add-On
Flavor
Speed (Kbps)
Monthly Fee
Included MB
Priceper ExtraMB
AT&T Wireless
MobileInternetPC Cardadd-on
GPRS
10–50
$79.99
Unlimited
None
WirelessInternet add-on†
GSM
9.6
$3.99
Uses minutes
n/a
WirelessInternet Expressadd-on†
GPRS
10–50
None
None
$30
SprintPCS
PCSVision
1xRTT
50–70
$40– $100
20to300
$2
T-Mobile
T-MobileInternet add-on
GPRS
10–50
$29.99
Unlimited
None
NationalAccess Megabyte
1xRTT
50–70
$39.99– $59.99
20to60
$2–$4
Unlimited NationalAccess
1xRTT/ 1xEvDO
50–70
$79.99
Unlimited
None
Unlimited BroadbandAccess*
1xEvDO
300– 500
$79.99
Unlimited
None
Cingular
Verizon Wireless
†NoPCCardrequired;canworkjustwithcellphone.*AvailableinonlySanDiegoandWashington,D.C.,atthis writing,butexpectedtoexpand.IncludesUnlimitedNationalAccessinareaswithout1xEvDO.
1. WorkingontheT68i,pressthemenutoggletoreachtheiconmenu. 2. NavigatetotheConnectionitemandselectit,orpress8(Figure30.1). 3. ChooseBluetoothfromtheConnectmenu,orpress3(Figure30.2). 4. ChooseDiscoverablefromtheBluetoothmenu,orpress1(Figure30.3).
Thephoneshowsthatit’sdiscoverablebyshowingaleft-pointing-arrow nexttotheBluetoothicononthemainscreen(Figure30.4). 5. OntheMacintoshthatwillusethephoneasadatadevice,startthe
discoveryandpairingprocessdescribedinChapter11,Connectingvia Bluetooth.Basically,youruntheBluetoothSetupAssistant,walkthrough thestepstofindthephone,andenterapassphrase.Thenyouenterthat samepassphraseonthephonewhenprompted. TIP WefinditdifficulttoenterlettersandsymbolsintheT68i’spassphrasemenu, whichhideswhatyou’retyping.Wejustuseanumbersequenceinstead.
Chapter30 | UsingCellularDataNetworks
Figure30.1to30.6 Makingthe Bluetooth connection.
Bluetoothicon
6. Althoughit’snotstrictlyrequired,maketheT68iphonediscoverandpair
tothecomputer,too,asithelpsifyoulaterwanttosynchronizeoruse otheradvancedfeatures.Workingwiththephone,returntotheConnect menu’sBluetoothmenuandchooseDiscover. Thephonedisplaysdiscoverabledevices(Figure30.5). 7. Chooseyourcomputerandexchangepassphrases(Figure30.6).
Withthephoneandcomputerpaired,youcannowsetupyourcomputerto makemodemcallsusingtheBluetoothconnection.Here’showtosetthisup andmakeaconnectionwithMacOSX: 1. OpenSystemPreferencesandclickNetworktoopentheNetworkprefer-
encespane. 2. ChooseUSBBluetoothModemAdaptor(sic)fromtheShowpop-up
menutodisplaytheUSBBluetoothModemAdaptorconfigurationscreen (Figure30.7). TIP Ifyoudon’tseeUSBBluetoothModemAdaptorasamenuitem,choose NetworkConfigurationsfromtheShowpop-upmenuandchecktheboxnext tothatadapterinthelist.
TIP MacOSXlistsaninternalBluetoothcardfoundinaPowerMacorPowerBook asaUSBBluetoothModemAdapter.
373
374
TheWirelessNetworkingStarterKit Figure30.7 Configuringthe Bluetoothmodem settings.
3. Setupyourmodemconnectionjustasyouwouldanydial-upconnection.
Forthemostpart,allyoushouldhavetodoisenteryouraccountinformation andISP’sphonenumberinthePPPtaboftheUSBBluetoothModem Adaptorconfigurationscreen. 4. Toestablishaconnection,chooseConnectfromthePhonemenuicon
(Figure30.8),usetheInternetConnectapplication,or,ifyouhaveset theconnectiontoconnectautomaticallyonrequest,justlaunchanInternet programandconnecttoanInternetserver. Figure30.8 Connectingtoyour Bluetoothphone.
NOTE SettingupaWindowsmachineisjustaseasy—useDial-UpNetworkingand treattheBluetoothconnectionlikeanyothermodem.
Chapter30 | UsingCellularDataNetworks
WithGSMservice,youdialintoyourownISP:thecellphoneactsasamodem relay,lettingyourcomputeressentiallydialamodeminacellcompany’sphone closetsomewhere—really!WithGPRSservice,however,thecellcompanyis yourISPandshouldhaveprovidedyouwithspecificnumbers(oftenincluding asterisksandoddlettersandnumbers)andaccountinformation.Contactthe cellcompanyifyou’vesubscribedtoacelldataservicebutlackthosedetails. NOTE WhenyouconnecttotheInternetinthisway,you’veactuallygonewireless intwoways:BluetoothtothephoneandcellularwirelessouttotheInternet! Talkaboutwirelessgoodness.
ConnectingwithCDMAandCDMA2000 SeveralU.S.celloperatorsthatrelyontheCDMAprotocolsfortheircellular networksoffer1xRTTservicethatcanprovideabout50to70Kbpsofreal throughputinareasofthecountrythathavedecentcellservice.Peopletraveling thecountryinRVshavepickeduponthisbecauseoftheirlackofproximityto phonelinesformakingcallsorconnectingtotheInternet. InWindowsXP,wesetupaCDMAcardfromVerizonWireless:theSierra WirelessAirCard555(Figure30.9).Thecardsupportsboththefaster1xRTT serviceandaGSM-likedial-upservicethatrunsat14.4Kbpsorslowerwhere 1xRTTisn’tavailable. Figure30.9 TheSierraWireless AirCard555.
NOTE SierraisthedominantproviderofCDMAPCCards,andthecompanyoffers onlyWindowsdriversforitsPCCards.There’sacrypticnoteontheSierra WebsitethatsaysthecompanycouldofferMacOSXsupportifApplemakes acoupleofunspecifiedchanges.Keepyoureyespeeled.
375
376
TheWirelessNetworkingStarterKit
Normally,we’dguideyouthroughstep-by-stepinstructionsforinstalling driversandconfiguringtheunit.However,Sierrahasdoneafantasticjobof providingdetailed,usefuldirectionsforensuringitscard’sdriversworkunder Windows95,98,Me,2000,andXP,andyoushouldfollowitsinstructions. ForWindowsXP,inbrief: 1. IfyouhavetheVenturiWebaccelerationpackageonyourmachine,
uninstallitbeforeproceeding. 2. InstallSierra’ssoftwarebeforeinsertingtheAirCard555. 3. InsertthecardandselectSierra’sspecificdriversfromtheCD-ROM.We
knowthissoundsalittlestrangesinceyou’vejustinstalledSierra’ssoftware onyourhardware,butit’swhatthecompanysuggestsanditworks.We’re assumingWindowsXPpicksthewrongdriver. 4. InstalltheVenturiWebaccelerationsoftware,whichisonthesameCD-
ROMprovidedbySierra. OncetheSierrasoftwareanddriversareinstalled,launchAirCard555Watcher andenteraccountinformationprovidedbyVerizon,suchasthephonenumber andanactivationnumber.ChooseActivationWizardfromtheToolsmenu andfollowtheinstructions,whichmayrequirecallingVerizonWireless. WiththeAirCard555,youhavetwooptionsintheDatatab:ExpressNetwork (1xRTT)andtheslowerQuick2NetSM(14.4Kbps).Dependingonwhich serviceplanyouhave,youmightchooseoneovertheothertoreducecosts; also,thefasterspeedwillnotalwaysbeavailable. TIP Ifyou’veenabledvoicecallingontheAirCard555andpluggedaheadsetinto thecard’saudiojack,youcanmakecallsfromyourlaptopaswell.Configure theappropriateoptionsintheVoicetab.
Toconnect,yousimplyclickConnectintheAirCard555Watchersoftware andthecardnegotiatestheconnection(Figure30.10).Inourtestingofthe AirCard555andVerizonWireless’sservice,wedidn’tfindanythingmore complexthanthatConnectbutton,whichchangestoDisconnectwhena connectionisactive.WhenyouclickDisconnect,WindowsXPshowsthat theconnectionhasbeensevered(Figure30.11). EvenfromGlenn’soffice,whichhasaconcretewallonthesidethatfaceswhere thebulkofSeattle’scelltowersarelocated,servicewasreliableandfast.He usedhisISP’sspeedconnectiontesttoseewhatkindofthroughputhecould
Chapter30 | UsingCellularDataNetworks
Figure30.10 Connecting withtheAirCard software.
Figure30.11 Windowsalertwhen youdisconnect.
expectinthispoorwirelessenvironment,anddiscoveredthattheAirCard555 offered46Kbpsfordownloadsand61Kbpsforuploads(Figure30.12).You couldseebetterperformancewithbettersignalstrength:thetopspeedofthe AirCard555istheoretically144Kbps,butevenVerizonWirelesspromotes only50to70Kbps. Figure30.12 Checking1xRTT’s actualperformance inaconcrete-lined room.
377
31
PreppingfortheRoad
IfyouwanttoconnecttotheInternetwirelesslywhiletraveling,searching forwirelessnetworksthatyoucanusewhileenrouteandatyourdestination isthemostimportantpreparationyoucando(andwecoverthedetailsabout thatinChapter28,FindingWi-FiontheRoad),butyoushouldalsogathera numberofotherpiecesofinformation,whichwediscussinthischapter.Plus, youshouldmakesureyourlaptopisreadytogo;weoffersomeadviceonthatas well.Failingtoprepareaheadoftimewon’tnecessarilypreventyoufromusing awirelessInternetconnectionwhileyou’reaway,butyoumayhavetospenda longtimedownloadingandconfiguringsoftware,orfussingwithotherthings whenyoucouldbeconcentratingonthepurposeofthetrip.
AccessAccounts Mostofthefor-feenetworkswediscussearlierinthissectionrequireaccounts forevencasualaccess,andanumberofthemrequirethatyouusecustom software.Some,suchasBoingo,offerafreedownloadoftherequiredsoftware alongwithfreeaccountsetup.Youpayfeesonlywhenyouoptintoaservice sessionorasubscriptionplan. Butthesedownloadsarelarge,andsigningupforanaccountcanbeannoying whenyou’retryingtomakeaquickconnectiontopickupanimportantemail message.Werecommendsettingeverythingupinadvance:downloadand installthenecessarysoftware,loginandcreateaccounts,andevensignupfor serviceplansifyouthinkyou’llneedthem.
380
TheWirelessNetworkingStarterKit
TIP Ifyou’reworriedaboutforgettingyourusernameandpassword,writethem down,butkeepthepaperinasafeplace.Rememberthatmostpasswordsare stolenbecausetheywerewrittendown.
Email Themostfrustratingaspectofemailontheroadissendingrepliesandnew messages.Thefrustrationstemsfromthefactthat,inordertopreventaspammer fromhijackingtheiroutboundmailservers,manycompaniesandISPshave severelyrestrictedhowyoucansendemailthroughtheirservers. Unfortunately,there’slittletechnicaldifferencebetweenwhataspammerdoes tohijackamailserverandwhatyoudowhenyouconnecttosomerandom wirelessnetworkandthentrytosendemailthroughyournormaloutgoing mailserver.(Inbothcases,theactioniscalledrelaying,andalmostallsensibly configuredmailserversnowrefusetodounrestrictedrelaying.) Thereareanumberofwaystoworkaroundthisproblem,allofwhichyou shouldconsiderbeforeyouhittheroad.It’salwaysimportanttotestsuch changesbeforeyouleave.
• Changeyourmailserver.OnecommonwaythatISPsrestrictoutgoing
mailisbypreventingtrafficfromleavingtheirnetworkonport25,which isthestandardSMTPport.Thisdoesn’tbothertheISP’scustomers whoconnectdirectlytotheISPbecausetheyusetheISP’slocalSMTP server,butitoftenprovesaproblemfortravelerslookingtomakeaquick connectionviaawirelesshotspot.Oneworkaroundistoresettheoutgoing SMTPserversettinginyouremailprogramtousethehotspot’slocalmail server(oftensmtp.example.com,ormail.example.com,whereyoureplace example.comwiththeISP’sdomain).Unfortunately,publichotspotsoften don’tallowaccesstotheirSMTPserversatallorevenblockport25on thelocalnetwork,forcingyoutotryanotheroption.
• ISPWebmail.ManyISPsofferadirect,Web-basedemailinterfacethat
letsyouavoidthewholeissueontheroad.ByusingaWebmailclient toreadand/orsendyouremail,youlosethebenefitofworkinginyour normalemailprogram,andyoucanworkonlywhenyou’reconnectedto theInternet.ButbecausetheWebmailprogramislocatedonyourISP’s computer,itcansendemailthroughtheISP’sSMTPserverwithno trouble.OnebenefitofusinganISP-basedWebmailclientisthatitworks
Chapter31| PreppingfortheRoad
onyourexistingmailboxontheISP’sserver,makingiteasytointegrate whatyoudointheWebmailclientwithyourmainemailprogramwhen youreturn. NOTE MostWebmaildoesn’tuseSSL,whichmeansyouremailissentintheclearas youreadit.Ifyou’reconcernedaboutthat,readChapter26,SecuringData inTransit.SomeWebmailallowsanSSLsign-intoprotectatleastyouruser nameandpassword.
• GenericWebmail.Anumberofindependentservicesletyouretrieve
yourexistingemailviaaWebmailclient.TheseWebmailprogramsuse yourPOPaccountinformationtoretrievethemailbehindthescenes,after whichtheypresentittoyouwithaWebinterface.Manyoftheseservices letyousetyourreturnaddresstoyourrealemailaddress,nottheoneyou useontheservice,sorepliesgotoyourcorrectmailbox.Mostofthese serviceshavefreeoptionswithseverelimitsonstorage,andtheyaddtheir ownadvertisementsortaglines;forasmallfee,yougetmorestorageand noads.WehighlyrecommendFastMail(www.fastmail.fm),whichoffers asecureloginusingSSLsothat(perournoteabove)yourentiresession isprotected,notjustyourlogin.
TIP Ifyouhavemail-forwardingserviceatyourISP,youcouldforwardyourmail directlytoyouremailaddressatyourWebmailservicewhileyou’reonthe road.
• POPthensend.SomeISPsletyousendoutboundemailonlyafteryou’ve
retrievedemailfromyourPOPaccount.RetrievingemailviaPOPopens awindow—typically30minutes—duringwhichtheISP’smailserverwill acceptemailfromthenetworkyou’reusing.We’vefoundthisapproach slightlyproblematicinpractice,becauseitsometimesrequiresmultiple POPretrievals,andthenwaitingafewminutes.Althoughthefeatureis notuniversal,anditisonthewaneduetospammersfiguringoutwaysto exploitit,manypopularemailprogramssupportcheckingaPOPaccount beforeattemptingtosendmail.
• AuthenticatedSMTP(SMTPAUTH).Anincreasingnumberof
mailserverspreventunauthorizedpeoplefromsendingthememailvia atechniquecalledAuthenticatedSMTPorSMTPAUTH.Tobeable tosendemail,youremailprogrammustauthenticateitselfwithauser nameandpassword(notnecessarilythesameasyourPOPaccount),after whichyoucansendemailthroughthatserver.SMTPAUTHcanencrypt
381
382
TheWirelessNetworkingStarterKit
yourusernameandpasswordsoitcan’tbesniffed,anditcanencryptthe contentsofoutgoingemail,dependingonyourclientandhowtheserveris configured;seeChapter26,SecuringDatainTransit,formoreinformation aboutSMTPAUTH. NOTE AuthenticatedSMTPisprobablythebestsolution,assumingyourmailserver andemailprogrambothsupportit.Again,setitupandcheckbeforetraveling. OneproblemyoucanrunintoisthatsomeISPsblockalltrafficfromtheir networksonport25,theportusedbySMTP,whichpreventsyoufromsending toanymailserverotherthantheirown.Amailadministratorcanbypassthis forroamingusersbysettingthemainoranalternatemailserverinbound porttoadifferentportnumber,either587,whichisstandardasasecondary SMTPport,oranotherportnumberabove1024.
• Extendedtransmit(XTNDXMIT).ThePOPprotocolisusedfor
retrievingmail,butithasanoption,calledXTNDXMIT,thatenables youtosendmailviaPOP,too.AlthoughXTNDXMITletsyouavoid theproblemswithsendingmailwhileusingrandomwirelessnetworks, supportforXTNDXMITissporadicbothinemailprogramsandinmail servers,soaskyourISPifitsupportsXTNDXMIT,andlookinyour emailprogram’soptionsforacheckboxtoturniton.We’vehaderratic resultswithXTNDXMIT,sowerecommendthatyoutestitwithyour setupbeforeyouassumeitwillworkwhileyoutravel.
• Secureshell(SSH)tunneling.Ifyouusethetechniquewediscussin
Chapter26,SecuringDatainTransit,tocreateencryptedSSHtunnels, thenyoucanusuallysendemaildirectlytoyournormalmailserver.The SSHtunnelfoolsyourmailserverintothinkingyou’refromthesame machinethat’srunningthemailserver,thusbypassingtheremoteproblem entirely.
• Virtualprivatenetwork(VPN).Ifyou’reusingaVPNclienttoconnect
toyouroffice,thenyoushouldn’thaveanydifficultysendingemail.The VPNauthenticatesyoutoyourhomenetworkandencryptseverything yousend.
Files Everyonetriestobringthefilestheyknowthey’llneed—presentations,reports, demonstrationsoftware,andsoon—whentheytravel,butatonetimeoranother, everyonefindsthemselvesmissingimportantfiles,eitherduetoforgetfulness orsheermischance.Evenworseiswhensomethinghappenstoyourlaptop,
Chapter31| PreppingfortheRoad
orwhenyouarriveanddiscoverthatyoucanneitherconnectyourlaptoptoa necessaryprojectornorcopyyourpresentationfromyourlaptoptothecomputer thatcanconnecttotheprojector. Fortunately,withjustalittleforesight,youcanmakesurethesesituationsdon’t leaveyoufuminginanger.Besuretotestthemethodswedescribebeforeleaving town,especiallyfromanotherconnection,toensurethatotherwisereasonable securitymeasuresdon’tpreventyoufromaccessingthefilesyouneed.
• IPfileservers.Manyfileservers,includingthebuilt-infilesharingsoftware
inWindows,MacOS9,andMacOSX,letyouconnecttothemdirectly overtheInternet.However,systemadministratorsoftenlockdownaccess tofileserversfornon-localusers,somakesureyouhaveawayin,andif themachineyouneedtoaccessisbehindaNATgateway,makesurethe appropriateportforwardingisinplace.
• FTP,Web,andWebDAVservers.IfyouhaveanISPaccountanywhere, oraccesstolocalservers,youmaybeabletouploadpotentiallyusefulfiles forlateraccessviaFTP,WebDAV,ortheWeb.
• TimbuktuPro.BothofususetheTimbuktuProfileexchangeandremote controlsoftwarefromNetopia(www.netopia.com)tocopyfilesandcheckon softwarerunningonourlocalsystemswhileontheroad.Itworksacross MacandWindows.Therearealsootherremotecontrolapplicationswith filetransfercapabilitiesavailable,thoughnonethatworkwithboththe MacOSandWindows.
• Onlinestorage.Ifyou’reaMacuser,youcansignupfor.Mac(www.mac.com), Apple’spaidWebservicessite,for$100peryear..Macincludes100MB ofonlinestorage,whichyoucanaccessdirectlyfromaMac,orviathe WebFoldersfeaturebuiltintorecentversionsofWindows.(Seethe iDiskpageon.MacforinstructionsonaccessinganiDiskfromdifferent platforms.)Otherservicesofferabout1GBofstorageforroughly$30per month,includingXdrive(www.xdrive.com),theIBackupdivisionofPro Softnet(www.ibackup.com),andMyDocsOnline(www.mydocsonline.com). TheseservicesareaimedatWindowsbutsupportMacOSXthrough WebDAV.
• Emailyourself.IfyouuseoneoftheWebmailmethodsdiscussedpreviously inthechapter,consideremailingyourselffilesyoumightneed.Ifyourmail isaccessibleviaaWebmailclient,youcanthendownloadthemusinga Webbrowseronanyothercomputer.
383
384
TheWirelessNetworkingStarterKit
TIP Ifyousetyouremailclienttoleavemessagesoveracertainsizeontheserver, youcankeepfilesthatyou’veemailedtoyourselfontheserverevenifyou checkemailbeforeyouneedthem.
BackingUp It’seasytocreatecriticalnewinformationwhileontheroad,andbeingaway fromyourregularbackupsystemmakesitalltoolikelythatyouwouldlose importantdataifsomethingweretohappentoyourlaptop. Werecommend:
• Backupbeforeyouleave.Makeafullbackupofyourlaptopanddesktop computerrightbeforeyouleave.Thatway,evenifyourlaptopisstolenor broken,youcanrestorefilestoanewlaptopwhenyoureturnhome.
• Sendfileshome.Allthemethodsofretrievingfileswhileontheroad
(discussedearlierinthischapter)aregreatwaystopushfilesbacktoa secureplace.
• BurnaCDorDVD.ManymodernlaptopshaveCDorevenDVDburners. Packafewblankdiscs,andthenbackupcriticalnewinformationtothem. It’sbesttostoresuchbackupdiscsinabagotherthanyourlaptopbag, ofcourse,sinceit’smorelikelythatathiefwouldstealyourlaptopbag thanyoursuitcase.Youcouldalsobringself-addressed,stampedmailing envelopeswithyouandsendbackupdiscshomeviathepostalservice. That’sanespeciallygoodideaifyou’recreatingirreplaceabledata,asis truewithmostphotos,forinstance.
• UseaUSBRAMdrive.YoucannowbuytinyUSBRAMdrivesthatfit
onyourkeychain.Theyuseflashmemoryandcheaplyofferupto1GBof space.Betteryet,whenyouplugthemintotheUSBportoneitheraMac oraPC,theymountjustlikeharddrives.SincetheseUSBRAMdrives aresmallenoughtoputinyourpocket,evenifyourlaptopdisappears whileyou’renotwatching,youcanstillhaveyourcriticalnew(andold) fileswithyou.
• Usearemotebackupprogram.Somebackupprograms,includingDantz Development’spowerfulRetrospect(www.dantz.com ;availableforMacand Windows),letyoubackuptoanFTPserverorotherremoteserver.
Betterstill,foranydatathat’strulyimportant,makemultiplebackupsusing differentmethods.
Chapter31| PreppingfortheRoad
VPNs AVPN(virtualprivatenetwork)solvesanumberofthesetravelingproblems bymakingitseemasthoughyou’realwaysonyourcompany’slocalnetwork. That’sonereasonthatmanybusinesstravelersaccesstheircompany’semail andfileserversviaaVPN.However,youmustmakesurethatyouhaveallthe necessaryinformationtoconnecttoyourVPNwhenyou’retraveling.Most companiesofferdial-upaccesstotheirVPNs,andalthoughyoushouldalways makesureyouhavetheappropriatenumbers,it’smuchnicerifyoucanusea high-speedwirelessInternetconnectioninstead.Westronglyrecommendthat youverifythatyoucanconnecttoyourVPNbeforeleavingonatrip,since manyVPNsrequirespecialsecuritydevicesorone-timesetupsthatmaynot existuntilyouasktohavethemsetupforyou. ThemainbugaboothatcantauntVPNusersisthatmanywirelessandother broadbandInternetconnectionsuseNAT.SomeNATgatewayscanprevent yourVPNsoftwarefromconnectingtotheoffice.Thisproblemisespecially commonwithfreecommunitynetworks. TIP ManywirelessgatewayshaveoptionstoenableVPN“pass-through”features, soifyoucan’testablishaVPNconnection,it’sworthaskingtheadministrator ifPPTPandIPsecpass-throughareenabled.It’salsoimportanttoopenthe correctportsforyourVPN;askyouradministratorwhattheyarebeforeyou leave.Seewww.smallnetbuilder.com/Sections-article49.phpformore information.
NOTE Somemanagersofpublic,for-feehotspotshavetoldusthattheyuseroutable, staticaddressestoavoidthisproblemontheirnetworks.
Unfortunately,testingVPNconnectionscanbetricky,sinceyoumayhaveno wayofknowingthelimitationsofthenetworkyou’llbeusing.Makesureyou haveyouroffice’sHelpDeskphonenumberandanytroubleshootingadvice, andfindoutwhetheranyspecialaccesspermissionorotherdetailsneedtobe settledbeforeyouleavetown.
385
32
WorkingontheRoad
UsingawirelessInternetconnectionwhileyou’reontheroadisn’tparticularly differentfromusingitwhenyou’reathomeorattheoffice.Nonetheless,we’ve runintoafewquirksovertheyearsandcanprovideusefuladvice.
ConnecttoaNetwork Toconnecttoawirelessnetwork,youmustfinditandhavethepropernetwork configuration.Ifanaccountisrequired,youmustalsoauthenticateyourself.
FindingaNetwork Evenifyoudoyourresearchbeforeleavingandthinkyouknowwhereawireless networkislocated,findingtheprecisespotwhereyoucangetaccesscanbemore difficultthanyou’dthink.Weoftenrunintodeadareasinairportterminals thathave“fullcoverage,”andwe’vebeenknowntowanderaround,dowsing withourlaptopsforwirelessnetworksnearwherewethinktheremightbea caféwithwirelessaccess. Youhavefourmainoptionsforfindinganetworkthatyouthinkisnearby,or forinvestigatingwhetheranetworkexists:
• Stumblertools.Thesesoftwareprogramssniffforlocalnetworksinyour
vicinity,andthentellyouthenetworknames,theirsignalstrengths,and ifthey’reprotectedbyWEPorWPAencryptionkeys.(See“Stumbling ontoWi-Fi”inChapter25,PreventingAccesstoYourNetwork,forafull listanddownloadlocations.)Youcanwalkaroundwithyourlaptopopen
388
TheWirelessNetworkingStarterKit
andseestrengthincreaseordecrease,whichcanhelpleadyoucloserto thestrongestnetworksignal.Bewarnedthatinsomeplaces,useofthese toolsmightfreakpeopleout,asthey’reusedbothforinnocentpurposes andbycrackers.
• Detectors.TheKensingtonWiFiFinderandtheSmartIDWFS-1are
thefirsttwoofwhatweexpectwillbeaplethoraofWi-Fidetectors:they identifyonlyWi-Fisignals,notgeneralmicrowavenoise,andindicate signalstrength.TheWFS-1isfastanddirectionalenoughtohelpyou dowseforasignal.Weexpectthissortofdeviceeventuallytohaveasmall LCDscreendisplayingnetworknames.
• Warchalksigns.Warchalking is the act of writing simple, hobo-
sign–inspiredchalkmarksthattellothersifanearbynetworkisavailable (Figure32.1).SomeWISPshavedeployedmorepolishedversionsof thechalksignsontheirstoresigns;examplesincludeFatPortoutletsand Schlotzsky’sDeli.Formoreonwarchalking(andanexplanationofthe name),seethesidebar“TheWarPrefix”inChapter25,PreventingAccess toYourNetwork.Neitherofushasseenawarchalkingsigninthewild, andthey’renotverypersistent.
• Ask.Weknowyou’reproud;soarewe.That’swhyweputthis,themost
obviousoption,lastinthelist.Butjustaswithdrivingdirectionswhen you’relost,thebetterpartofvaloristoasksomeone,perhapsinacoffee shoporcopyshop,bothofwhicharerelativelylikelylocationsforaccess. Evenifthepeopleyouaskdon’tknow,theymaybeabletopointyouin therightdirection.
NetworkSetup ThevastmajorityofwirelessnetworksautomaticallyprovideyouwithanIP addressandothernetworkdetailsviaDHCP.Becauseofthis,yourtypical on-the-roadnetworkconfigurationshouldbesettoobtainanIPaddress automatically. TIP Youcanfindinformationonconfiguringyournetworkconnectiontoworkwith DHCPinAppendixB,ConfiguringYourNetworkSettings.
AftermakingsureyourlaptopisusingDHCP,allyouhavetodoisselect thewirelessnetworkthat’sinrange,andyourmachineshouldautomatically negotiateanIPaddressandgiveyoufullnetworkaccess.
Chapter32 | WorkingontheRoad
Figure32.1 Awarchalkingsign.
TIP VirtuallyallpublicnetworksareWEPandWPAfreetoavoidcomplicatedlogin procedures.SinceneitherWEPnorWPAprotectsdatafromotherpeoplewho havethesamenetworkkey,they’reuselessinpublicnetworks,anyway.(With WPA,thekeyislessobvious,butwhenshared,justaseasytousetodecode thewholenetwork’straffic.)
LoginAccess Somepublicwirelessnetworksrequirethatyounavigatepastacaptiveportal pagebeforeaccessingthenetworkfromanyInternet-capableapplication.Fire upaWebbrowser,trytovisitanyWebpage,andthecaptiveportalpagewill promptyouforagreementtoacontract,yourlogininformation,and/orcredit cardpaymentdetails. Inplaceswhereyoupaybytheday,likehotels,figuringouthowtopayforaccess canbetricky.Normallythecaptiveportalpagehandlesthetransaction,but inatleastonehotelAdamhasstayedin(theParamount,inNewYorkCity), youhadtocalltheconciergetogettheappropriateusernameandpassword; thefeeforusingthewirelessnetworkwasaddedtohisroombill.Whenin doubt,askforaccessinstructionsatthefrontdeskwhenyoucheckin.Atthe WyndhamHotelsandResorts,accessisfreeifyou’reamemberoftheaffinity club“ByRequest,”butyoumustenteryournumberinthecaptiveportalpage toavoidpayingforbroadband.
WorkingTips Aswenotedatthestartofthischapter,onceyou’reconnected,usingawireless InternetconnectionontheroadisalmostexactlylikeusingawirelessInternet connectionathomeorintheoffice.Evenso,wecanofferafewtipsfromlong experience.
389
390
TheWirelessNetworkingStarterKit
• Checkemailwheneveryoucan.Youneverknowwhenyou’llbeableto connectinthefuture,soanytimewirelessInternetaccesspresentsitself, takeadvantageofittokeepuptodate.
• Watchyourtime.Ifyou’reusingacommercialWISPoranaggregator,
likeiPassorGRIC,thatchargesbythehourorday,payattentiontowhen youusethewirelessconnection.Hotelsinparticularcanbeabitsnarky aboutthis;atleastsomewe’vestayedinassumeadaygoesfrommidnight tomidnightdespitetheillogic.So,ifyoucheckinlateonenight,connect togetyouremail,andthenconnectagaininthemorning,you’llbecharged fortwodays.Makesureyouknowwhatthechargingpoliciesareahead oftimetoavoidtheseunwantedfees.
• Turnoffnetworkcardstosavepower.Althoughtoday’slaptopshave improvedfromthefirstsuccessfulportablecomputers,shortbatterylife remainsamajorfrustration.Alongwithotherpower-savingmeasuresthat youmaywanttotake(dimthescreen,spindowntheharddisk,reducethe processorspeed),makesuretoturnoffyourwirelessnetworkcardifthere’s nowirelessnetworkinthevicinity.That’sespeciallytrueonairplanes, whereyou’renotsupposedtouseradiotransmitters.
• Browseoffline.SeveralWebbrowsersandotherutilitiesletyoustore Webpagesasalocalsetoffilesforlaterviewing.AdobeAcrobatoffersa Web-to-PDFoptionthatcanretrieveWebpagesandimages,including certainkindsofmultimedia,andturnthemintoaself-containedAcrobat PDFfile.ThesefeaturesareusefulbecauseyourInternetaccessislikely tobesporadic,sobydownloadingWebpagesforlaterviewing,youcan continuetoaccessthatinformationevenafteryoudisconnectfromthe wirelessnetwork.
• Lockyourscreen.Ifyouhaveconfidential,sensitive,orembarrassingdata onyourlaptop,considerusingoptionsthatcausethecomputertoaskfor apasswordwhenyouwakethemachineoutofsleeporbringitoutofthe screensaver.Thatcanpreventcasualthievesfromaccessingyourdata,even iftheyweretomakeoffwithyourcomputer.Andforgoodnesssake,don’t writeyourpassworddownonastickynoteattachedtothecomputer!
• Obscureyourscreen.“Shouldersurfers”usedtorefertopeoplewhowatched youenterPINsforlongdistancecardsonpayphonesinairports.With cellphonesabundantandpayphonesacceptingcreditcards,thetermhas migratedtopeoplewhowatchyourlaptopactivitieswhileyouworkona
Chapter32 | WorkingontheRoad
planeorinotherpublicplaces.Severalinexpensivefilterscanobscurea laptopscreentoanyoneviewingatanangleotherthandirecton.The3M NotebookPrivacyFilter,forinstance,comesinmanysizes,andcosts$40 to$60(www.3m.com/ergonomics/notebookaccessories.jhtml).
• Useasecuritykit.Theproblemwithextendedsessionsinawireless-
enabledcoffeehouseisthatdrinkingallthatcoffeeoftenresultsinneeding tousethebathroom.Whattodowithyourlaptop?Ifyou’realone,the mostsecureapproachistopackeverythingupandbringitwithyou,at thecostofsometimeandtheriskoflosingagoodseat.Alternatively,you candowhatwedo,anduseasecuritykittolockyourlaptopandbagto thetable.Youcanbuyseveralkindsofsecuritykits,includingoneswith alarmssothatifacomputerisdisturbed,aloudnoisesounds.We’ve usedandlikedsecuritykitsfromKensingtonTechnologyGroup—see www.kensington.com/html/1434.htmlforthecurrentcollection.
391
VI
GoingtheDistance
Asweneartheendofthisbook,it’stimetoturnourattentiontoourgeekiest topicyet—long-rangewirelessnetworking.Afterall,there’snoinherentreason youneedtobewithin150feetorsoofanaccesspoint,andinfact,withthe rightequipment,awirelessnetworkcaneasilyspanmiles.Cool,eh? We’reundernoillusionthateveryonewillwanttoreadthesechapters,butyou mightwanttoglancethroughChapter33,Long-RangeWi-FiConnections,to seewhatyoucandowithalong-rangewirelessnetwork(itbasicallycomes downtoanotherwaytoacquireahigh-speedInternetconnectionorawayof connectingmultipleremotesitesintoasinglewirelessnetwork). IfChapter33piquesyourinterest,readChapter34,Long-RangeAntenna Basics,forallthegorydetailsyouneedtoknowinordertosetupalong-range wirelessnetwork.Ifyou’remostlyacomputerperson,likeus,ratherthana radiogeek,you’llhavealottolearn,butwe’veenjoyedtheprocessimmensely, andyoumaytoo.
33
Long-Range Wi-FiConnections
You’reprobablyfamiliarwiththecaveatonmostpiecesofWi-Finetworking gear—somethinglike“maximumperformanceupto150feet”whetherthat’s11 Mbpsor54Mbps.Andifyou’vebeenusingwirelessnetworksforanyamount oftime,youknowthat150feetisoftenoptimistic.Putawallortwointheway, andtheeffectiverangeofawirelessnetworkcandropto30or40feet. Thesedisclaimersdon’tmeanthatthere’sanyparticularlimitationonthe effectiverangeofstandardwirelessnetworks.Giventheappropriategear, mostnotablyahigh-gainantennathatincreasesthestrengthofyourwireless signal,youcansetupaWi-Ficonnectionwitharangemeasurednotinfeet, butinmiles. Infact,withotherproprietarywirelessnetworkvariantsthatuseslowerbut morerobustfrequencyhopping,thosedistancescanbeincreasedevenfarther thanispossiblewith802.11a,b,org.There’sawirelessInternetservice provider(WISP)inMainethattypicallyrunsitslinks20to40milesusinga Wi-Fi–likealternative,includinga22-milelinkfromthecoasttoanisland with300residents. Theresidentsofthisislandpreviouslyhadveryslowdial-upconnectionstothe mainlandthatcostthemseveralcentsperminute.Withthelong-rangewireless link,localresidentscaneitherconnectdirectlyathighspeedtothetoweron theisland,andreceive1to3Mbpsofbandwidth;ortheycanestablishdial-
396
TheWirelessNetworkingStarterKit
upmodemconnectionstothetowerbylocallandlineforafixedmonthlyrate avoidinglong-distancecharges.Thelong-rangewirelessnetworkconnection makesahugedifferenceforthesepeople. TheMaineWISP’scaseisparticularlyapt,becauseitillustratesthetwouses oflong-rangewirelessnetworkinginsituationswherewiressimplymaynot work:connectingtotheInternetandextendinganexistingnetwork. We’vebothdonesomeworkinestablishinglong-rangeInternetconnections andextendingnetworks,andwe’velearnedthateveryindividualsituationis different.Assuch,ouraimhereistodescribewhat’spossible,talkaboutwhich hardwareisnecessary,andputideasintoyourhead.Wedon’tofferdetailed instructionsbecauseit’simpossibletoanticipatewhatwouldberequiredin yourparticularsituation. NOTE WhetheryouwanttoconnecttotheInternetorextendtherangeofyour existingnetwork,it’simportanttorealizeupfrontthatalong-rangewireless connectionlinksonlytheremotesiteandasingledeviceonyourside.Don’t assumethatallyourwireless-capablecomputerswillsuddenlybeabletouse thelong-rangeconnection,justbecauseyouputupahigh-gainantenna. JustaswithacableorDSLmodem,youmustuseagatewaytoredistribute theconnectiontotherestofyourlocalnetwork.
ConnectingtotheInternet MostpeoplethesedayshavetelephonesandcanconnecttoanInternetservice providerviaastandardmodem.Butmodemssufferfromlongdialingtimes, slowthroughput,andgeneralflakiness,whichisoneofthereasonsthatalwayson,high-speedInternetconnectionsoverphoneandcablelines—so-called “consumerbroadbandconnections”—havebecomesopopular. Peoplewholivecloseenoughtoanappropriatelyoutfittedtelephonecompany centralofficeorwhosecabletelevisioncompaniesofferInternetaccessstill makeuparelativelysmall(thoughgrowing)percentageoftheU.S.(andworld) population,though,andit’salltooeasytofindyourselflivinginalocation wherebroadbandInternetaccessiseitherprohibitivelyexpensiveorimpossible tocomebyatanyprice. Thedifficultyoffindinghigh-speedInternetaccessisespeciallycommonin lightlypopulatedruralareas,wherethechancesofatelephoneorcablecompany investinginthenecessaryback-endequipmentforhigh-speedInternetaccess arerelativelylow.
Chapter33| Long-RangeWi-FiConnections
NOTE Evenwhenhigh-speedInternetaccessisavailable,it’softenonatenuous basis.FriendsofGlenn’sinsmall-townMainewereluckyenoughtohavecable modemservice—forawhile.AlargerInternetserviceprovider’sbuyoutofthe localcompanyresultedinthecablemodemservicebecomingunreliable.
Inanincreasingnumberofthoselocations,Internetserviceprovidersareturning tolong-rangewirelessnetworksasawayofbringingInternetconnectivityto far-flungcustomerswithoutdealingwithtelephonecompaniesorburying milesofwire.Withnoextrawirestorun,thecostofaddingacustomeris lowforboththeISPandthecustomer,andthestandard1Mbpsthroughput (thelowestof802.11b’sspeeds)isgenerallyequaltothebestDSLandcable modemconnections. NOTE SomeISPsevenpartnerwiththetinyphonecompanies(thesocalled“ma-andpabells”)thatstillexistinruralareasoftheU.S.TheISPbringshigh-speed Internettothelocalexchangeviaalong-rangewirelessconnection,andthen thephonecompanyredistributesitusingDSL.
Asmuchasalong-rangewirelessInternetconnectionmaybetheonlyoptionfor manypeople,othersusethemtoprovideredundantconnections.Forinstance, InternetconnectivityisessentialforAdam’sbusinessofwritingandpublishing, sowhenhemovedfromtheoutskirtsofSeattle,Washington(wherehewas
802.11bvs.802.11gforLong-RangeConnections Withalong-rangeconnection,doesitmake anydifferencewhetheryouuseanolder(and cheaper)802.11b-basedwirelessbridgeor clientinsteadofanewerandfaster802.11g model?That’sagreatquestion,andnotonewe havesufficientexperiencewithyettoanswer definitively. Ourcurrentunderstandingisthatifyou’re connectingtoaWISP,there’slikelynopoint inbotheringwith802.11g,sincetheWISP’s existingindustrial-strengthequipmentislikely touseonly802.11b.Inaddition,thesignal strengthforlong-rangeconnectionsisn’tlikely tobehighenoughtoprovidebandwidthabove
1Mbpsorso,so802.11g’smaximumthroughputof54Mbpsislikelytogounused. Thesituationisperhapsabitdifferentwhen you extend your own network, since the distancesmaybeshorterandyou’reprobably buyingalltheequipmentatroughlythesame time.WDS(WirelessDistributionSystem) capabilitiesalsoshowuponlyinnewer802.11g equipment,soifyouwanttouseWDStoextendyournetworkinsteadofusingdedicated wirelessbridges(seeChapter20,Bridging WirelessNetworks,forthetradeoffs),you’ll wanttobuythenewergear.
397
398
TheWirelessNetworkingStarterKit
consideringsettinguphisownwirelessInternetservicefromhishomeatop TigerMountain),toIthaca,NewYork,hesignedupforacablemodemInternet connectionandalsoinstalledalong-rangewirelessconnectiontoadifferent ISP.Shouldsomethinghappentooneoftheconnections,ortooneoftheISPs, hecanswitchhiscomputerstotheotherconnectioninamatterofminutes.
FindingaWISP Thefirststepinsettingupalong-rangewirelessInternetconnectionis determiningifawirelessISP(WISP)servesyourarea.SincewirelessInternet accessisstillsomewhatunusual,it’snotalwayseasytofind,evenwhenitis available.TrytheseWebsites:
• BroadbandWirelessExchangeMagazine(www.bbwexchange.com/wisps/) maintainsaWISPdirectorythatincludeshundredsofWISPsaround theworld,althoughit’sundoubtedlynotcomprehensive,inpartbecause BroadbandWirelessExchangechargesWISPsforinclusion.
• TheOpenDirectoryProjectpublishesalistofWISPsathttp://dmoz.org/ Business/Telecommunications/Wireless/Service_Providers/Internet/
Fixed_Broadband/.AlsobesuretocheckoutTheOpenDirectoryProject’s
listofRegionalWISPsathttp://dmoz.org/Business/Telecommunications/ Wireless/Service_Providers/Internet/Regional/.
• AstandardGooglesearchisalwaysworthtrying,althoughwe’vefoundit
difficulttocomeupwithsearchtermsthatworkreliably.Startbysearching for“wirelessInternetaccessSeattleWA”(replacing“SeattleWA”with yourcityandstate,ofcourse),andaddothertermslike“802.11b”and “WISP”ifnecessary.
We’veseeninterestinpromotingWISPassociationsfromavarietyoftrade groups,butnoonegroupappearstohavehititsstrideyet.It’sworthchecking ifanysuchgroupshavesolidifiedsincewewrotethisbook,sincetheywould providelistsoftheirmembersinyourarea. IfyourareahaslocalUsenetnewsgroupsormailinglists,tryaskingthere;all youneedisonepersontopointyouintherightdirection.Lastly,althoughit’s hardtorememberintoday’sageoftheInternet,sometimesthebestapproachis toreverttotraditionalmethodsoffindingabusiness.CheckyourlocalYellow Pagesinthetelephonebook,talktoInternet-savvyfriends,andcallnormalISPs andaskiftheyknowofanyoneofferingwirelessInternetaccessinyourarea. MostISPsknowwhichotherInternetaccesscompaniesarearound,andour experienceisthatthey’renotoffendedatreferringcustomerstheycan’tserve.
Chapter33| Long-RangeWi-FiConnections
TIP IfyoursearchfailstoturnupanyWISPsandyouhavenootheralternatives forhigh-speedInternetaccess,youcouldtrytoconvincesomeonewhocan gethigh-speedInternetaccesstohosttheremotesideofalong-rangewireless Internetconnection.Read“ExtendingYourNetwork”laterforinformationon settingupsuchaconnection.
TIP If you have a view of the southern sky, satellite-based Internet access fromStarBandCommunications( www.starband.com)orDirecway( www. direcway.com)isalsoapossibility.
BeYourOwnWISP Assumeforamomentthatyouliveinthe boonies,butnotallthatfarfromwherethe local telephone company stops providing DSL-basedInternetaccess.YouwanthighspeedInternetaccess,youdon’thaveagood viewofthesouthernskytouseStarBandor Direcway,butyoucanseequiteafewofyour neighbors’roofs.Whynotpayforaneighbor tohaveanInternetconnectionandusealongrangewirelessconnectiontobringitbackto yourhouse? There’snotechnicalreasonyoucan’tdothis, butitrequiressomecarefulplanningandgood interpersonalskills,sinceyoumustdetermine aheadoftimewhichofyourneighbors’houses isinalocationwhereitcangetDSLandprovidealine-of-sightwirelessconnectionfor yourhouse.Thatrequiressomeskillfuluse ofbinocularsoratelescope,somesleuthing withthelocaltelephonecompany,andthen apersuasiveapproachfortheneighboryou’ve identified.It’snotuncommontostrikeout afewtimesbeforeyoufindsomeonewhois amenable.Trytofindsomeonewho’sunlikely tomove—shelikelywon’twanttoexplain theentiresituationtopotentialhomebuyers,
whichcouldmarkanunceremoniousendto yourInternetconnection.Alsokeepinmind thattheISPfromwhomyougetservicemay notallowthatservicetobeshared. Therearesomedisadvantagestothisapproach. Alongwithshoulderingthemonthlycostof theInternetconnection,youmustalsobuy twoantennas,twowirelessEthernetbridges, andlikelyagatewaysoyourInternethostcan sharetheconnectionaswell.(Obviously,ifyou canfindapersonorbusinessthatalreadyhasa high-speedInternetconnectionandiswilling toshare,thecostsdropsignificantly.) You’realsoprobablysettingyourselfupto providetechnicalsupportforyourInternet host,andnomatterwhat,you’recreatinga situationwhereyou’rereliantonsomeone elseforyourInternetconnectivity,including troubleshootingifthingsgowrong. Putsimply,it’satrulyneatidea,butit’snot necessarilycheapandmayinvolveyouin someoneelse’slifemorethanyou’dlike.On theotherhand,ifitworksout,youcouldbe onyourwaytowardstartingyourveryown communitywirelessnetwork.
399
400
TheWirelessNetworkingStarterKit
SiteCheck Onehugecaveattolong-rangewirelessInternetconnectionsisthatyour wirelesstransceivermustbeabletoseetheWISP’santenna.Inthenetworking world,thisiscalledhavinglineofsighttotheremoteantenna,andit’sthemain reasonmorepeopledon’tuselong-rangeInternetconnections.Dependingon thedistance,youmaynotbeabletoactuallyseetheremoteantenna,though youshouldatleasthavegoodreasontobelievelineofsightmightbepossible beforeinvestigatingfurther.Rememberthatyoumightbeabletomountyour antennaonamastonyourrooftoachievelineofsight. OnceyoufindaWISPanddeterminethatit’sconceivablethatyouhavelineof-sightaccesstotheWISP’santenna,thenextstepistoasktheWISPto performasitecheck.WISPsmaychargeforsitechecks,sincesuchacheck involvesbringingahigh-gainantennamountedonatripodtoyourlocation, connectingittoalaptop,andtestingtoseeifthere’senoughsignalstrength. AWISPmayalsohavespecialgear,likeaGPSdeviceandatelescope,that canhelpdetermineexactlywheretheremoteantennaislocatedforoptimal aimingofyourantenna. Havethesitecheckperformedevenifyoucanseetheremoteantenna,since itshouldalsohelpyoudeterminewhatkindofantennayouneed.Ifyouget greatsignalstrength,youcanbuyasmaller,less-obtrusiveantenna,whereasif thesitecheckshowsthatyou’reontheedgeofbeingabletoreceivethesignal atall,youneedahigh-gainparabolicantenna.SeeChapter34,Long-Range AntennaBasics,forallthedetailsyouneedtoknowonantennatypesand determiningnecessarygain. TIP Buyanantennawithmoregainthanyouthinkisnecessary;extrasignal strengthisalwayswelcome,particularlysinceclimaticconditionscancause signalloss.Youhavenowayofknowinghowrepresentativetheclimatic conditionsonthedayofthesitecheckare,soleaveyourselfsomemarginof error.(Ofcourse,staywithintheFCC’slimitsatalltimes.)
IPAddresses Afterthewirelessconnectionhasbeenmade,connectingyourcomputeror networktoaWISPisnodifferentfromconnectingtoanyotherInternetservice providerintermsofwhatyouendupwith—connectivityprovidedtoone(static ordynamic)ormoreIPaddressesonyourlocalnetwork.
• AnISPusuallyhandsoutdynamicIPaddressesthesedaysbecausethen
itsDHCPservercantrackwhoisonlineatanygivenpointanddoleoutIP addressesfromtheISP’sblockofavailableaddresses.Dynamicaddressing
Chapter33| Long-RangeWi-FiConnections
iseasierforISPstomanage,andmanyusersdon’tmindatallbecause theydon’tneed(orevenwant)theircomputerstobeavailablefordirect connectionsfromoutontheInternet.Ifyoudon’twanttorunInternet servers,dynamicaddressingisfine. TIP Ifyoucan’tavoiddynamicaddressing,butyoustillwanttorunservers,look intodynamicDNS,whichenablessomeoneontheInternettoconnectto www.example.com,forinstance,andhavewww.example.commaptowhatever yourdynamicaddressisatthatparticulartime.SeeChapter16,Buyinga WirelessGateway,formoreaboutdynamicDNS.
• Withastaticaddress,youreceiveapermanentIPaddressthatalwaysmaps toyourwirelessEthernetbridgeortothecomputeractingasabridge.That’s idealifyouwanttorunservers,sinceyourserversarealwaysavailableat thesameIPaddress(whichcaninturnbemappedtoadomainname). Rememberthatyou’llstillneedtopunchholesthroughyourNATgateway soyourserverscanbeseenfromtheoutsideworld.IfyouwantastaticIP address,youmayhavetoaskyourWISPforone,anditmaycostextra.
• IfyouwantmultiplestaticIPaddresses,theservicewillalmostcertainly
costquiteabitmore,youwillneedarouter(thoughsomeoftheinexpensive wirelessgatewayscanactasroutersaswell),andyourWISPmusthelp youseteverythingup.
ExtendingYourNetwork Anothermajoruseoflong-rangewirelessnetworkingistoextendanexisting networktoaremotelocation.Perhapsyourcompanyhasanofficeinone buildinginanofficepark,andyouwanttotakeoverofficesinanotherbuilding. ThedistancemaybetoogreattorunEthernetcable,andthecostofleasinga high-speeddigitallinefromthetelephonecompanymaybeprohibitive,but forlessthan$1000andafewdaysofwork,youcanaddthenewofficestoyour existingnetworkandneverpayrecurringcoststothetelephonecompany.Or, youmaywanttoconnectanumberofhousesinyourneighborhoodinorder toshareasingleInternetconnection. Whenyousetupalong-rangewirelessInternetconnection,youhaveonebig advantage—techniciansattheWISPlikelyknowmorethanyoudoandare probablywillingtohelp.That’snottrueifyouwanttoextendyournetwork toaremotelocation,inwhichcasealltheworkfallsonyourshoulders.By “your,”wemeanmultiplepeople—it’salmostimpossibletoextendanetwork viaalong-rangewirelessconnectionwithouthelpers.
401
402
TheWirelessNetworkingStarterKit
Mostofwhatyouneedtoknowwithrespecttoextendinganetworkcomesin determiningwheretopositiontheantennasonbothsidesoftheconnection; foreverythingelse,readChapter20,BridgingWirelessNetworks. NOTE Evenmoresothanwithalong-rangewirelessInternetconnection,thedetails heredependonyourparticularnetworkandwhatyouwanttoaccomplish, sonecessityforcesustobeabitmoregeneralwhentalkingaboutexpanding wirelessnetworks.
ShortDistances Ifyou’reconnectingtwobuildingsinanofficepark,forinstance,determining thelineofsightandwheretolocatetheantennasoneitherendoftheconnection isusuallyfairlyeasy. Youcanestimatelineofsightbyeye,andthenfine-tunethepositioningby connectingyourantennatoalaptopandusingoneofthestumblertoolsto watchsignalstrengthasyouadjusttheantenna.Theonlydownsideofthis approachisthatyoumayneedtobuyanextrapigtailconnectortoattachthe antennatoyourlaptop,butit’sworththeminimalexpense.
LongDistances Thetaskbecomesmoredifficultasthedistanceincreases,orifyoudetermine thatthere’ssimplynowaytoachievelineofsightwithoutanintermediary antennainthemiddle. Whentryingtoestablishbothendsofaline-of-sightconnectionacrossa longdistance,startbylookingatdetailedtopographicalmaps(Figure33.1). High-qualitypapermapsareprobablytheeasiesttoworkwith,butyou maybeabletofindthedetailyouneedonaWebsitelikeTopoZone.comat www.topozone.com. Thetopographicmaponlytakesyousofar,though,becauseitshowsonlythe elevationoftheground,whereasyoucareaboutobjectsabovethegroundas well,suchastreesandbuildings.Onceyou’veidentifiedpossibleareasforyour antennaswiththemap,it’stimetoswitchtobinoculars,orbetter,telescopes. Here’swhereyouabsolutelyneedapartner,preferablywithacellphone,so youcaneachrelayyourlocationtotheotherasnecessary. ConsiderbuyingsomecheapMylarheliumballoonsatthegrocerystoreand attachingthemtoextremelylightstring(perhapsdentalfloss)soyoucanfloat theballoonup,havetheotherpersonfinditinthetelescope,andthenpullit
Chapter33| Long-RangeWi-FiConnections
Figure33.1 Atopographical mapofthearea nearAdam’shouse.
Antennatower
downashewatches.Onceyou’veidentifiedaspotthatyouthinkmightwork, markitwithsomethinglikeapieceofcoloredplasticthatyoucaneasilysee fromafarandusewhilemountingtheantenna. TIP Payattentiontoobstaclesthatarealmostintheway,sincetheFresneleffect cancauseproblemsevenifyouhavevisuallineofsight.Chapter34,LongRangeAntennaBasics,hasmoreabouttheFresnelzone.
Afteryouidentifyantennalocations,it’stimetotestthelocationswithactual antennas.Workthroughthecalculationsinthenextchaptertodeterminewhich kindofantennasyou’relikelytoneed,sinceunlessyoucanborrowportable antennasfromaWISPorsomeoneelsewhohasextrasthataren’tmounted,you mayaswellbuytheantennasyouthinkarenecessary.Goaheadandinstallyour antennas,butmakesureyoucanstilladjusttheirpositioningasnecessary. Ifyou’reconcernedaboutbuyingmoregearatthispoint,thecheapestmethod oftestingisprobablytouseapairoflaptopswithPCCardwirelessnetwork adaptersandpigtailsthatconnecttoyourantennas.(Youmayhavetobuyan extrapigtailortwo,butiftheconnectionsimplydoesn’twork,youwon’thave purchasedthewirelessEthernetbridgesunnecessarily.)Setupasimplead hocnetworkandseeifonelaptopcanconnecttotheother’snetwork.Again, havingapartnerwithacellphoneisessentialforreportingsignalstrengthand adjustingantennapositions. Ontheotherhand,ifyou’renotallthatworriedaboutcost,goaheadandbuy thewirelessEthernetbridgesyouneedoneithersideofthelong-rangewireless connection.Installandconfigureoneofthem,thenusealaptopintheother locationtoverifythatyourantennascanreceiveeachother’ssignals.
403
404
TheWirelessNetworkingStarterKit
Onceyou’veverifiedthateverythingworks,fastentheantennasdownsecurely, confirmthateverythingstillworks,andthenrunthenecessarywiringtotie thetwonetworkstogether.
Two-HopNetwork Shouldyougiveuphopeifthetopographicmapsshowthatthere’snoway youcouldeverfindalineofsightbetweenyourtwolocations?Italldepends onhowbadlyyouwanttosetupalong-rangewirelessconnection.Tosolve theproblem,youcouldtrybuildingatwo-hopconnectionthatusesapairof antennasinthemiddle. Theprocessofdeterminingantennalocationforatwo-hopconnectionis roughlythesameasforanormallong-rangeconnection,butwiththeadded caveatthatyoumustfindalocationthatcanbeseenbybothofyoursites. Topographicmapsareessentialinthistask,asaremultiplehelperswithcell phones,balloons,andtelescopes. Keepinmindthatyourintermediatelocationmusthaveatleastpower,and ideally,somesortofenclosurewhereyoucanputthenecessarypairofwireless Ethernetbridges(oneforeachofthetwointermediateantennasandconnected byashortEthernetcable). Putbluntly,creatingatwo-hopnetworkisbynomeansimpossible,butit’s definitelydifficult,expensive,andtime-consuming.Ifthealternativeisahighspeeddigitalconnectionfromthetelephonecompanythatcoststhousandsof dollarspermonth,theeffortofputtinginatwo-hopnetworkmaybeworthwhile, butitmayalsobeworthhiringprofessionalstodothework.
Troubleshooting IntheseveralyearsthatAdamhasrunhislong-rangewirelessInternet connection,it’shadtroubleonlyafewtimes.However,ifyoudon’thavea greatdealofexperiencewithwirelessnetworking,thissectionshouldhelpyou figureoutwhat’sgoingwrongandgethelp. Thefirsthintthatyourwirelessnetworkishavingtroublegenerallycomeswhen youdiscoveryourInternetconnectionisdown.Sincetherecouldbenumerous reasonsthatanInternetconnectionfailsthataren’trelatedtothewirelessaspect ofthenetwork,youmusteliminatethoseInternet-specificvariablesaswell. TIP Ifyou’retryingtominimizedowntimeasmuchaspossible,andyou’rewilling tojumpintoactionassoonasaproblemoccurs,youcaninstallmonitoring
Chapter33| Long-RangeWi-FiConnections softwarethatcontinuallyattemptstoconnecttoacomputeronthefar sideofyourInternetconnection,warningyouinavarietyofwaysifthe connectionfails.Youcanoftenwriteabasicformofsuchsoftwareyourself usingastandardpingutility,oryoucanbuypowerfulsoftwarethatcancheck avarietyofInternetservices.InWindows,checkoutMonitorMagicfrom Tools4ever(www.tools4ever.com/products/monitormagic/)orIpswitch’s WhatsUpGold(www.ipswitch.com/Products/WhatsUp/);ontheMac,the maincontendersareMaxumDevelopment’sPageSentry(www.maxum.com/ PageSentry/)andJamesSentman’sWhistleBlower(http://whistleblower. sentman.com/).
Here’swhatAdamdoeseverytimehenoticesaproblemwithhislong-range Internetconnection. First,hechecksthePowerBookheusestoconnecttohisWISPtomakesure it’srunningandisconnectedtotheWISP’snetworkwirelessly.Healsochecks tomakesurethesignalstrengthiswithinnormalbounds.Ifanythingseems outoftheordinary,herestartsthePowerBooktomakesureitisn’tthesource oftheproblem(wheretheproblemcouldbeeitherwirelessorTCP/IP).If youwereusingawirelessbridgelikeaLinksysWET11orWET54G,aquick resetwouldbeeveneasier,andequallyasworthdoing. IfthePowerBookreportsthatthewirelessconnectioniseitherdownornot operatingatnormalsignalstrength,Adamnextcheckshisantennaandcabling. Thecablinghasneverbeenaproblemsinceittravelsonlyarelativelyshort distance,buthisantennabracketallowsasmallrangeofmotion,andona coupleofoccasions,theantennahasbeenturnedfromtheidealspot.Themore likelyitisthatsomethinghashappenedtotheantennaoritscable(rainseeping intoanantennaconnector,abirdknockingtheantennaoutofalignment,an animalgnawingonyourantennacable),themorecarefullyyoushouldcheck yoursetupwhenproblemsoccur. TIP Fortheultimateintestingalong-rangewirelessInternetconnection,you couldtryreversingyournetworksoalaptopplacedsomewhereinfrontofyour antennacouldconnecttoyournetwork(ratherthanyournetworkconnecting totheWISP).Thiswouldinvolvesettingupanadhocwirelessnetworkfrom whateveryou’reusingasawirelessbridge,orconnectinganormalaccess pointtoyourantenna.It’sprobablytoomuchworkinmostcases,butmight behelpfulincertainsituations.
Thenextpartmaybedifficult.Assumingthereareotherwirelessclients connectingtothesamecentralaccesspoint,it’sgoodtofindoutifthose clientsarealsohavingtrouble.InAdam’scase,becausehe’sconnectingtoa WISP’spoint-to-multipointwirelessnetwork,hecanuseavarietyofmethods
405
406
TheWirelessNetworkingStarterKit
ofdeterminingifotherclientsarehavingtroublewiththesamepoint.His WISPpublishesapublicWebpageshowingconnectioninformationforits wirelesslinks;Adamcanuseapingutilitytocheckotherwirelessclientsvia hissecondarycablemodemInternetconnection;andlastly,hisWISPgave himaccesstothecentralaccesspoint’smanagementsoftware,soAdamcan logintothatviahissecondaryInternetconnectionandseeifanyoneelseis havingtrouble. Inmostcases,youprobablywon’thavesuchflexibility,butyoushouldstill thinkabouthowyoucanchecktomakesureyou’renottheonlypersonhaving trouble.Ifyou’vesetupyourownmultiple-siteextendedwirelessnetwork,that shouldbeeasy,sinceyoucansimplyvisiteachremotesiteandtestfromthere. Butifyouhavealong-rangewirelessInternetconnectionwithnobackup, youronlychanceatthispointmaybetocalltheWISPandaskifothersare alsoexperiencingwirelessconnectionproblems. TIP Wealwaysrecommendhavingsomekindofdial-upconnectionforbackup, becauseotherwiseyoucanwindupdisconnectedwithoutanyalternatives. ManywirelessISPsofferafewhoursoffreeaccesseachmonthforthis purpose.
ContactingtheWISPisusuallythelastthingyoudo,sinceit’sentirelylikely thattheproblemlieswiththecentralaccesspointoritsantenna.Forinstance, afterahorribleicestorm,Adam’slong-rangewirelessconnectionwentoffline forawhilebecausewaterseepedintotheantennacable,andtheguyswhofixed thatsortofthingweren’tabletoclimbtheantennauntiltheicemelted. TIP MakesureyouknowwhotocontactatyourWISPifsomethinggoeswrong. IfyourWISPprimarilyoffersnormalwiredInternetconnections,it’slikelythat onlyafewpeoplewithinthecompanywillbeabletohelpifyourconnection goesdown.
Wehopewehaven’tsoundedalarmisthere.Awell-engineeredlong-range wirelessnetworkcanoperateflawlesslyformonthsatatimewithnoattention whatsoever.Althoughhehasn’tkeptdetailedrecords,Adam’simpressionis thathislong-rangewirelessconnectionismorerobustthanhiscablemodem connection.
34
Long-RangeAntennaBasics
Themainpieceofhardwarethatsetsanormalhomeorofficewirelessnetwork apartfromalong-rangewirelessnetworkisanantenna.Allwirelessnetwork adaptersandaccesspointshaveantennasbuiltin,butforthemostpartthey’re designedforsmallsizeratherthanformaximumsignalstrengthboost.Most PCCardwirelessnetworkadapterscramtheentireantennaintothe1-by2–inchpartthatjutsoutfromthelaptopwhenthecardispluggedin. NOTE Tobeclear,antennasdon’tactuallyamplifythesignal(that’swhatamplifiers arefor!),theymerelyconcentrateitinspecificdirections.Ifyou’veeverused aflashlightlikeMagInstrument’sMaglite,whichprovidesafocusingringfor thebeam,youcanvisualizewhatanantennadoeswithradiowaves.The narrowerthebeam,thebrighterthelightinthecoveredarea,eventhough theflashlightbulbisn’tactuallyproducinganymorelight.Andofcourse,the narrowerthebeam,theharderitistoaimaccuratelyatadistanttarget.
Forlong-rangewirelessnetworking,though,built-inantennaswillneverbe sufficient,andyoumustlooktolargerexternalantennasthatcanbeadded tosome,butnotall,wirelessnetworkclients.Luckily,thankstotheriseof communitywirelessnetworking,ithasbecomesignificantlyeasierandcheaper tobuyanexternalantenna.Tofindagoodantennavendorafterreading ourdiscussionofantennasbelow,visitacommunitynetworkingsitelike http://nocat.netandcheckoutthevendorsitrecommends.
408
TheWirelessNetworkingStarterKit
Long-RangeAntennaTypes Mostoldtelevisionscamewithrabbitearantennasthatworkedacceptablyfor manypeople,butthosewhowantedbettertelevisionreceptionwouldinstalla largerooftopantennatopullweaksignals.Similarly,youcanuseavarietyof differentantennatypeswhenyou’resettingupalong-rangewirelessnetwork. Whichoneyouchoosedependsontwofactors:
• Isyournetworkapoint-to-pointnetwork,whereyou’dwantahighly
directionalantennawithanarrowbeam,orareyoucreatingapoint-tomultipointnetworkwhereyouneedtocoveralargeareawithasectoror omnidirectionalantenna?
• Howmuchdecibel(dB)gaindoyouneedforyourconnectiontowork
acceptably? Read “Calculating Signal Strength” in this chapter to determinethenecessarygainwhilestillstayingwithintheFCC’s(Federal CommunicationsCommission)legallimits,andsee“StayingLegal”below formoredetailsonthelegalrestrictions.
NOTE dBstandsfordecibels,theunitusedformeasuringantennagain,anddBm meansdecibelsrelativetoareferencelevelof1milliwatt(mW).Roughly speaking,1mWequals0dBm,andforeverydoublingofthemilliwatts,you add3tothedBm.Themaximumemittedradiation(calledEIRP)froman
HealthConcerns Are there any health concerns related to long-range wireless networking? Yes and no.Inmostsituations,theamountofpower involvedisfarbelowtheamountofradiation emittedbyacellphone,andstudieshavefound noconclusivelinksbetweencellphoneusage andcancer,eventhoughthecellphoneoften touchesthebody. Asweshowfartheron,thestrengthofsignals transmittedtoyourantennaisextremelyweak, andofcourse,thefactthatyouhaveanantennadoesn’tmeanyoureceiveanymoreradio wavesthananyoneelseinyourarea.We’reall constantlybombardedbylow-powerelectro-
magneticradiation.Further,theintensityof transmittedsignalsdropsenormouslywhenyou movejustashortdistancefromanantenna. Thatsaid,ifyousetupalong-rangewireless linkthat’sonthehigherendoftheallowable powerspectrum,exercisesomecommonsense aboutwhereyoupositionitsonoonespends muchtimewithinafewfeetofthefrontofa directional,high-gainantenna. You can read more about the issues relatedtoelectromagneticfieldsandhealthat www.fcc.gov/oet/rfsafety/ andwww.fda.gov/ cellphones/qa.html#3a.
Chapter34 | Long-RangeAntennaBasics antenna—whichcanwindupbeingmuchmorethantheinputwattage—that theFCCallowsintheU.S.is1watt,whichisequivalentto30dBm.InEurope, it’sonly250mW,or24dBm.HyperLinkTechnologiesoffersadBm-to-watts conversionchartatwww.hyperlinktech.com/web/dbm.html,andTimPozar’s whitepapersatwww.lns.com/papers/part15/explaintherestrictioninmore detail.You’llalsoseethetermdBi,whichisdecibelsrelativetoanisotropic radiator,orasinglepointantennathatradiatesequallyinalldirections.
TIP Withsomeantennas,suchasparabolicandpanelantennas,it’simportant tomountthemintheproperorientationtomatchthepolarizationfromthe remoteantenna.Ifyou’renotsureoftheappropriatepolarization,askyour ISP,andwhenindoubt,guessatvertical.
Let’slookatthedifferenttypesofantennasthatareappropriateforlong-range installations.Ifyou’reinstallinganantennatoextendtherangeofanindoor wirelessnetwork,seeChapter21,IndoorAntennaBasics.
RadiationPatterns Allantennasradiatemoreinsomedirections thanothers,andit’simportanttousetheappropriatetypeofantennaforyourintendeduse. Buthowcanyoudetermineanygivenantenna’s radiationpattern?Antennasradiateinthree dimensions,whichcanbedifficulttorepresent onpaper.Manyantennavendorsuseamodified logarithmicplottoindicatewheretheantenna concentratesradiation.Thegraphiscircular, with0˚beingdirectlyinfrontoftheantenna, and180˚beingdirectlybehindit.Theconcentriccirclesinsidetheouterringmarkdifferent gainlevels.Thecloseraplotistotheouterring, thehigherthegaininthatdirection. Figure34.1 Radiationpattern plotforan omnidirectional (left)andparabolic antenna.
Forinstance,inFigure34.1(left),whichshows theradiationpatternforanomnidirectional antenna,youcanseethattheantennaradiates moststronglyatboth0˚and180˚,droppingoff atotherangles.Figure34.1(right)showsthe plotforahighlydirectionalparabolicantenna. Itradiatesstronglyinanarrowbeamaround 0˚,buthardlyatallinanyotherdirections. Formoreinformationonhowtoreadradiationpatterns,seeJosephReisert’sdiscussion at www.astronantennas.com/radiation_pat terns.html.
90°
180°
90°
0° 180°
270°
0°
270°
409
410
TheWirelessNetworkingStarterKit
OmnidirectionalAntennas Asyoucanimaginefromthename,anomnidirectionalantenna—sometimes calledaverticalwhipantenna—isprimarilyusefulinalocationwhereyou wantthesignaltoradiatefromtheantennainalldirections.That’snotquite accurate,becauseanomnidirectionalantennaisusuallyshapedlikeavertical stick,sothesignalradiatesouttothesidesinacircle,butdoesn’tgoupor downmuch(Figure34.2). Figure34.2 Anomnidirectional antenna.
Forthemostpart,youuseanomnidirectionalantennatocreateapoint-tomultipointconnection—thatis,whenyouwantmanyconnectionsmadetoyour omnidirectionalantenna.ISPsoftenuseomnidirectionalantennasontheir towerstoavoidinstallingafocused-beamantennaforeachcustomer.Another gooduseforanomnidirectionalantennawouldbetoprovidewirelessnetwork accessforaschooloracollegecampus.Omnidirectionalantennasworkbestin relativelyshort-rangesituationswhereeveryoneconnectingisatroughlythe sameelevationastheantenna(sincethebeamdoesn’tradiateverticallymuch). Becausetheydon’tfocusthebeammuch,omnidirectionalantennasmaxoutat about15dBiofgain.They’realsocheap,easytoinstall,anddurable. TIP Ifyou’remountinganomnidirectionalantenna(oranyothertypeofexternal antenna)outsidewhereitcouldbestruckbylightning,you’dbesmartto installalightningsuppressortoprotectyouraccesspointintheeventofa strike.Adamchosenottoaddlightningsuppressiontohissystembecause hisparabolicantennaismountedonthewallofhishouse,undertheeaves. Addingalightningsuppressordecreasessignalstrengthslightly.
Chapter34 | Long-RangeAntennaBasics
SectorAntennas Likeomnidirectionalantennas,sectorantennasareusedinpoint-to-multipoint situations.Unlikeomnidirectionalantennas,however,sectorantennasradiate onlyinaspecificdirection,andthey’reoftencombinedtocoveranarea.Vendors ofsectorantennasalwaysdescribethespreadoftheantenna’scoverage,usually between60degreesand180degrees. Theadvantageofusingmultiplesectorantennasoveranomnidirectionalantenna isthatyoucantiltthesectorantennasdowntoworkaroundtheelevationproblem thatomnidirectionalantennasface.Theyalsoofferhighergains—asmuchas 22dBi.Sectorantennastendtolooklikethinboxes(Figure34.3). Figure34.3 Asectorantenna.
Sectorantennascostmuchmorethanomnidirectionalantennasandsince youmayneedseveralofthemtocoverafull360degrees,thecostincreases evenmore.They’reworthinvestigatingmainlyforspecificlocationswherean omnidirectionalantennawon’tworkwell.
PanelorPatchAntennas Panelantennas,sometimesalsocalledpatchantennas,aresolidflatpanels usedforfocusedpoint-to-pointconnections,muchlikeyagiandparabolic antennas,whichwediscussnext.Panelantennasareinexpensive,featuregood gainofupto14dBi,andcanblendinbetterwiththeirsurroundingsthan largeparabolicgridordishantennas.Theydon’tlooklikemuch—justsmall flatboxes(Figure34.4). Figure34.4 Apanelantenna.
411
412
TheWirelessNetworkingStarterKit
Onthedownside,becausepanelantennasmustbepointedattheremoteantenna, theyoftencan’tbemountedflatonawall.Andiftheycan’tbemountedflat onawall,strongwindsmaymovethemordamagethem.
YagiAntennas Ifomnidirectionalantennasareeasilyvisualizedfromtheirname,yagiantennas arejusttheopposite.Fromtheoutside,ayagiantennalookslikeathickplastic tube,andontheinside,ithasaseriesofmetalcirclesorbarsthatdropinsize astheyneartheendoftheantenna(Figure34.5).Ayagiantennaprovidesa fairlyfocusedbeam,alongwithatmostabout21dBiofgain,with15dBibeing common.Becauseofthefocusedbeam,youmountayagiantennapointingat theremotelocation. Figure34.5 Ayagiantenna.
Yagiantennasarepopularbecausetheyprovidedecentgaininasmalland unobtrusivepackage.Ifyou’remountingayagionyourhouse,there’slittleneed toworryaboutparanoidneighborsassumingyou’respyingonthem.Although they’renotquiteasunobtrusiveaspanelantennas,yagiantennassuffermuch lessfromtheforceofthewind(althoughsnowandicebuildupinthewinter caninterferewiththesignal).
ParabolicAntennas Aparabolicantennaisthemostpowerfulyoucanbuy,anditgenerallylooks eitherlikeacurvedwiregridorlikeasmallsatellitedish(Figure34.6).The longerthedistanceyouwanttocover,themorelikelyyouaretoneedaparabolic antenna.Withaparabolicantenna,youcanenjoyafocusedbeamandupto 27dBiofgain.Themaindownsideofparabolicantennasisthattheycanbe big—Adam’s24dBiparabolicantennais2-feetby3-feet,and27dBiantennas areabout6feetindiameter.Luckily,Adam’swifeTonyathinksalarge,white antennamountedonthesideofherhouselooksprettyslick.Thefactthatit bringsinbetterInternetconnectivityisalsoahugeplus.Someotherspouses maynotbesounderstanding. Parabolicantennasarequiteaffordableandthosehavingagriddon’tsuffermuch fromeitherwindloadorsnowbuildup,makingthemthemostappropriatefor moreextremesituationswherehigh-gainisnecessary.
Chapter34 | Long-RangeAntennaBasics
Figure34.6 Parabolicantennas.
TIP Ifyou’reunconcernedaboutthelookofyourantennaandyoudon’twant tomessaround,ahigh-gainparabolicantennaisprobablythesafesttype tobuy.
DipoleAntennas Althoughsmalldipoleantennasarenotusefulforlong-rangenetworking (becausetheyhaveagainofonlyabout2.2dB),they’reoftenbuiltontoaccess pointstoincreaserangeindoors(Figure34.7).Themainutilityofanaccess pointwithremovable(notallare)dipoleantennasisthatit’smuchmorelikely thatyou’llbeabletoaddamorepowerfulexternalantenna.Lifeiseasierif youdon’thavetodrillholesinyouraccesspointorsolderconnectionsbetween youraccesspointandexternalantenna.SeeChapter21,IndoorAntennaBasics, formoreondipoleantennas. NOTE Dipoleantennasareessentiallythesameastherabbitearantennasused fortelevisionreceptionyearsago,exceptdipoleantennasusedonwireless networkinggeararemuchsmaller.Theyaresmallerbecause802.11buses frequenciesinthe2.4GHz(or2400MHz)partoftheradiospectrum, whereastelevisionusesfrequenciesinthe100MHzpartofthespectrum.As thefrequencyincreases,thesizeofthewavelengthdecreases,andthusthe antennasizecanalsodecrease. Figure34.7 Dipoleantennas.
413
414
TheWirelessNetworkingStarterKit
BuildingYourOwnAntenna Nobookthattalksaboutlong-rangewirelessnetworkingwouldbecomplete withoutmentioningthat,yes,youcanactuallybuildanantennaforalmost nomoneyatall.Themostpopulartypeofantennatobuildistheso-called “Pringlescan”antenna,whichisayagitype. TIP AlthoughthePringlespotatochipcanhasprovenpopularforhomebrew antennas,peoplehavehadbetterresultsfromothertypesofcans,witha Nalley’sBigChunkBeefStewcantakingtheprizeinGregRehm’scomparison atwww.turnpoint.net/wireless/cantennahowto.htm.
Whybuildyourownantenna?Entertainmentvaluerankshighonthelist,and althoughantennasaren’tthatexpensive,buildingyourownfromvariousbits andpiecescostslessthanbuyingone. However,therearealsogoodreasonstobuyinsteadofbuild.Yourself-built antennaislikelytobesomewhatrandom—itcouldhaveahigherorlowergain thanwouldbeidealforyoursituation.Ifthegainismuchhigherthanexpected, itcouldputyouinviolationofFCCregulations.It’salsolikelytospewradio wavesinunanticipateddirectionsoronillegalfrequencies,whichmaycause problemsforotherpeopleinthevicinity.And,ofcourse,decoratingwithan oldcanisevenlesslikelytopassspousemusterthanacommercialantenna. Formoreinformationaboutbuildingyourownantenna,searchonGoogleor visitRobFlickenger’sexplanationofhowhebuiltaPringlescanyagiantenna atwww.oreillynet.com/pub/wlg/448 (Figure34.8). NOTE Robisalsotheauthoroftwobooks:BuildingWirelessCommunityNetworks, whichisamustreadifyou’rethinkingaboutconnectingwithyourneighbors tomakeacommunitynetwork;andWirelessHacks,whichispackedfullof greatideasforthosetryingtoputtogetherinexpensivehardwareandsoftware togreateffect. Figure34.8 RobFlickenger’s Pringlescan antenna.
Chapter34 | Long-RangeAntennaBasics
AntennaCable&Connectors Forthoseofuswhoseexperienceliesintheworldofcomputers,dealingwith antennacablesisaroyalpain,becausewecanuselittleofourcomputer-based knowledge.Antennaconnectionsoftenrequiremultiple,unfamiliarcabletypes, andinmanycases,eachcablehasadifferentconnector.Cablesareoftenthick andhardtoworkwith(orinthecaseofpigtails,thinandfragile),andcable lengthalwaysmattersbecausethelongerthecable,themoresignalyoulose, aswediscusslater. TIP Ouradvice?Don’ttrytobuildcablesyourselfunlessyou’realreadyextremely goodatit(orarewillingtodevotelargeamountsoftimeandwiretolearning), andtrytobuyallyourcablesfromthesamevendor.Insteadoforderingover theInternet,callthevendorandtalktosomeonetomakesureallthepieces youwantareappropriateandwillconnectwithoneanother.
Pigtails Toconnectyouraccesspointorwirelessnetworkadaptertoanexternalantenna, youneedapigtail,whichissimplyashortpieceofthin,flexiblewirewith appropriateconnectorsonbothends(Figure34.9).Pigtailsexistforthree reasons.First,pigtailssolveasizingproblem—somewirelessnetworkcardshave anantennajackthatisextremelysmall(perhapsaquarterofthediameterofa standardpencil,forinstance),makingitimpossibletoconnectamuch-wider antennacable(sizedatabouttwicethethicknessofapencil).Second,pigtails canbend—sinceantennacableistypicallythickandinflexible,theflexibility ofapigtailsimplifiesmakingaconnectiontothethickantennacable.Third, pigtailscanmakeiteasiertoworkwithavarietyofequipmentwithdifferent typesofconnectors. Asmuchaspigtailsareessential,theyhaveseveralannoyingattributes.They tendtobefairlyexpensive,rangingfrom$20to$60ormore.Thepriceishigh Figure34.9 Apigtailconnected toaPCCard.
415
416
TheWirelessNetworkingStarterKit
inpartbecausethemarkethasnoalternative,butalsobecauseagoodpigtail useshigh-qualitywireandconnectors,andisbuiltcarefully.That’simportant becausethinwiredoesn’ttransmitsignalwellandbecauseeveryconnectoryou addtoanantennasystemcausessignalloss.Sinceyourgoalisalwaystoavoid signalloss,it’sworthpayingmoreforahigh-qualitypigtail. TIP Toreducesignalloss,buyasshortapigtailasseemsreasonableforyour installation,generallybetween6and15inches.
Thefinalannoyancewithpigtailsisthat,inordertodiscouragepeoplefrom usingpotentiallyinfringingantennas,FCCregulationsrequirethatevery manufactureruseadifferentconnectortype.Proximequipmentisdifferent fromLinksysequipment,forinstance,sobecarefultoorderapigtailthat’s compatiblewithyourhardware. Pigtailsusedtobedifficulttofindandevenmoreexpensive,buttheriseof communitynetworkinghasincreasedtheinterest,andthusthesupply.For additionalinformationonpigtails,includinglinkstovendors,visittheSeattle WirelessPigtailspageatwww.seattlewireless.net/index.cgi/PigTail.
Cable Althoughthethinwireusedinpigtailsisflexibleandeasytoworkwith,the signallossthroughsuchthinwireisproblematic.Asaresult,thecableforlonger runsfromyourantennashouldbesignificantlythickerthanapigtail. Youcanbuyavarietyofdifferentgaugesofcablethatworkwithexternal antennas,sothetrickistodeterminehowmuchmoneyyouwanttospendin relationtohowconcernedyouareaboutsignalloss.Theawkwardpartofthis tradeoffisthatthelongeryourcableneedstobe,themoreyoushouldworry aboutsignalloss,soyourcostincreasesbecauseofneedingmorecableand needingalargergaugecable. TIP Measurecarefullywithstringtodetermineexactlyhowmuchcableyouneed beforeorderingantennacable,sincethere’sadownside(extrasignalloss)to havingmorecablethanyouneed.
ThemostcommonlyusedtypeofcableseemstobeLMR400,where400 indicatesthegaugeofthewire.Itprovidesagoodcombinationofrelatively lowprice,lowsignalloss,anddecentflexibilityforeaseofinstallation.Most,if notall,antennacableisdesignedtobeinstalledoutdoors,soitcanwithstand theultravioletlightinsunshinethatbreaksdowntheplasticcoveringsof
Chapter34 | Long-RangeAntennaBasics
cablesdesignedforindoorusage.Youcanalsobuyantennacablethat’srated for“directburial,”meaningthatyoucandigatrenchinthegroundandplop thecablerightinwithoutrunningitthroughaconduit. TIP Aswithotherpartsofalong-rangewirelesssystem,werecommendresearching whatyouneedonlineandthencallingthevendoryou’vechoseninorderto placetheorder.Askthesalespersonifthepiecesyou’reorderingmakesense foryourdesireduseandifthey’llallworktogether.Anotherreasontoaskfor helpisthatsomevendorshavetheirownnamesordescriptionsforsomeparts. Forinstance,LMR400cablemaygobyaproprietarynamelikeCommscope WBC-400—theonlywayyoucanbesureit’swhatyouneedisbyasking.
Aswithpigtails,findingappropriatecablehasbecomesignificantlyeasierthanin thepast,andmostcompaniesthatsellantennasandpigtailsalsosellcable.
Connectors Evenmoreconfusingthanpigtailsandantennacableforthoseofusfromthe computerworldarethemanydifferenttypesofconnectorsyoumayseeattached totheendsofthesecables.Wedon’tdiscusseverypossibletypeofconnector outthere;insteadwe’llfocusonthetypesthatyou’remostlikelytouse. TIP Don’trelyonvisualcomparisonsbetweenconnectors,assomeconnectorslook identicalwhen,infact,theyhavereversedgenderorreversedthreads.Always verifythecablesyou’rebuyinghaveconnectorsthatworkwithoneanother.
• Nconnectorsarelarge,threadedconnectorscommonlyusedforconnecting antennacable(particularlyLMR400orlarger)toantennasandtopigtails. Theyhavefairlylowsignallossandmakeextremelysecureconnections, butaresimplytoolargeforsomesmallercabletypes.
• TNCconnectorsaresimilartotheBNCconnectorsusedfor10Base-2
Ethernetcables(seeAppendixA,NetworkingBasics,foradiscussionof 10Base-2andBNCconnectors),butwiththeadditionofthreadsformore secureconnections.Signallossisacceptable,thoughhigherthanwithN connectors.They’realsosmallerthanNconnectors.
• SMAconnectorsaresmall,threadedconnectorscommonlyusedforcables smallerthanLMR400.LesscommonvariantsincludeSMB,whichis justapush-ontype,ratherthanathreadedconnector,andSMC,which isevensmaller.
Visithttp://nocat.net/connectors.htmlformoreinformationontheseand otherconnectorsandpicturesofthedifferentconnectors.
417
418
TheWirelessNetworkingStarterKit
NOTE TheNconnectorandtheBNCconnectoronwhichtheTNCconnectorisbased werebothdesignedduringWorldWarIIformilitaryapplications.
WirelessAccessories Additionaldevicesthatyoumightwanttoaddtoalong-rangewirelessnetwork setupincludeanamplifierandalightningprotector.
Amplifiers Asyou’llseein“CalculatingSignalStrength”inthischapter,thehardest partofsettingupawirelessnetworkismakingsureyouhaveenoughsignal strengthtotransmitasignaltotheothersideofthenetwork.Sowhynot useanamplifiertoaddsomeextrapowertotheequation?Amplifiersfacea numberofproblems.
• Youcanaddatransmitamplifiertoasystemtoincreasethetransmitter’s
poweroutput.However,youwilllikelyneedanothertransmitamplifieron theotherendofthenetworkaswell,oryouriskcreatingasituationwhere theotherendcanhearyouramplifiedsignal,butyoursidecan’thearthe remotesignal.
• It’spossibletoaddareceive“pre-amplifier”toamplifyaweakincoming signal,butdoingsoalsoaddsnoise,whichislikelytobecounter-productive. Youmaysee“bi-directional”amplifiersthatcombineatransmitamplifier withareceivepre-amplifier.
• Amplifiersrequireelectricalpower,whichmaybedifficulttoruntothe
appropriateplaceinyourantennasetup,althoughtherearesystemsthat canrunpowerovertheantennacableitself,eliminatingtheneedfora separatepowercable.
• Addinganamplifiertoasysteminherentlymeansaddingatleastone connector,whichincreasessignallossslightly.
Solvingtheseproblemsispossible,butrequiresmoney.Asaresult,amplifiers aren’tcheap.Worse,becauseamplifierscouldeasilysendyouovertheFCC’s powerrestrictions,manysupplierswon’tselltoconsumers.Forinstance, HyperLinkTechnologies(www.hyperlinktech.com/web/amplifiers.html)offers itsamplifiersonlyformilitaryorinternationalsales,althoughthecompanydoes sellamplifiedantennakitsthatbundleanamplifierwithanantenna;adding theamplifiertothekitaddshundredsofdollarstotheprice.Ontheupside, manyamplifiersdoincludebuilt-inlightningprotection.
Chapter34 | Long-RangeAntennaBasics
Forthemostpart,wedon’trecommendamplifiers,sinceyou’rebetteroff spendingyourmoneyonagoodantennawithlow-losscableandconnectors.
LightningProtectors Asyourmothertaughtyou,standingupinahighplaceduringalightningstorm isareallybadidea.Butinmanycases,that’sexactlywhereyou’veinstalledyour antenna,whichisjustaskingfortrouble,particularlysincethecablesconnected totheantennacouldbringanylightningstrikesinsideyourhouseoroffice, wheretheycouldbedeadly. NOTE We’renotkiddingaboutthedangerhere,sotobeclear,it’suptoyou,andonly you,tomakesurethatyourinstallationissafe.Wecan’tberesponsibleforany damageorinjurythatmayoccurifyourantennaisstruckbylightning.
Youcanbuyrelativelyinexpensivelightningprotectorsthatattachtoyour antennacableandshunttheenergyfromthelightningstrikeofftoagrounding rod.Honestly,wehavelittleexperiencewiththesedevices,sowecan’tsay forsurehowwellthey’llworkforprotectingyourequipmentintheeventof astrike.Aslightdownsidetoalightningprotectoristhatitcausesabout0.4 dBofsignalloss. TIP Makesureyoubuyalightningprotectorwithappropriateconnectorsfor yourcable.
Nonetheless,sincelightningissoincrediblypowerfulandunpredictable,we recommendaddingalightningprotectortoyoursystem.Theycostbetween$30 and$100andareavailablefromtheusualsuppliers,companieslikeHyperLink Technologies(www.hyperlinktech.com/web/lightning_protectors.php)andYDI Wireless(www.ydi.com/products/cables-accessories.php). Properinstallationoflightningprotectionisextremelyimportant,soifyou’reat allunsureofyourabilities,lookforaprofessionalinstallerwhowillknowthe bestmaterialstouseforthegroundingrod,thestrapthatconnectsthelightning protectortothegroundingrod,andevenforthesoilthatwilldissipatethestrike.
CalculatingSignalStrength Thehardestpartofplanningalong-rangewirelessnetworkconnectionis determiningtheamountofgain,orsignalstrengthimprovement,youneed fromanantennainordertosendandreceivesignalswiththeremotelocation. It’strickybecauseyoumustconsideranumberofvariables,someofwhich
419
420
TheWirelessNetworkingStarterKit
aren’teasytodeterminewithoutalreadybeinganantennaexpert.Let’swalk throughacalculationusingAdam’slong-rangewirelessInternetconnection asanexample. NOTE Adisclaimerupfronthere:Bothofusarecomputergeeks,notradiogeeks, andweassumethatmostofyouaremorefamiliarwithcomputersthanham radiosaswell.Soourexplanationsarebasedonourexperience,research,and goalofexplainingthetopicwithoutdelvingintothecomplexphysicsandmath thatexplainexactlywhatgoesonwithalong-rangewirelessconnection.
NOTE Youmustrunthiscalculationinbothdirectionsbecausealthoughantennas improvesignalstrengthforbothtransmittingandreceiving,notallradiosare asgoodatreceivingdataassendingit.
TIP YoucanfindcalculatorsontheWebthatperformthiscalculationforyou,but ourexperienceisthatmanyofthemaskforwaymoreinformationthanyou couldpossiblydetermine,makingthemfarmoreaccuratethanourdiscussion below,butalmostentirelyuselesswithoutalltheparticularsinhand.See thecalculatorfromGreenBayProfessionalPacketRadioat http://my. athenet.net/~multiplx/cgi-bin/wireless.main.cgiforanexampleof whatwemean.
TransmitPower Thefirstnumbertofindisthetransmitpoweroftheradiotransceiverinthe deviceyouwanttoconnecttoyourantenna.Luckily,manufacturersalmost alwayspublishthatnumberinthedevice’stechnicalspecifications,soit’seasy tofind.AdampowershiswirelessconnectionusingaLucentWaveLANPC Card(cannibalizedfromanAirPortBaseStation)pluggedintoanApple PowerBookG3(Figure34.10).BriefperusaloftheAirPortBaseStation technicalspecificationsinApple’sonlineKnowledgeBaserevealsthatithas atransmitpowerof15dBm.AnothersearchonGoogle(www.google.com)on “LucentWaveLANtransmitpowerdBm”foundanumberofothersources thatconfirmedthe15dBmrating. Youmustalsofindoutthetransmitpoweroftheremoteradio,whichyoucan determineeitherbycheckingthetechnicalspecificationsforthehardware, ifyouknowexactlywhatitis,orbyaskingyourWISP.InAdam’scase,his WISP,Lightlink,usesaCiscoAP340,andaquicksearchrevealsthatithasa transmitpowerof15dBmaswell.Ifyoucan’tdeterminethisnumber,guess at15dBm,sinceit’sequivalenttoa30mWtransmitter,whichiscommon.
Chapter34 | Long-RangeAntennaBasics
Figure34.10 Apigtailconnected toaLucent WaveLANPC Cardinstalledina PowerBookG3.
PowerBookG3
LucentWaveLANcard
Pigtail
Itispossibletobuy100mWandeven250mWtransmitters,butthey’reless commonandmorelikelytopushclosertoviolatingtheFCCregulationsonce youaddtheantenna.
SignalLossinCable Toconnectanantennatoawirelessnetworkadapter,youneedapigtail,which isashort,thincablewhosepurposeistoconnectthesmalljackonyournetwork adaptertothethickcoaxialcablefromtheantenna. Signalislostinallcables,andthethinnerthecable,themorethesignalloss. Sincepigtailsarealwaysthin,theytendtohaveafairlyhighsignalloss;we’ve seenestimatesof0.4dBormoreperfoot.Cablequalitycanmakeahuge differencethough,sothelosscouldbehigherorlower,dependingonthepigtail youbuy.Themanufacturermaytellyouwhatthesignallossofyourpigtail is,butifnot,justguess.Tobeconservative,let’sassumethatAdam’s15-inch pigtaillosesabout1dB. Anothersourceofsignallosscomesfromconnectors,soyouwanttoreduce thenumberofconnectorsasmuchaspossible.Again,we’veseenestimatesof between0.25dBand1dBoflossperconnector.Typically,cheapconnectors arelikelytolosemoresignalthanmoreexpensiveconnectors.SinceAdamhas threeconnectorsinhissetup—onefromtheLucentWaveLANcardtothe pigtail,onefromthepigtailtotheantennacable,andonefromtheantenna cabletotheantenna—let’sassume3dBoflosstheretobeconservative.
421
422
TheWirelessNetworkingStarterKit
Thefinalpartofthecableequationcomeswiththerunfromthepigtailtothe antenna.Cablesignallossvariessignificantlywiththetypeofcableyoubuy,but it’ssomethingthatthemanufacturerwilleitherpublishorbeabletotellyou. Adamused15feetofLMR400cable,whichloses6.8dBper100feet,soaquick calculationshowsthathelosesabout1dBofsignalstrengthinthecablerun. Addthosenumbersup—1dBforthepigtail,3dBfortheconnectors,and1 dBforthethickantennacable—andyougetatotalof5dBofsignal-strength lossduetothenecessarycabling. Calculatingthecablesignallossfortheremotesideislikelytobeatotalguess, unfortunately,sinceonlythepersonwhoactuallyinstalledtheequipment islikelytoknowwhattypesofpigtailandcablewereused,andhowmany connectorswereused.Ifyoucan’tfindouteasily,guessat5dB.
AntennaGain Themainboostinthesystemcomesfromtheantennaitself,ofcourse,and it’seasytodeterminethegainofanantennabecauseit’soneofthetwomain variables(alongwithtype)thatyouseewhenshoppingforantennas.Aswith theothernumbersinthiscalculation,antennagainismeasuredindecibels, expressedinthiscaseasdBi,ordecibelsrelativetowhat’scalledan“isotropic” antenna. Someexplanationiswarrantedhere.Antennasareusefulbecausetheyshape theradiosignalandfocusitinaspecificdirection.Theworstimaginablelongdistanceantennawouldradiatethesignalinaperfectsphere,withtheantenna apointatthecenter—that’sanisotropicradiator.Thedesignofanantenna enablesittoshapeandfocusthesignalinthedesireddirection,increasingthe signalstrengthinthatdirectionbyreducingitinotherdirections.Wediscussed differentantennadesignsearlier;justkeepinmindthatthedesignofanantenna directlyaffectshowmuchitcanincreasesignalstrength. InAdam’scase,hefirstboughta14dBiyagiantenna,butwhenthatdidn’t work,heexchangeditfora24dBiparabolicantennathatworksperfectly (Figure34.11). Keepinmindthattheothersideoftheconnectionalsohasanantenna,and youmustaddthatintotheequationaswell—theonlywaytolearnthatpieceof informationistoask.Adam’sWISP’santennaisa14dBiomnidirectional.
Free-SpaceLoss Theeasiestpartofthesignalstrengthequationtounderstand,ifnottocalculate, isthelossofthesignalasittravelsthroughtheairfromyourantennatothe
Chapter34 | Long-RangeAntennaBasics
Figure34.11 Adam’s24dBi parabolicantenna, mountedjust outsidehisoffice.
remoteantenna.Noonehastroubleagreeingthatthegreaterthedistancebetween atransmitterandareceiver,theweakerthesignal.Thereasonsforsignalloss infreespacearethatthesignalspreadsoutinawaythat’sproportionaltothe squareofthedistancetraveledandsomeoftheenergyinthesignalisabsorbed asitpassesthroughtheair,particularlybywaterdropletsonarainyday. NOTE TheMaineWISPGlenntalkedtosaidthatthefrequent,fallingsnowinMaine appearstoimprovesignalquality,andAdamoncefoundthathisiBookcould pickuptheremotesignalusingonlyitsinternalantennaduringasnow storm.Themoralofthestoryisthatprecipitationaffectssignalstrengthin unpredictableways,thankstothereflectionsofthesignaloffindividualdrops ofwaterorflakesofsnow.
Youcanuseanonlinecalculatortodeterminefree-spaceloss(theoneat www.comsearch.com/satellite/tools_fsl.jspiseasytouse;otherswesawwere lessso).Or,ifit’snotavailable,youcancalculatethefree-spacelosswiththe followingequation: -L = C + (20 x log(D)) + (20 x log(F))
Inthisequation,-Listhesignalloss,Cisaconstantthat’seither36.6ifyou measurethedistanceDinmilesor32.5ifyoumeasureDinkilometers,and Fisthefrequencyinmegahertz(2400MHzforstandard802.11b). TIP Don’tfeelintimidatedbyallthelettersandlogarithmsintheequation—the equationiseasytosolveifyouhaveacalculatororspreadsheetthatcan calculatethelogarithms.However,becarefultomultiplythepartsinsidethe parenthesesbeforeyouaddeverythingtogether.
Theonlythingyoumustdeterminetosolvethisequation,then,isthedistance betweenyourantennaandtheremoteantenna.Youcouldgetfancyandusea
423
424
TheWirelessNetworkingStarterKit
GPSdevicetodetermineyourlocationandthelocationoftheremoteantenna, butaccuracyisn’tthatimportantbecauseusingthelogarithmofthedistance minimizestheeffectofthedistanceontheoverallequation. Adam’shouseisabout2milesawayfromtheremoteantenna,sotheequation forhisconnectionlookslikethis: -L = 36.6 + (20 x log(2)) + (20 x log(2400))
Runningthelogarithmsthroughacalculator(typethenumber,thenpressthe logbutton)givesusthis: -L = 36.6 + (20 x .301) + (20 x 3.38)
And,solvingthemultiplicationinsidetheparenthesesturnsitinto: -L = 36.6 + (6.02) + (67.60)
Finally,weareleftwithasimplebitofaddition: -L = 110.22 dB
So,thedistancebetweenAdam’santennaandtheremoteantennaaccounts forabout110dBofsignalloss. NOTE Rememberwhenwesaidthatextremeaccuracyinthedistancedoesn’tmake allthatmuchdifference?IfAdam’shousewere3milesawayfromtheremote antenna,theamountofsignallosswouldincreaseonlyto113dB.It’snotan insignificantjump,butyouneedmorethan3dBofleewayforaworkable connectionanyway.
ReceiveSensitivity Theabovecalculationdeterminesthestrengthofthesignalwhenitarrives, butthere’sonemoredetailyoumustdeterminebeforeyoucantellifyour connectionislikelytowork—thereceivesensitivityofbothradios.Receive sensitivityisameasureofhowweakasignalcanbeataparticularspeedbefore thereceivingradiocan’tdecodeit.Liketransmitpower,it’smeasuredindBm, butthenumbersareverysmall,oftenaround-85dBm,andthelowerthe number,thebetterthereceivesensitivity. Foryourside,lookinthetechnicalspecificationsofyourwirelesscardoraccess point.Somewirelessnetworkinggearmanufacturersincludereceivesensitivityin theirtechnicalspecifications,butothersomitit.Youcanalsofindreceivesensitivity numbersformanycommonnetworkingdevicesathttp://freenetworks.org/ moin/index.cgi/ReceiveSensitivity.
Chapter34 | Long-RangeAntennaBasics
Unlessyouinstallbothendsoftheconnection,theonlywayyoucandetermine receivesensitivityfortheremotesideistoaskyourISPorsearchforinformation abouttheequipmentyourISPuses.Ifyoucan’tfindthereceivesensitivity numbers,guessatbetween-75and-95dBm. InAdam’scase,searchinginGoogleon“LucentWaveLANreceivesensitivity dBm”broughtupsomepagesthatshowedhiscardhas-94dBmreceivesensitivity at1Mbps.Anothersearchon“CiscoAP340receivesensitivity”revealedthat theremoteradiohasareceivesensitivityof-90dBmat1Mbps.
PuttingItAllTogether Nowit’stimetoputeverythingtogether,addingthenumbersthatrepresent signalstrengthandsubtractingthenumbersthatrepresentsignalloss.(There’s aniceonlinecalculatoratwww.retro-city.co.uk/bovistech/wireless/calcs.htm thatdoesthesesumsforyou.)Rememberthatwemustcalculatethisinboth directions:sendinginformationtotheremotelocationandreceivingfromthe remotelocation.ForAdam’slong-rangeconnection,wesumthefollowing whensendingdataouttotheWISP(Table34.1). TIP Thiscalculationalsoincludesamarginof15dBtoaccountforchangesin theweather.Ifyourwirelessconnectionisontheedgeofhavingsufficient signalstrengthingoodweather,arainstormorsnowstormmaycauseitto dropentirely.That’sthetheoryanyway;intherealworld,Adamhasnever seenweatheraffectthereportedsignalstrengthofhisnetworkbymore than2dB.
Sincethereceivesensitivityoftheremotesideis-90dBm,thecalculationshows Adamshouldhave8dBmofsignalstrengthoverheadintheworstweather(the8 dBmisthedifferencebetweenthe-90dBmreceivesensitivityandthe-82dBm Table34.1
CalculatingSendingSignalStrengthattheRemoteLocation Variable
GainorLoss
Localtransmitpower
+15dBm
Localcableloss
-5dB
Localantennagain
+24dBi
Free-spaceloss
-110dB
Remoteantennagain
+14dBi
Remotecableloss
-5dB
Marginforweather
-15dB
Signalstrengthatremotelocation
-82dBm
425
426
TheWirelessNetworkingStarterKit
signalstrengthwecalculateinTable34.1).Ingoodweather,weendupwith 23dBm(that’s8dBmplusthe15dBmwekeptasamarginforbadweather). Ifyouconsiderthatthetransmitpowerofmostwirelessnetworkinggearis between15and20dBmandworksfineinshort-rangesituations,beingableto sendbetween8dBmand23dBmtotheremotelocationshouldworkfine. Nowlet’srunthecalculationinreverse,toseehowstrongasignalAdam receivesfromhisWISP(Table34.2). Table34.2
CalculatingReceiveSignalStrengthattheLocalLocation Variable
GainorLoss
Remotetransmitpower
+15dBm
Remotecableloss
-5dB
Remoteantennagain
+14dBi
Free-spaceloss
-110dB
Localantennagain
+24dBi
Localcableloss
-5dB
Marginforweather
-15dB
Signalstrengthatlocallocation
-82dBm
SinceAdam’sequipmenthasareceivesensitivityof-94dBmat1Mbps,the calculatedreceivedsignalstrengthof-82dBmshouldbemorethansufficient forcommunication,evenintheworstweather,with27dBmavailableunder normalconditions.
ChangingVariables IntheexampleofAdam’sconnectionabove,wekneworcouldeasilyguessat allthenumbersbecauseit’sanexistingconnection.Butyoushouldperform thiscalculationbeforeyoupurchaseequipment(andifhe’dknownthenwhat heknowsnow,Adamwouldhavedonesoaswell). Ouradvice,then,istosetupasimplespreadsheetthatlooksroughlylikethe previoustables.Enterallthenumbersyoucanfigureoutfortheremoteside (assumingyou’renotsettingupbothsidesyourself),andthenincludethefreespaceloss.Onceyou’vedonethat,youcanpluginvaluesfortheequipmentyou needtobuyandseeifitallworksout. HadAdamdonethiscalculationbeforesettinguphislong-rangewireless connection,hemighthaverealizedthatthe14dBiyagiantennaheinitially
Chapter34 | Long-RangeAntennaBasics
boughtwouldn’tworkwellbecausehiseffectivesignalstrengthwouldhavebeen only-2dBinbadweatheror13dBingoodweather.Ofcourse,thisdoesn’t explainwhythe14dBiyagifailedtoworkatallingoodweather,sincethere shouldhavebeensufficientsignalstrengthforbasicoperation.Thefactthat itdidn’tworkisevidencethatthecalculationdescribedhereisintentionally rough,andifyouwanttogetserious,youmustconsidermanyadditional variables.Web-basedcalculatorscanhelpyou,oryoucanrely,asAdamdid, onacertainamountoftrialanderror.
StayingLegal Therearelegalrestrictionsonhowmuchpoweryoucantransmitfromany radio,includingawirelessnetwork.Theserestrictionsvarywidelybycountry, andinsomecountries,long-rangewirelessconnectionsarecompletelyillegal.If youliveoutsidetheU.S.,westronglyencourageyoutocheckyourlocalstatutes beforeassumingthatyoucansetupalong-rangewirelessnetwork. IntheU.S.,restrictionsonlong-rangewirelessnetworkingaresetdownbythe FederalCommunicationsCommissioninwhat’sgenerallycalledthe“Part15 Regulations.”Part15specifiespowerlimits,equipmentlimitations,certification requirements,andinterferencehandling.YoucanreadtheentirePart15at www.access.gpo.gov/nara/cfr/waisidx_01/47cfr15_01.html. ForanalysisofPart15andwhatitmeansforsettinguplong-rangewireless connections,werecommendyoureadTimPozar’swhitepapersonthetopic, availableatwww.lns.com/papers/part15/.ThoughTimisnotalawyer,heis along-timebroadcastengineerwhoconsultsontelecommunicationsissues, andheisalsoafoundingmemberoftheBayAreaWirelessUsersGroup (www.bawug.org),oneofthepre-eminentwirelessusersgroupsintheworld. NOTE It’suptoyoutoensurethatyourwirelessnetworkrunswithinlegalpower limits,sousewhatwesayhereasaguide.Ifyou’retrulyworried,consulta lawyerfamiliarwithtelecommunicationslaw.Thatsaid,theFCCisn’tlikelyto comeknockingonyourdoorunlessyou’recausinginterferenceforotherusers andthosepeoplecomplain.
EvenTim’splain-talkingdiscussioncanbeabitdensetoworkthroughfor folkswhodon’thavethenecessarydeeperunderstandingofmath,physics,and lawthatinformtheseprinciples.Fortunately,indiscussionswithreaderDr. A.ShiekhofDinéCollege,we’vecomeupwiththefollowingsimplifications thatshouldhelpyoudetermineifyourplannedinstallationwillbewithinthe FCCregulations.
427
428
TheWirelessNetworkingStarterKit
NOTE Rememberthatyoumustaddtheeffectofanyamplifierstothetotal poweroutput,butyoucanalsosubtractthesignallossduetocableand connectors.
Point-to-Multipoint Forpoint-to-multipoint2.4GHzwirelessnetworks(whereyou’reerecting acentralomnidirectionalantennaformanyclientstoconnectto),theFCC allowsyourtransmittertoputoutupto30dBm(1watt)witha6dBiantenna, foratotalof36dBm(4watts).Ifyouwanttouseanantennawithmorethan 6dBiofgain,youmustreducethetotalpoweroutputofthetransmitterby1 dBforevery1dBofantennagainover6dBi. Sinceyoumustlowertransmitterpowerbyexactlythesameamountasyou increaseantennagain,thebestapproachisprobablytopairyourtransmitter powerandantennagaintoprovidethemaximumallowedpower(assumingyou needthatmuch—it’salwaysbesttouseaslittlepoweraspossibletominimize chancesofinterference). See Table34.3 for sample possibilities (remember that most wireless networkinggearrunsatthepoweroutputslisted;consultTable34.4or www.hyperlinktech.com/web/dbm.html ifyouneedtoconvertadifferentwattage todBm).
Point-to-Point Forpoint-to-pointwirelessnetworks(whereyou’repointingtwodirectional antennasateachother),theFCCismorelenient,becausedirectionalantennas minimizeinterferenceforotherusersinthe2.4GHzband.Inapoint-topointnetwork,yourtransmitterisstillcappedat30dBm(1watt)witha6dBi Table34.3
AllowablePowerOutput/AntennaGainCombinations inaPoint-to-MultipointWirelessNetwork TotalPowerOutputofthe Transmitter
Allowable AntennaGain
MaximumEffective RadiatedPower
≤30dBm(1watt)
≤6dBi
36dBm
≤23dBm(200milliwatts)
≤13dBi
36dBm
≤20dBm(100milliwatts)
≤16dBi
36dBm
≤17dBm(50milliwatts)
≤19dBi
36dBm
≤15dBm(32milliwatts)
≤21dBi
36dBm
Chapter34 | Long-RangeAntennaBasics
Table34.4
AllowablePowerOutput/AntennaGainCombinationsina2.4GHz Point-to-PointWirelessNetwork TotalPowerOutputofthe Transmitter
Allowable AntennaGain
MaximumEffective RadiatedPower
≤30dBm(1watt)
≤6dBi
36dBm
≤29dBm(800milliwatts)
≤9dBi
38dBm
≤28dBm(630milliwatts)
≤12dBi
40dBm
≤27dBm(500milliwatts)
≤15dBi
42dBm
≤26dBm(398milliwatts)
≤18dBi
44dBm
≤25dBm(316milliwatts)
≤21dBi
46dBm
≤24dBm(250milliwatts)
≤24dBi
48dBm
≤23dBm(200milliwatts)
≤27dBi
50dBm
≤22dBm(158milliwatts)
≤30dBi
52dBm
≤21dBm(126milliwatts)
≤33dBi
54dBm
≤20dBm(100milliwatts)
≤36dBi
56dBm
≤19dBm(79milliwatts)
≤39dBi
58dBm
≤18dBm(63milliwatts)
≤42dBi
60dBm
≤17dBm(50milliwatts)
≤45dBi
62dBm
≤16dBm(40milliwatts)
≤48dBi
64dBm
≤15dBm(32milliwatts)
≤51dBi
66dBm
≤14dBm(25milliwatts)
≤54dBi
68dBm
≤13dBm(20milliwatts)
≤57dBi
70dBm
antennaforatotalof36dBm(4watts).However,ifyouwanttouseahigher gainantenna,youmustreducethetotalpoweroutputofthetransmitterby1 dBforevery3dBofantennagainover6dBi. Thatmeansthatusingalowerpowertransmitterallowsyoutouseahigher gainantennathatmorethanmakesupforthetransmitterpowerloss.See Table34.4forarangeofpossibilities. NOTE Youmightwonderifbothsidesinapoint-to-multipointnetworkaregoverned bythemorerestrictivepoint-to-multipointlimitations,oriftheclientside (whichusesadirectionalantennatotalkwiththecentralomnidirectional antenna)isgovernedinsteadbytheless-restrictivepoint-to-pointlimitations. Wewonderaswell,andTimPozartellsusthatasfarashe’saware,theFCC hasn’tmadearulingonthis,meaningthatit’sstillopenforinterpretation. Wesuspectthataslongasyoursystemdoesn’tcauseinterferenceforanyone else,it’snotlikelytobecomeanissue.
429
430
TheWirelessNetworkingStarterKit
AntennaInstallation Whenitcomestimetoinstallyourantenna,youprobablydon’thaveallthat manyoptions,becausetherearesomanyconstraints.
LineofSight Themostimportantconstraintonyourantennainstallationisthatitmusthave aclearlineofsighttotheremoteantenna.Althoughtheradiosusedbywireless networkinggeararequitesensitive,almostanyobstruction—includingtree leaves—willblockthesignal.
802.11aand5GHzWirelessNetworks All the discussion of FCC requirements relatesprimarilyto2.4GHzwirelessnetworks—802.11band802.11g.TheFCC’srules areslightlydifferentforwirelessnetworksin the5GHzrange,includingboth802.11aand thoseusingproprietarytechnologies. Theso-called“5GHzband”isdividedinto threesections.The“low”bandfrom5.15GHz to5.25GHzhasamaximumpowerof50milliwattsandismeanttobeusedonlyindoors. The“middle”bandrunsfrom5.25GHzto 5.35GHz,andhasamaximumpowerlimit of250milliwatts.Lastly,afterasmallgap, the“high”bandspans5.725GHzto5.825 GHz.Thelimitationsofthe5GHzband mimicthoseof2.4GHzwirelessnetworks whenusedinpoint-to-multipointnetworks (30dBmtransmissionpowerwitha6dBi antennaforatotalof36dBm). Forpoint-to-pointnetworks,thesituation isabitdifferent.Youcanuseonlythehigh partofthe5GHzband,andwhenyoudo, theFCCallowsatransmitterpowerof30 dBm(1watt)withuptoa23dBiantenna.
Forantennaswithgainover23dBi,youmust reducethepowerofthetransmitterby1dB foreach1dBofantennagain,accordingto 15.407(a)(3)oftheFCCregulations.Oddly, 15.247(b)(3)(ii)seemstocontradictthis,sayingthatyoumayuseantennasofanygainfor point-to-pointnetworks. Perhapsbecauseoftheneedtousegearinonly the“high”partof5GHzband,theequipment for5GHzlong-rangenetworkingseemsto bemuchmoreexpensive.Also,accordingto TimPozar,802.11aismoreresilienttointerferencethan802.11b,butitshigherfrequency resultsinahigherfree-spaceloss.Thuswith thesametransmitterpowerandantennas, 802.11awillhaveonlyabout18percentof thesignalstrengthof802.11b. Ourimpressionisthat802.11aand5GHz long-rangewirelessnetworksareprimarily forhighlyspecificsituationswhereexpensive equipmentandinstallationisworthwhile, ratherthaningeneral-purposeinstallations designedandbuiltbyconsumers.
Chapter34 | Long-RangeAntennaBasics
TIP Ifyou’resettingupalong-rangewirelessconnectioninthewinterorspring beforethetreesleafout,makesuretotakeleafcoverageintoaccountoryou mayfindthatyourconnectionisseasonal.
Insomecases,suchasAdam’s,itmaybeeasytodeterminelineofsightbecauseyou canseetheremoteantennatowerwiththenakedeye(hisISP’santennaismounted ontheWVBRradiotower,whichiseasytosee).Ifyoucan’tseetheremote antenna,though,tryviewingitwithbinocularsorahigh-powertelescope. NOTE Radiowavesinthe2.4and5GHzpartsofthespectrumaren’tfocusedlikea laserbeam.Instead,theyspreadoutandoccupyanellipticalareaoneitherside ofthestraightlineofsight.ThisareaiscalledtheFresnelzone,andyouactually needaclearshotintheFresnelzoneaswell,sotreesthatdon’tblockthevisual lineofsightcanstillinterferewithyourwirelessconnection(Figure34.12).Visit www.solectek.com/techlib/techpapers/techtalk/tt-howhard.htmlfora fullexplanationoftheFresneleffect,andusethecalculatorathttp://gbppr. dyndns.org/fresnel.main.cgitoseehowmuchleewayyouneedtoprovide forradiolineofsight. Figure34.12 TheFresnelzone.
t
Visuallineofsigh Fresnelzone
TheFresnelzoneiscenteredonthelinebetweentwo transceivers;objectsintrudingontheFresnelzone mayinterferewithyoursignal.
Ifyousimplycan’tfindtheremoteantennavisually,youmaystillbeableto createawirelessnetworkconnectionwithit,butit’salmostcertainthatyou needahigh-gainantenna.Theonlywaytoknowforsureistotest. Ingeneral,elevationhelpsyouachieveradiolineofsight,sotrytofindalocation foryourantennathatprovidesaddedheight.Realistically,anantennausually endsupmountedonarooftoporevenonanantennamastthatriseshigher thantherooflineofthebuilding.
CableRunsvs.EasyAccess Asyounowknow,youwanttominimizethelengthofacableruninordertoavoid losingsignalstrength.Thatdesirehasresultedinpeoplefiguringouthowtoplace anaccesspointrightnexttoanantenna.Thechallengehereincludesbuildinga waterproofenclosure(tryasprinklercontrolenclosurefromahardwarestore),
431
432
TheWirelessNetworkingStarterKit
connectingtheaccesspointtotherestofyournetworkviaanEthernetcable (orwirelessbridge;seeChapter20,BridgingWirelessNetworks)andproviding powertotheaccesspoint,perhapsviaaPoweroverEthernetdevice(Powerover EthernetisabbreviatedPoEandisalsoknownasActiveEthernet). NOTE PoweroverEthernetworksbyrunninglowvoltagesoverunusedpairsin standardEthernetcable.Youneedan“injector”thatputsDCvoltageonto unusedwiresintheEthernetcable,andunlessyouraccesspointisalready PoE-compatible,youalsoneeda“picker”todeliverthepowerfromtheEthernet cabletotheaccesspoint.Formoreinformation,seewww.hyperlinktech.com/ web/what_is_poe.html.
TIP MoststandardEthernetcableisnotratedforoutdooruseandwillbebroken downbyultravioletlight.Outdoorcablecanbehardtofind,butifyouplanto runEthernetcableoutside,callelectronicssupplystoresandaskforEthernet cablethat’sratedforoutdooruseorevendirectburial.
Somecommunitywirelessnetworkinggroupshavepulledbackfromtrying toreducecablerunsatallcosts.Itturnsoutthatputtingtheaccesspointina waterproofenclosureonaroofmakesitsignificantlymoredifficulttoaccess incaseoftrouble(likerebootingitifitcrashes),andyoudon’twanttoclimb aladdereverydaytoresettheaccesspointinsuchasituation. TIP Becarefulonrooftops!It’salltooeasytoslipandfall,anditcanbealongway down.OurcolleagueRobFlickengerhadaspillinearly2002,andhiscomment toGlennataconferencelaterthatyearwas,“There’sareasonpeoplehave twokidneys.”Robrecoveredandisnowasafetyadvocate.“Spotters,sense, andharnesses,”hesays.
Ouradviceistotrytokeeptheantennacableasshortaspossiblewhileplacing theaccesspointtowhichyouconnectitinareasonableindoorlocation.
Durability Thelastthingtokeepinmindwheninstallingyourantennaisthatitwillbe exposedtotheelements,dayinanddayout.Sun,wind,rain,snow,ice,fog, plaguesoflocusts—youwantyourantennatowithstandwhatevernaturethrows atit.Andkeepinmindthatby“withstand”wemean,“withoutmovingorfailing tooperate.”Ifastrongwindturnsapanelantennainadifferentdirectionor anicestormcoatsayagi,yournetworkcouldgodown. We’vealreadydiscussedhowdifferenttypesofantennaswithstandwindload; ifyourareasuffersfromhighwindsatall,checkthewind-loadratingwhen
Chapter34 | Long-RangeAntennaBasics
buyinganantenna.Similarly,whenyouinstallit,mountitassecurelyaspossible. Ifyoumountitonaroundpole,makesureitcan’trotateonthepole—the antennaismorelikelytorotateinthewindthantoblowoverentirely.
MakingLong-RangeWirelessConnections We’vetalkedaboutantennas,cable,pigtails, andconnectors,butintowhatdoyouplugthe pigtail?Whetheryou’reconnectingtoaWISP orextendingyourexistingnetworkasdiscussed inthepreviouschapter,yourwirelessdevice mustactlikeaclient,thatis,likeanormal wireless-capablecomputerconnectingtoan accesspoint.Infact,ifyouwanttoconnect onlyasinglecomputertoaWISP,youcan installawirelessnetworkadapterthathasan antennajackandconnectittoyourpigtail. Moredifficultisconnectinganentirenetwork toalong-rangewirelessconnection,andfor thatyouhavetwooptions: Networkserver.Connectawirelessnetwork adaptertoacomputer,attachtheantenna(via apigtail)tothewirelessnetworkadapter,and runsoftwareonthecomputerthatturnsthe computerintoagateway.ForWindowsXP, youcanuseitsbuilt-incapabilitytosharean Internetconnection,whichwecoverinChapter 19,CreatingaSoftwareAccessPoint.ForMac OSX,tryusingBrianHill’s$25shareware BrickHouseutility(seehttp://personalpages. tds.net/~brian_hill/brickhouse.html)to conf igure Mac OS X’s built-in Internet Sharingfeature.ForMacOS9,checkout the$89IPNetRouterfromSustainableSoftworksatwww.sustworks.com/site/prod_ipr_ overview.html.YourcomputermustthenconnectvianormalwiredEthernettoanEthernet hub,andifyouwanttoprovideinternalwireless networkaccessaswell,insteadofaplainhub,
useawirelessgatewaythatintegratesanaccess pointandanEthernethub.Thedownsideof thisapproachisthattheconnectionisactive onlywhenthecomputerisonandfunctioning, soit’sataskbesthandledbyacomputerthatnobodyusesforregularwork—oldercomputers, particularlyspace-andpower-savinglaptops, oftenworkwellinthissituation. WirelessEthernetbridge.Useawireless EthernetbridgesuchastheLinksysWET11 (www.linksys.com/Products/product.asp?grid =22&prid=432)orthesmartBridgesairBridge (www.smartbridges.com/new/products/ab.php), bothofwhichcanacceptexternalantennasand canbridgethelong-rangewirelessconnection toawiredEthernetnetwork.(SeeChapter20, BridgingWirelessNetworks,formoredetails.) Again,ifyouwanttoprovideinternalwirelessnetworkaccess,youmustalsoconnectthe wirelessEthernetbridgetoawirelessgateway. (Justbecauseawirelessgatewaysaysitprovides bridgingbetweenwiredandwirelessnetworks doesnotmeanitcanbridgealong-rangewirelessconnection.That’sbecausemostwireless gatewayscanruntheirwirelessradiosonlyas accesspoints,wherethey’reactingasahubfora wirelessnetwork,ratherthanasclients,where they’reconnectingtoanotheraccesspoint.) Ineithercase,youprobablywanttorunNAT andDHCPtoprovideprivateIPaddresses foryourcomputers.SeeChapter16,Buyinga WirelessGateway,formoreinformation.
433
434
TheWirelessNetworkingStarterKit
Alsopaycloseattentiontoyourcableandconnectors.Mostantennacableis designedforoutdooruse,andthreadedconnectorsprovidemuchmoresecure connectionsthanpush-onortwist-to-lockconnectors.Threadedconnectorscan befairlywaterproof,butit’sstillagoodideatowraptheminwaterprooftape, sincewaterhasanastyhabitofinfiltratingeventhemostsecureconnections. Ifthevendoryoubuyyourantennagearfromdoesn’tcarryit,youcanfind waterprooftapesuitableforthistaskatRadioShack.Ifpossible,makesure thetapecanholdupunderultravioletradiation,too. TIP Severalcompaniessell“ruggedized”enclosures,whicharewaterproofboxes thatresembletheplasticphonecompanyboxesontheoutsideofyourhouse. Youcanusethesecasesforinstallingwirelessnetworkinggearoutdoors.Of course,electronicsgenerateheat,sotheheatinthebox,especiallyonahot day,couldcausehardwarefailures.
Ifyouplantoattachyourantennatoabuilding,makesureeverythingis securelyfasteneddown.Inmanycases,theremaybenoobviousplacetoattach mountingbrackets,oryoumaynothavepermissiontomakesuchmodifications tothebuilding.Inasituationwhereyouhaveaflatroof,considerconstructing asturdysledwithawoodenbaseandsupports(Figure34.13).Aslongasyou weighdownthebasewithconcreteblocksorsandbags,thesledshouldwork fine(butmakesureitwon’tdamagetheroofsurface). Figure34.13 Simpleantennasled design.
NetworkingBasics
A
Althoughwirelessnetworksareeasytoassembleandmaintain,they’restill networks,andacertainlevelofcomfortwithconventionalnetworkingcanhelp youunderstandhowyourwirelessnetworkworks.Moreimportantly,most peoplerarelyconnectonlywirelessdevicestoanetwork,butmustalsohook inEthernetprintersandolderwiredmachines,sosomeadditionalbackground innetworkingservesyouwellthere,too. Whenitcomestonetworkingknowledge,wesuspectyoufallintooneofthree categories:
• Althoughyouknowcomputerscanhooktogetherintonetworks,youdon’t
knowmuchabout10Base-TEthernet,neverconsideredthedifference betweenahubandagateway,andtrulyfeellostwhencontemplating whetherornotyoushoulduseacrossovercablewhenconnectingtwo networkdevices.Don’tfeelashamed—weallstartedsomewhere,butyou’ll wanttoreadthisentireappendixcarefully.Also,thisappendixcanactas anongoingreferenceifyouhitrockyspotswhilesettingupanetwork.
• You’veperformedsomesimplenetworkingbefore,perhapsconnectinga coupleofcomputerstoeachotherviaahubsoyoucouldtransferfilesback andforthandshareahigh-speedInternetconnection.Whenpushcomes toshove,youcanprobablymakemostnetworkdevicesworkviatrialand error,butyou’renotsurehowitallworks.Werecommendyoureadthis appendix,skippinganysectionsthatcoverinformationyou’resureyou alreadyknow.Referbackasyouencounterlessfamiliarconceptsinthebook: afewminutesofreadingcansavehoursoffruitlessexperimentation.
436
TheWirelessNetworkingStarterKit
• You’reanetworkadministratorwithlotsofcertificationlettersafteryour
name,andweshouldaskyouforhelp.Noneedtowasteyourtimehere—to quoteObi-WanKenobi,thesearen’tthedroidsyou’relookingfor,and that’swhywe’veputthisinformationinanappendix.
Forthoseofyouinthefirsttwocategories,let’sstartwithareal-worldanalogy sowe’reallonthesamepage.
What’saNetwork? What’sanetwork?Putsimply,networkstransportdatafromonecomputer toanother.Whenyoutrytowrapyourheadaroundtheconceptofnetworks, itcanhelptothinkofthemintermsofeverydaytransportationsystems,like highwaysorrailroads. Forinstance,considerarailroad.It’smadeupofstationsandfreightyards connectedbytracks.Onthetracks,freighttrainscarrycargocontainers;each containerislabeledwithadescriptionofthecontainer’seventualdestination. Nowlet’stranslateourrailroadnetworkintoacomputernetwork.Ourcomputers aretherailroadstationsalongthetracks,andthetracksarethewiresthatrun fromcomputertocomputer.Cargocarriedonafreighttraintravelsincontainers; datacarriedonanetwork—computerfiles,Webpages,emailmessages,andso on—travelsinpackets.Inthenetworkingworld,packetsplayakeyroleinmoving dataaround.Apacketcontainsasmallchunkofalargerpieceofdatathat’sbeen dividedup.Everypackethasaheaderthatstateswhereitcamefromandwhereit’s heading,performingthesametaskastheroutinglabeloneachcargocontainer. Justasalmostallrailroadsnowusethesamegaugetrackforcompatibility reasons,adherencetostandardsincomputernetworkingisessential.For instance,youcan’tuseanyoldwiretoconnectcomputers,andifyoumixwire types,yourunintoexactlythesamesituationthatearlyrailroadsofdifferent gaugesexperienced—workershadtotransfercargofromonetraintoanother, whichrequiredaspecialdevicelikeacraneandtendedtoslowdowndelivery time.Althoughyoucanchoosefromavarietyofacceptablewiretypes,it’s besttostickwithonetype. Thesameprincipleapplieswhenyouconnectawirednetworktoawireless network.Makingtheconnectionisliketransferringcontainersfromarailroad cartoacargoplane.Thecargocontainersremainthesame,andtheirlabels stillsaywherethey’reheaded,butyou’vetradedtherigidlyconstrainedworld ofrailroadtracksandstationsforwide-openairwaysandairports.
AppendixA| NetworkingBasics
Nomatterhowacargocontainertravels,onceitreachesitsdestination,workers removeandunpackitscontents.Heretheanalogybreaksdownabit,since real-worldcargocontainersarehugeandcarryalotofstuff,whereasnetwork packetsarebroken-upportionsoflargerthings,suchasemailmessages,Web pages,orspreadsheetfiles.Whennetworkpacketsreachtheirdestinationand areunpacked,theircontentsmustalsobecombinedwiththecontentsofother packetsandreassembledintotheoriginalfile,Webpage,oremailmessage. Wecouldcontinuethisanalogytothepointofridiculousness,comparingpolicies surroundingwhathappenswhentwotrainsheadedinoppositedirectionsmeet onthesametracktothewayEthernetnetworkshandlepacketcollisions.But let’snotgothere;instead,forthoseofyouwhoarestilllearningaboutnetworks, let’slookatwhatthey’regoodfor.
NetworkUses Thefactthatyou’reevenreadingthisbookmeansyouhavesomeideaofhow youcanuseanetwork,mostlikelyforsharinganInternetconnectionorcopying filesbackandforthbetweencomputers.Nevertheless,theremaybeusesyou hadn’tpreviouslyconsidered,solet’srunthroughthemainusestowhichwe’ve putournetworksovertheyears.
InternetSharing IntheageoftheInternet,aone-computer-per-connectionpolicyseemsbizarre, butmostcableandDSLserviceprovidersofferpracticallythesamelimitations asdial-upnetworks:eachconnectioncomeswithasingleInternetaddress, oftennotafixedone,andextraaddressesareeitherunavailableorexpensive. Marketresearchshowsthatamajorityofhouseholdswithonecomputerhave asecond,andmanyhaveathirdorfourth.Alltheseuserswanttobeonthe Internetatthesametime,whichmeanssharingthatoneaddress. Luckily,sharinganInternetconnectionrequiresonlyinexpensivehardwareor softwareinstalledonthemachineconnectedtotheInternet.And,ifyou’resetting upawirelessnetwork,youalmostcan’tavoidbuyingawirelessaccesspointthat doesn’talsoshareyourInternetconnection.Usingawirelessnetworktoshare yourInternetconnectionwithalaptopcomputerisespeciallycompelling,since youcanbrowsetheWeb,reademail,oruseinstantmessagingfromanywhere withinrangeofyouraccesspoint. Putsimply,theInternetisconsideredstandardequipmentthesedays.Ifyouhave multiplecomputers,theyshoulddefinitelyshareyourInternetconnection.
437
438
TheWirelessNetworkingStarterKit
NOTE Someserviceprovidersofferreasonableoptionsforgivingeachmachineon anetworkaunique,publicInternetaddress,buttherearesomesecurity reasonstouseprivateaddressesviaNetworkAddressTranslation(NAT) instead.WediscussNATlaterinthisappendixandinChapter27,Protecting YourSystems.
FileSharingandExchangingFiles Filesharingusedtobethekillerapplicationfornetworks,andofficeworkersstill useitheavilyasameansforcollaboratingandtradingfilesbackandforth.Offices typicallyhavefileservers—computersthathavenoresponsibilitybuttoprovide aplacetostorefilesforeveryonetoaccess,andtomediatenetworkconnections tothosefiles.However,apersonalcomputerrunningeitherWindowsorthe MacOScanactasafileserverwithnoextrasoftwarewhilestillperforming itsdutiesasapersonalcomputer,soyoucaneasilysharefileseveninsmall officesorhomeswhereadedicatedfileserverwouldbeoverkill. Filesharingdoesn’tnecessarilyimplycopyingfilesbetweencomputers,either. Forinstance,eachofusstoredacollectionofMP3musicfiles(convertedfrom existingCDcollections)onasinglecomputer.Nowourfamiliescanrunmusic softwaretoplaythesefilesoverthenetwork,withoutcopyinggigabytesof musictotheirindividualcomputers. TIP WehelpyouwiththebasicsofsettingupfilesharinginChapter13,Sharing Files&Printers.SharingfilesbetweenMacsandPCsisslightlytrickier,but weofferafewtipsonthatinChapter13aswell.
Afteryousetupanetwork,youwillfinditmucheasiertosharefilesoverthe networkthantocopythemtoafloppydisk(especiallygiventhatMacsand somePCsnolongerhavefloppydiskdrives)oraCD-RWdisc.
PrinterSharing Printersareapartoflife,predictionsofapaperlessofficetothecontrary.Paper workswellformanykindsoftasks,includinggraphicaldisplaysofinformation anddisplayingphotos,andthelatestgenerationofinkjetprintersdoesagreat jobwithbothwhilecostinglessthanapieceofhomestereoequipment. NOTE Forafascinatinglookatwhypaperreallydoesworksowell,readMalcolm Gladwell’sarticleentitled“TheSocialLifeofPaper”atwww.gladwell.com/ 2002/2002_03_25_a_paper.htm.
AppendixA| NetworkingBasics
Butevengiventhelowcostandwideutilityofcurrentprinters,itrarelymakes senseforeachcomputertohaveitsowndedicatedoutputdevice.Rather,sharing printersacrossanetwork,oftenwithdifferentcapabilitiesineachprinter(ifyou havemorethanone),isafarmoresensibleapproach.Hookingaprinterintoa computerorahomegatewaycanletyoushareeventhecheapestofthem. WindowsandtheMacOSofferprintersharingfeaturesoutofthebox;theonly problemisthateachoneisgoodatsharingonlyamongcomputersrunningthe sameoperatingsystem.So,ifyoushareaprinterviaWindows,aMacwon’tbe abletoseeitwithoutsomeextrasoftwarecalledDave,fromThursbySoftware Systems(seewww.thursby.com/products/dave.html),ortheGimp-Printutilities (http://gimp-print.sourceforge.net/MacOSX.php3).Thereverseisalsotrue—a printersharedfromaMacwon’tbevisibletoaWindowscomputer,though Davehelpsinthatsituationaswell. TIP Network-basedprinterstypicallyhaveseveralprotocolsforprintingbuiltin, sothatcomputersrunningtheMacOSorWindowscanprintdirectly.Some printersevenhaveIPaddresses.Youcanprinttothemfromanywhereon theInternet.
Backup Yourmostimportantbackupwasthelastoneyoudidn’tmake—ornevermade. Mostpeoplerealizethattheyshouldhavemadecopiesofimportantfilesafter losingthem,butyou’retoosmartandgood-lookingforthat,right? Backupsareseldommadeasfrequentlyastheyshouldbe,becausemostpeople thinkbackingupfilesisatediousoperationinwhichyousitinfrontofacomputer swappingZipdisksorinsertingCD-RWs.Everycomputeryouaddmakesthe problemworse,asdotoday’sridiculouslylargeharddisks,whichseemtofill quicklywithMP3s,digitalvideo,gamesoftware,andhugeapplications. Network-basedbackupscanhelpsolvethebackupproblem.Withtheappropriate softwareoneachcomputerandatapedriveorotherstoragedevice(removable harddisksmakegoodbackupmediathesedaysbecausethey’resocheap),you canensurethatallcomputersonyournetworkbackupautomatically.We bothuseandrecommendDantzDevelopment’sRetrospectbackupsoftware (www.dantz.com)forMacintoshandWindows;ithasaLinuxclientaswell. Coupleitwithagoodtapedriveorsetofremovableharddisks,andyouhave abackupsolutionthatwon’tletyoudown.
439
440
TheWirelessNetworkingStarterKit
Wedon’tpretendnetworkbackupisappropriateforeveryone,norisitexactly cheap.Unlessyou’reinahouseholdorofficewithatleastahandfulofcomputers, it’sprobablyoverkill.Butinanysituationwhereimportantworkisdoneevery day,it’sanecessitytoprotectagainstthedaywhenyouwilllosedata. NOTE Everyone,andwemeaneveryone,willlosedataatsomepoint,andbackups aretheonlyprotection.It’sbesttomakemultiplebackupsetsandtokeepone off-site,aswasmadecleartoafriendwhenaburglarcleanedouthishome office,stealinghiscomputersandhisbackups.
NetworkWiring Aswediscussedearlier,thewiresofacomputernetworkarelikethetracksof arailroad.Theyconnectthedifferentcomputers—therailroadstations—and carrythedata—thecargo.Andjustliketraintracksruninparallel,snake around,andjoinupintrain-switchingroundhouses,youcanputwirestogether indifferentwayswhenbuildinganetwork.
NetworkTopologies Beforewecanlookatthedifferenttypesofnetworkwiring,weneedtodetour brieflyintothetopicofnetworktopology,afancytermthatjustmeanshowthe networkislaidout.Forthepurposesofthisbook,therearefourmainnetwork topologies:star,bus,ring,andmesh.
Star Withawiredstarnetworktopology,acentraldevice(calledahub)actslike thehubofawheel.Thehubconnectstoeachcomputerusingwires,andthe wiresresemblespokesonawheel(FigureA.1).Usingitsinternalelectronics, thehubconnectsallofthedevicestoeachother. FigureA.1 Astarnetwork topology.
Wiredstarnetwork
Wirelessstarnetwork
AppendixA| NetworkingBasics
Startopologiesarebyfarthemostcommonthesedaysbecausethey’reusedby standard10Base-Tand100Base-Twirednetworks(moreonthoseinaminute) andmostwirelessnetworks.Thebeautyofstarnetworksisthatifanyoneof thewirespokesfails,onlythecomputerontheendofthatspokeisaffected, andtherestofthenetworkcontinuestoworkwithoutanytroubles.Asyou’ll see,that’snotnecessarilytrueofothernetworktopologies.
NetworkedComputersListen,ThenTalk Alltopologiesaredesignedtocreatenetwork segments—physicallyandlogicallyseparate piecesofanetwork—inwhichallcomputersorotherdevicesonthesamesegmentcan “hear”eachotherwithintheminimumamount oftimeittakestotransmitacompleteshort sequenceofdatacalledaframe. Eventhoughnetworksignalstravelatthe speedofelectricityinwire(whichisnearthe speedoflight),youcanstillrunonlyafew thousandfeetofwirebetweenthetwomost distantdevices.Ifthesegmentwerelonger thanthat,themostdistantcomputermightnot hearthestartoftheframebeforethesending computerfinished.That’saproblembecause allcomputersonthenetworkhavetoknow whentheycanstarttransmittingwithout interruptinganothertransmission. Takethispracticalexample:if ComputerA andComputerBarebothonthesameEthernet segment,andbothstarttransmittingdataat thesametime,theonlywaytheyknowthey’re interferingwitheachother’stransmissionis toheartheotherdevice(afterwhichthey stopsending,beforethey’vecompletedadata frame).Thiskindofinterferenceiscalled acollision,becausethedatafromdifferent transceivers“collides.”
Inmosttypesofnetworks,includingWi-Fi andtheseveralkindsofEthernet,techniques arebuiltintonetworkadapterstowaitforsilence,starttransmitting,andthenhaltifthey detectaninterruption.Thedevicesthenstop talkingforashort,randomperiodoftime,and thentryagain;ifacollisionhappensagain, eachdeviceincreasesthetimerepeatedlyuntil itcangetsilenceandstartwithoutconflict. (EthernetandWi-Fihaveslightlydifferent approaches,becauseofhowwirelesssignalsare handled,buttheywindupworkingaboutthe same.)Theprocedureisabitliketheolddays ofpartylines,whereanentireneighborhood mightshareatelephoneline,soyouhadto waitforBettydownthestreettofinishtalking beforemakingacall. Eachnetworksegmentessentiallyhasitsown partyline,sobreakinganetworkintomore segmentsincreasesthethroughput,oramount ofdatayoucanreliablytransmitatanygiven timeovereachsegment.Inthemostcommon networkingflavors,10Base-Tand100Base-T, ahubinthestartopologycanbepassive,which islikeamulti-socketelectricaladapter,creating onelargesegmentcomposedofallattached networks;oritcanbeaswitch,whichisolates eachnetworksegment,andpassesdatabetween segmentsonlyasneeded.Youcanreadmore abouthubslaterinthisappendix.
441
442
TheWirelessNetworkingStarterKit
NOTE Thehubsinverylargestarnetworksoftenconnecttoeachotherinhigher-level stars—manyhubsconnectingtoonemassive,high-poweredhub—buthubs canalsoconnectinabusconfiguration,describednext.
Bus Abusnetworktopology,sometimescalledadaisy-chain,usesonelongwire, witheachcomputerhangingoffthewire(FigureA.2).Busnetworksarefairly uncommontodayforcomputers(thoughnotfornetworkhubs),althoughthey’re easytosetupandweremoreheavilyusedinthepast.10Base-5,10Base-2, LocalTalk/PhoneNet,HomePNA,andHomePlugnetworks(whichwecover later)allusebustopologies. FigureA.2 Abusnetwork topology.
Theproblemwithabustopology,asyoucanimagine,isifsomethingcutsthe wireinthemiddle,it’sabitlikeanerrantbackhoechoppingyourtelephoneline whileyou’retalkingtosomeone—thelinegoesdead.Needlesstosay,network administratorshatetrackingdownnetworkproblemsthatcouldbeanywhere onthemainnetworkwire,sobusnetworkshavefallenoutoffavor. TIP Ifyoudorunintoabusnetworkthatseemstobeintactbutisn’tworking properly,checkforthecorrectterminationonbothendsofthenetwork. Withouttheproperterminatoractingasacaponeachendofthemainwire, thesignalswon’ttraveldownabusnetworkproperly.
Ring Ringnetworktopologiesaresimilartobusnetworks,butwiththeendsofthe wireconnectedtomakearing(FigureA.3).Tokenringnetworksofferone solutiontothe“who’stalking”problem;machinespassanelectronictokento determinewhoisallowedtobroadcastatanygiventime.Tokenringnetworks areseldomusedtodayforthesamereasonbusnetworksaren’tincommon use—asinglecutinthemainnetworkcable,andtheentirenetworkcomesto ascreechinghalt.
AppendixA| NetworkingBasics
FigureA.3 Aringnetwork topology.
NOTE ThetokenringmadeanunexpectedcomebackinWi-FiinAustralia.A communitynetworkinggroupdevelopedapackagecalled“frottle”which, wheninstalledonalltheclientsandonspecialgateways,dramaticallyimproved speedbyusingatoken.Ofcourse,thisrequiredspecialhardwareandisn’t appropriateexceptforspecificnetworks.Fordetails,seehttp://wifinetnews. com/archives/002035.html.
NOTE OneofGlenn’sfavoriteDilbertcartoonsshowsDilberttellinghispointy-haired bossthathisnetworkconnectionstoppedworkingbecausethetokenfellout ofthetokenring,andthebossneedstolookforit.
Mesh Meshnetworksconnectopportunisticallytoanyavailableotherdevicethat allowstraffictoflowtoanultimatedestination(FigureA.4).Inawired world,meshnetworkingmakesnosense,becauseyou’dneedindependent wiresrunningfromeverydevicetoeveryotherdevice—theverysituationthat astartopologysolves. FigureA.4 Ameshnetwork topology.
443
444
TheWirelessNetworkingStarterKit
Butwitharadio-basedwirelessnetwork,inwhichmanytransceivershavea signalpathtomanyothertransceivers,meshnetworkingcanentirelyreplace wirednetworkswhileaddingtheadvantagesofredundancy—ifoneconnectionis blocked,thetrafficsimplyflowsaroundtheblockageonotherconnections. Althoughmeshnetworkingisapopulartopic,especiallyamongcommunity networkenthusiasts,onlyafewproductsoffermeshcapabilities,andthey areaffordablenowjustforcompaniesandserviceproviders.Ultimately,you mayfindthathigh-speed,homeaccesstotheInternetcouldbeprovidedbya meshnodeonyourhouse,butit’sunclearwhetherthetechnologywillbecome commerciallyviable(seeChapter5,Wirelessofthe(Near)Future).
EthernetWiringTypes Whenitcomestonetworking,almosteverynetwork-enabledcomputerusesthe Ethernetnetworkingstandard,alsoknownasIEEE802.3.Ethernetnetworks canuseavarietyofphysicalwirestoconnectmachines,andinfact,wireless networksalsouseEthernet,simplyreplacingthewireswithradiowaves. NOTE TheIEEEiskeytomanyofthesenetworkingstandards,butEthernetwas actuallyinventedbyBobMetcalfeinthe1970swhenhewasworkingatthe XeroxPARCresearchlabafterhereadaboutAlohanetinHawaii.TheIEEE standardizedEthernetlater.Metcalfe’soriginalsketchofhowEthernetcould workisavailableatwww.ethermanage.com/ethernet/ethernet.html.
NOTE Youmayhearpeoplecallwirelessnetworks“wirelessEthernet.”That’sjust fine—theEthernetstandardspecifiesthewaypacketsareputtogether,sent, andreceived;thephysicalmediumcanbeeitherwireorradiowaves.
Forcompleteness,andincaseyoueverrunintoastill-functionalnetworkusing anoldertypeofphysicalcablethatiscompatiblewithEthernetnetworking, welookatEthernetwiringtypesinroughchronologicalorder.
10Base-5orThickNet Theleastcommonwiringtypeyoumayencounteristhethickcoaxialcableused for10Base-5Ethernet.Itlookslikeacableusedforconnectingcabletelevision boxesandisalsocalledthickEthernetorThickNet.Itsdatatransferrateis 10Mbps,andthemaximumsegmentlength—thewiresthatrunbetween computers—is500meters(hencethe“5”in10Base-5).Youcan’treadilybuy 10Base-5networkinggearorcablesanymore,butyoumightseeitinanold networkinstallation.10Base-5networksuseabustopology.
AppendixA| NetworkingBasics
10Base-2orThinNet Whereas10Base-5islittleusedthesedays,youcouldconceivablystillruninto thecablingforthe10Base-2Ethernetstandard,alsocalledthinEthernetor ThinNet.Like10Base-5,10Base-2runsat10Mbpsandusescoaxialcables; however,ithasamaximumsegmentlengthof185meters(thusthe“2”in 10Base-2,thankstorounding185upto200).Cablesfor10Base-2arethinner andthuseasiertoworkwith,andtheyuseroundBNCconnectorslikethoseused forcableTV.Like10Base-5,10Base-2requiresabusnetworktopology. NOTE BNCisshortforBritishNavalConnector,BayonetNutConnector,orBayonet NeillConcelman,dependingonwithwhomyou’retalking.Everyonejustcalls itBNC.
Adamuseda10Base-2networkinhisprevioushouseinsteadof10Base-T (coverednext),becausethecablerunsweresolongthathewouldhavehadto buyanEthernethub(discussedlaterinthisappendix)foreachlocation.Today thatwouldn’tbemuchofaninvestment,butatthetime,hubscostaround$100 each,andbuyingfourofthemfeltlikeoverkill.The10Base-2networkworked fine,andlateron,whencomputersstartedtoincludeonly10Base-TEthernet jacks,inexpensivehubsthatconnected10Base-2and10Base-Twiringtypes werereadilyavailable.(Glenndidthesamethingin1995inanoffice:itwas cheapertodrillthroughwallsinarunaroundtheofficethantobringwireto acentrallocation.)
10Base-T Thankstoitsuseofcommontwistedpairwiringandaforgivingstartopology, 10Base-Trulesthenetworkingworld.(The“T”in10Base-Treferstotwisted pair.)Twistedpairwiringisextremelycommonbecauseitconnectsmost buildings’telephonewiringtothetelephonecompany.Thecableyouuseinside yourhousetoconnectatelephoneoramodemtothewalljackisnottwisted pair;instead,itcontainsside-by-sidewiresandiscalledsilversatin. Theutilityoftwistedpair,inwhicheachpairofwirestwiststogetheracertain numberoftimesperfoot,isthatitreduceselectromagneticinterferencebetween thesignalsflowingdowneachwire.Mosttwistedpaircablescontainseveral pairsofwires;althoughonlyonepairisactuallynecessaryfortelephoneusage, 10Base-TEthernetrequirestwopairs,onefortransmittingdataandtheother forreceiving.
445
446
TheWirelessNetworkingStarterKit
TIP Ifyouattempttoreplaceatwistedpaircablewithasilversatincableusedfor telephonecords,theconnectionwon’tworkbecauseofinterferencebetweenthe twoside-by-sidewires.Luckily,ifyou’repayingattentiontothecables,you’re unlikelytoattemptsuchathingbecausesilversatincableshavestandardRJ11plugsforRJ-11telephonejacks(fourwire).Incontrast,10Base-TEthernet cableshavethelargerRJ-45plugs(eightwire).
10Base-Tnetworksarelimitedtoamaximumsegmentlengthof100meters, quiteabitlessthantheoldercoaxial-basedstandards,butmorethanenoughin mostsituations.Rememberthatbecause10Base-Tnetworksuseastartopology, everycomputerorotherdevicemustconnectbacktothecentralhub. Almostanynetworkdeviceyoubuytodaywillsupportatleast10Base-T Ethernet—it’sbecometheleastcommondenominatorofnetworking.
100Base-TorFastEthernet 100Base-T,alsoknownasFastEthernet,worksalmostexactlylike10Base-T andusesthesameCat5twistedpaircable.However,100Base-Trunsat100 Mbps,whichissignificantlyfasterthanthe10Mbpsthroughputof10Base-T.
WireFacts Twistedpairwiringhasmanyvariants.Itcan beeithershieldedorunshielded—theshielded varietyisusedinsomebusinessnetworking situationswherethemetalshieldaroundthe twistedpairsactsasaground.You’reunlikelyto seethat,though,andnormaltwistedpairisunshielded,yieldingtheUTP(unshieldedtwisted pair)abbreviationyoumayencounter. Twistedpairwiringisalsoratedfordifferent speedsbycategories.Althoughtherearecategories1through6,byfarthemostcommon areCat3(asthecategoriesareabbreviated) andCat5.OnlyeverbuyCat5cable—althoughCat3worksfor10Base-T,itdoesn’t cutthemustardforthenewerandincreasinglycommonfasterstandards,100Base-T or1000Base-T.
Cat5worksforthosestandards,thoughfor 1000Base-T,youneedfourpairsofwires instead of the standard two pairs. Some manufacturers recommend an enhanced kindofCat5calledCat5Etoensuremaximumthroughput(thoughwe’veheardfrom knowledgeableengineersthatCat5Eisjusta marketinggimmickanddoesn’treallyoffer anythingbeyondCat5). Anothertermyoumayseeassociatedwith Ethernetcableisplenum-rated,whichmeans thecablehasslowburning,fire-resistantcasingsthatemitlittlesmoke.That’simportant forcablesrunningthroughoverheadductwork betweenrooms,becauseinafire,youdon’twant potentiallytoxicsmokeflowingfromaroom onfiretoonethat’sstillotherwisesafe.
AppendixA| NetworkingBasics
CrossoverCablesandUplinkPorts Becausetwisted-pairEthernetsdedicatecertainpairsforreceivingandcertainpairsfor transmitting,anyhubhaspins(small,rigid, straightwires)initsjacksthatmatchupwith theequivalentpinsinEthernetcables.Butwhen youconnectcertainkindsofdevices—likeone hubtoanotherhub,oraspecialdevicelikea DSLmodemthat’sdesignedtoplugstraight intoacomputer—youmustswitchthetransmit andreceivewiresthroughacrossovercable. Theonlydifferencebetweenacrossovercable andanormalEthernetcable(moreprecisely calledapatchcablebecauseitpatchesacomputer intoahub)isthatinapatchcable,thewiresgo straightthrough,whereasinacrossovercable thetransmitandreceivewiresareswapped. Specifically,inapatchcable,pin1ononeside connectstopin1ontheotherside,pin2to pin2,andsoon.Inacrossovercable,however, pin1connectstopin3,pin2topin6,pin3 topin1,andpin6topin2. Crossovercablesarerequiredfor:
• Computer-to-computerconnections • Hub-to-hubconnections • ConnectingDSLmodemsorotherspecial devicestoahub
Almostallhubscomewithatleastoneuplink port,whichistheequivalentofacrossover cable.Pluggingapatchcableintotheuplink portgivestheeffectofcrossingtheappropriatewires,justasinacrossovercable.Some deviceshaveaseparate,labeledport;others, suchastheLinksysWET11wirelessbridge,
haveamanualswitchonthesideforcrossover orstraight-throughmode. Otherhubshavenodedicatedorswitchable uplinkport,butratherincludeauto-sensing circuitryknownasauto-MDI/MDI-X.Most newerLinksysswitches,suchastheinexpensive,gigabitworkgroupmodels,includethis featureoneveryport.YoucanalsofindautosensingonmodernMacsandsomePCs:if thecomputercanauto-sense,youcanplug eitheracrossoverorapatchcableintoany Ethernetport. Makesuretoreadthedocumentationthat comeswithyourhub,sincesomehubs(notably someoldermodelsfromLinksys—Adamhad oneofthese)sharetheconnectionbetween theuplinkportandthenormalportnext toit.Thatmeansthatifyouusetheuplink port,youcannotusetheportnexttoitfora computerorothernetworkdevice.Thehint, ifyoucan’tfindyourdocumentation,isthat whentheuplinkportisconnectedtoanother hub,theLEDfortheportnexttotheuplink portlightsup.Therearealsooftenprinted linesonthebackofthehubconnectingthe uplinkportwiththeonenexttoit. It’snotabadideatohaveacrossovercablein yournetworktoolkit,butifyougetone,make sureyoulabelitclearly.Tryingtouseacrossover cableinasituationthatcallsforapatchcable isanexerciseinfrustration.Adamsolvedthis problembygettingalittleconnectorthat,when heplugstwonormalpatchcablesintoit,turns theentireresultingcableintoacrossovercable. Crossovercablesareoftenyellow,curiously.
447
448
TheWirelessNetworkingStarterKit
AlthoughFastEthernetwon’tmakeonewhitofdifferenceforInternetaccess (ifyoudon’tworkinalargeorganization,you’reluckytohavemorethana1 MbpsInternetconnection,muchlessa100Mbpsconnection),youwillnotice andappreciatetheperformanceimprovementwheneveryoucopyfilesfrom onecomputertoanotherusingFastEthernetasopposedto10Base-T.It’s remarkablyfun,forinstance,todraga1GBfilefromyourDesktoptoanother machine,andthenwatchitcopyinafewminutes. FastEthernethasbecomesufficientlycommonandinexpensivethatit’sworth spendinganextrafewdollarsonnetworkinggearthatsupportsitinaddition to10Base-T.Ifyouoptfor802.11gor802.11a,bothofwhichoperateat54 Mbps,orwanttohookseveral802.11baccesspoints(eachrunningat11Mbps) intoanetwork,then100Mbpsbecomesevenmoreworthwhile. Evenifyourcurrentcomputersdon’tsupportFastEthernet,it’simpossible thatanyfuturecomputeryouwouldbuywouldn’tincludeit.Infact,several yearsago,ApplestartedshippingMacswithEthernetportsthatsupportFast Ethernetaswellas10Base-T(youmayseesuchportscalled“10/100Mbps ports”),andeveryPCmakerandEthernetcardmanufacturerfollowedsuit. We’vealsofoundthattheswitchesorhubsthatconnecttwisted-pairnetworks togethernowalmostuniformlysupportautomaticallyconfigured10/100 Mbpstraffic,meaningthatyoucanplugoneortheotherflavorinwithout flippingswitches.You’llfindthesekindsofmini-hubsbuiltintomanywireless gateways,too.
1000Base-TorGigabitEthernet Lastly,wecometo1000Base-T,morecommonlycalledGigabitEthernet becauseitrunsat1000Mbps,orroughly1Gbps.Sinceearly2003,theprice ofGigabitEthernethasplummeted:aswewritethis,youcanbuyaPCICard for$100,andEthernetswitchesfor$20perport—downfromseveralhundred foracardand$150to$300perportin2002! ApplenowincludesGigabitEthernetinallofitsPowerMacs(andhasforsome time),aswellasthe15-inchand17-inchPowerBooks.Delloffers1000Base-T asanoptionwithitslaptops,andvirtuallyeverymachineabovetheconsumer leveleitherincludesoroffersGigabitEthernetasacheapadd-on. Doyouneedallthatspeed?It’sremarkabletoseehundredsofmegabytesfly acrossanetworkinseconds,butit’snotcriticalunlessyou’rebuildinganew networkandneedtobuynewgear—inwhichcase,spendafewextradollarstobe
AppendixA| NetworkingBasics
readyfornext-generationvideostreaming.GigabitEthernetisalsoworthwhile ifyouroutinelytransferenormousfilesorstreamingmedia,orplantooperate many802.11gor802.11aaccesspointsacrossasinglesmallnetwork.
OtherNetworkTypes Ethernetmaybethe600-poundgorillaofthenetworkingworld,butthere’s stillroomforafewchimps,ordependingonyourattitude,chumps.
LocalTalk/PhoneNet AlthoughitnevertookoffoutsidetheMacintoshworld,formanyyearsthe Macintoshstandardwasalow-speednetworkingtechnologycalledLocalTalk. LocalTalkranonlyat230.4Kbps,andwhenitwasfirstreleased,itrequired proprietarycablesandconnectorsmadebyApple.WorkersatFarallon CommunicationsrealizedquicklythatLocalTalkworksfineoverstandard telephonewire(eventhesilversatinstuff).Farallon’sPhoneNetadapters(and clonesthereof),usedwithstandardtelephonewires,soonsupplantedApple’s customLocalTalkcablesandconnectorsentirely. LocalTalkandPhoneNetconnectorspluggedintotheserialports(specifically theprinterports)ofolderMacs,andtheymadeforextremelytolerantnetworks. Althoughtheyusedabustopology,forgettingtoplugaterminatorinateither endofthenetworkseldommadeadifference,andusersquicklyrealizedhoweasy itwastoadaptexistingtelephonewiringtoworkwithPhoneNetconnectors. SincePhoneNetrequiredonlyasinglepairofwires,andsincemosttelephone wiringcontainedanunusedpair,itwassimpletoaddnetworkjackstoin-house telephonewiring. NOTE TogiveyouanideaofhowresilientLocalTalknetworkscanbe,afriendtells astoryofaLocalTalknetworkthatusedhotandcoldwaterpipes(!)instead ofapairofwires.
NorecentMacintoshhasserialports,soLocalTalknetworkshavebeen disappearinginfavorofwiredandwirelessEthernetnetworks.However, unlikeoldertypesofEthernetcabling,it’snotuncommontofindLocalTalk networksstillinservice,evenifonlytoprovideaccesstooneofApple’searly LaserWriterlaserprinters,whichwereeasilyaddedtonetworksviaLocalTalk. ModernMacsthatdon’tsupportLocalTalkcanstillsendjobstothoseolder printers,andmanypeopleareunderstandablyloathetogiveuptheseworkhorse printers.
449
450
TheWirelessNetworkingStarterKit
Luckily,that’snotnecessary,sinceadevicecalledaLocalTalk-to-Ethernet bridge,suchastheAsantéTalkEthernettoLocalTalkBridgefromAsanté Technologies,canconnecteitherawirelessorwiredEthernetnetworktoa LocalTalknetwork,eveniftheonlydeviceontheLocalTalknetworkisalaser printer.Youcanlearnmoreaboutbridgeslaterinthisappendix;theimportant thingtocheckwhenusingaLocalTalk-to-Ethernetbridgewithawirelessaccess pointisifyouraccesspointbridgesAppleTalk(moreonAppleTalksoon,too). Inessence,thequestionisiftheaccesspointcanacceptanAppleTalkpacket (whichisjustaspecificsortofcargocontainerfordata)fromacomputeronthe wirelessnetworkandsenditontotheLocalTalknetworkwithoutdamagingitin someway.SomeaccesspointscankeepAppleTalkpacketsintact,somecan’t.
HomePNA MoremodernthanLocalTalkistheHomePNAnetworkingstandard,which wasdevelopedbyanindustrygroupcalledtheHomePhonelineNetworking Alliance.LikeLocalTalk,HomePNAusesstandardtelephonewiringonabus network.AlthoughHomePNA1.0wascapableofathroughputofonly1Mbps, HomePNA2.0increasesthatto10Mbps,andajust-definedHomePNA3.0 standardtakesagiantleapto128Mbps,withoptionalextensionsto240Mbps. Ofcourse,aswithallnetworks,thosespeedsaretheoretical,andreportshave placedHomePNA2.0’srealthroughputatabout4Mbps,anditremainstobe seenhowmuchofHomePNA’s128Mbpswillactuallybeavailable. What’smostinterestingaboutHomePNAisthatitusesthesamewiresasyour telephone,modem,orfaxmachine,theoreticallywithoutanyinterference.In theory,youjustattachaHomePNAnetworkadapter(availableasaPCIcard, USBadapter,orEthernetadapter)toyourcomputerandrunsometelephone wirefromthenetworkadaptertoyourtelephonejacks.Youcanpurchase HomePNAEthernetbridgesthatconnectHomePNAnetworkstostandard Ethernetnetworks,andHomePNAsupportisbeingbuiltintoothernetwork devicesaswell. WhywouldyouuseHomePNA?Youcoulduseittonetworkallyourcomputers together,butconsideringthatyou’rereadingthisbook,we’reguessingyou’d prefertoavoidwireswherepossible.Tousthen,HomePNAispotentiallyuseful forconnectingcomputersindifferentroomsusingthetelephonewiringthat’s alreadyinyourwalls.ByattachingawirelessaccesspointtoaHomePNA Ethernetbridgeineachroom(orbybuyinganaccesspointthatalsosupports HomePNA),youcouldalsoextendtherangeofawirelessnetworktoaportion ofabuildingthatwasotherwiseinaccessible.
AppendixA| NetworkingBasics
Ifyoumustrunnewwires(aprocessoftencalledpullingwirebythoseinthe field),youmayaswellrunCat5twistedpairinsteadoftelephonewire,since buyingHomePNAadaptersforyourcomputerscostsalotmorethansimply pluggingEthernetcablesintoyourcomputers’existingEthernetports.Plus, ifyouhavemoderncomputers,theyprobablysupportFastEthernet,whichis muchfasterthanHomePNA. HomePNAfacesanumberofchallengesthatmaylimititspopularity:
• Mosthomeshaverelativelyfewtelephonejacksineachroom,makingit lesslikelythattherewillbeajackwhereyouwantit.
• AlthoughHomePNA’sperformancehasincreasedwiththe2.0version, the4Mbpsreal-worldthroughputisn’tparticularlyimpressive.Thenext version,HomePNA3.0,promises128Mbpsoftheoreticalthroughput, thoughhowthatwillpanoutintherealworld(watchforproductsinlate 2003)remainstobeseen.
• Ethernetisabetterchoiceathomeforalmostanyonewhowantstousethe samecomputerathomeandatwork—mostworkplacesuseEthernet.
FormoreinformationaboutHomePNA,visittheHomePNAWebsiteatwww. homepna.org.
HomePlug Farmorecommonthantelephonejacksinmostroomsarepowerplugs,and that’swheretheHomePlugPowerlineAlliancesetitssightswiththeHomePlug networkingstandard.Insteadofplugginganetworkadapterintoatelephone jackornetworkoutlet,yousimplyplugitintoanelectricalsocket. NOTE Yes,itistrulyneatthatthey’vefiguredouthowtotransferdataoverstandard powerlineswithinthehome.Researchershaveevendeterminedhowtoprovide high-speedInternetaccessviapowerlines,thoughwehaven’theardofthat beingimplementedwidelyanywhereintheworldyet.Amateurradiooperators arefreakedoutaboutpower-linenetworking;theysaidinmid-2003thatit couldinterferewiththeirabilitytoreceivedistantsignals.
HomePlugrunsat14Mbps,althoughitsreal-worldthroughputisreportedly between5and6Mbps.LikeHomePNA,HomePlugusesabusnetworktopology, soyoudon’tneedacentralhub.Infact,apartfromtheuseofelectricallines insteadoftelephonewiring,HomePlugisextremelycomparabletoHomePNA (sojustreadtheprevioussectionagain,mentallyreplacing“HomePNA”with
451
452
TheWirelessNetworkingStarterKit
“HomePlug”asappropriate).HomePlugevenreportedlyworkswithother technologiesthattransmitdataoverpowerlines,suchasX10homeautomation devices. NOTE UnfortunatelyHomePlugworksonlyon110-voltpowersystems,makingit uselessinthemanycountriesthatdon’tuse110-voltpower.Italsohastobe pluggeddirectlyintoanoutlet:powerstripsneednotapply.
IfyouliveinanapartmentanddecidetosetupaHomePlugnetwork,givenetwork securitysomethoughtsinceapartmentsoftensharepowerlines.AllHomePlug hardwarecanencryptdatasoyourneighborscan’tconnecttoyourprinter,see sharedfolders,oreavesdroponyournetworkcommunications.Ifyou’reworried aboutsecurity,makesuretoturnontheencryption;it’slikelyoffbydefault. Inmid-2002,wewerestillaskingthequestionsaboutwhetherHomePlug orHomePNAwasthebestwaytoextendawiredorwirelessnetwork. HomePNAseemedtobeanadvantageinhomesthathadolderelectrical wiringbutnewerphonewiring.However,equipmentmakerSiemenschanged thewholepicturebyreleasingtheSpeedStreamPowerlineWirelessAccess Point(www.speedstream.com).ThisHomePlugdeviceactsasanextensionof yourwirelessnetworkwithoutneedingtoaddEthernethubsorothercabling. Formanysituationsinwhichyouwanttoextendawirelessnetworktomany roomsinahouseorbuilding,theSpeedStreamaccesspointsavesmoneyand effort.SincetheSpeedStreamaccesspointfirstappeared,morewell-known networkequipmentvendorslikeLinksys,Netgear,Belkin,andIOGearhave jumpedintothefraywithdevicesthatbridgethegap(literally)between HomePlugandWi-Fi. NOTE Glenn’scousinStevenwantedtohavecablemodemserviceinstalledathis houseandwasnervousaboutthecablecompanyinstallerrunningwiretohis upstairshomeoffice.GlennworkedwithhimtoputinaLinksysbroadband routernexttothecablemodemwhichwasinturnconnectedtoaHomePlug adapter.Upstairs,anotherHomePlugadapterlinkedtohiscomputer.Itworked likeacharmtheminuteitwasallpluggedin.
OurimpressionfrompeoplewhohavetriedbothisthatHomePlugisworth checkingoutforsimplicityandtheeaseofsetup,butifyouneedhigher throughput,itmightbeworthwaitinguntilHomePNA3.0devicesstart appearing. FormoreinformationaboutHomePlug,visittheHomePlugWebsiteat www.homeplug.org.
AppendixA| NetworkingBasics
NetworkDevices Thenextstepinlearningaboutnetworkingisgettingafeelforthedifferent deviceswithwhichyoubuildanetwork.Thisiseasy,butyoumustkeeptwo thingsinmind.
• Althoughthedevicesnotedinthissectionstartedoutasseparateitems, itturnedouttomakesensetocombinemultiplefunctionsinthesame device.Forinstance,it’ssimpletobuyadevicetodaythatcombinesa4portswitchinghub,wirelessaccesspoint,firewallsoftware,andwired Ethernettowirelessbridge,allinone.
• Manufacturerstendtoplayfastandloosewithterminology,makingithard attimestodetermineexactlywhichfunctionshavebeenincorporatedinto anyonedevice.
Nevertheless,followalongwithourdescriptionsbelow,andacarefulreading ofthespecificationfortheproductyou’reinvestigatingshouldrevealwhich functionsitoffers.
NetworkAdapters(NICs) Theeasiestpieceofanetworktounderstandisthenetworkadapter,also frequentlycalledanetworkinterfacecard(NIC).Putsimply,thenetwork adapteristhepiecethatconnectsyourcomputertothenetwork—nothing canhappenwithoutit.Tocontinueourrailroadanalogy,anetworkadapteris likeaboardingplatformatthetrainstation—thestationmightbethere,but itwon’tbeusefulwithouttheplatformtomakeitpossibleforpeopletotravel betweenthetrainandthestation. Asyoumightexpect,networkadaptersarespecifictoacertaintypeofnetwork, soifyoubuya10Base-Tnetworkadapter,youcanconnectitonlytoa10Base-T network.SincethecircuitrynecessarytosupportdifferentflavorsofEthernetis prettymuchthesame,manufacturerssometimescombinesupportformultiple flavorsinasinglenetworkadapter.Intheolddays,when10Base-2networks wereascommonas10Base-Tnetworks,forinstance,networkadaptersoften hadbothanRJ-45portfor10Base-TandaBNCjackfor10Base-2.Either (butnotboth)couldbeactivatedatanytime,justbyconnectingtheappropriate cable.Nowadays,manynetworkadapterscombine10Base-Tand100Base-T, orevenadd1000Base-Ttothemix.Thesecardsarefrequentlylabeled“10/100 Mbps”oreven“10/100/1000Mbps.”
453
454
TheWirelessNetworkingStarterKit
TypesofNetworkAdapters Networkadapterscomeinmanydifferentshapesandsizes,andanever-increasing numberofcomputers,includingeveryMacintoshmadesincethefirstiMac, havethembuiltin.IfyourcomputerhasanEthernetport,that’sabuilt-in networkadapter.Examplesofothernetworkadaptersinclude:
• PCIcardsplugintoPCIslotsinsidemanymoderndesktopcomputersand
areprobablythemostcommontypeofnetworkadapters.YoucanbuyPCI cardsthatprovideaccesstobothwiredandwirelessnetworks.Forolder computersthatcameoutbeforePCIwasthestandardexpansionslot,you canprobablystillfindISA(forPCs)orNuBus(forMacs)networkadapter cardsforwirednetworks,butprobablynotforwirelessnetworks.
• PCCardsfitintoPCCardslotsinlaptopcomputers.Desktopcomputers almostneverhaveslotsforPCCards.ManyPCCardnetworkadapters forwiredEthernetcomewithatinydongle,whichisasmallcablethat plugsintothecredit-cardsizedPCCardandprovidesanormalEthernet jack.WirelessPCCardnetworkadapterstypicallyextendoutfromthe sideofthelaptoptoaccommodatetheirantennas.
TIP Old-timersstillcallPCCards“PCMCIAcards,”theoriginalnamegivenby theindustry(itstoodfor“PersonalComputerMemoryCardInternational Association”).Ifyouhearsomeonespewthatmanyletters,itmeansthey’re behindthetimes.
• USBnetworkadaptersplugintotheUSBportsavailableonmostmodern
computers.USBnetworkadapterscomeinbothwiredandwireless versions.
• Customsolutionsaren’tunheardof,andevenwithtoday’smoderncomputers,
youmayencounterproprietarycardslikeApple’sinternalAirPortand AirPortExtremewirelessnetworkadapters.SomeearlierMacsevenhad proprietaryCommSlotnetworkadaptercards.Findinganoldcustom networkadapterforawiredEthernetnetworkmayrequiregoingdirectlyto thecompanythatdevelopedit,thoughthat’snotthecasewithMacintosh peripherals—Appledoesn’tmakeanyofthemanymore(ifiteverdid).
NOTE BeforeApplestartedbuildingstandardEthernetportsintoeveryMac,ituseda genericEthernetconnectorcalledanAAUI(AppleAttachmentUnitInterface). TheideawasthatyoucouldbuyanAAUItransceiverforthetypeofEthernet networktowhichyouwantedtoconnect—10Base-5,10Base-2,or10Base-
AppendixA| NetworkingBasics T.Glennhassquirreledawayafew10Base-TAAUIadapters:iftheadapter foranolderprinterorcomputerdies,hedoesn’twanttohavetoreplacethe entiredevice.
• ParallelportnetworkadaptersplugintoparallelportsonPCs.Sinceparallel
portsareextremelyslow(nottomentionincreasinglyuncommonthese days),aparallelportEthernetadapterisalast-ditchsolutionforadding anelderlyPCtoawiredEthernetnetwork.
• SCSIEthernetadaptersareaMacintosh-basedapproachsimilartothePC
world’sparallelportnetworkadapters.SCSIEthernetadapterspluginto thestandardSCSIportsonallMacsbeforetheiMac,thoughrealistically, you’donlyuseaSCSIEthernetadapterwithMacsfromtheearly1990s sincealmostallothershavebetteroptions.NoSCSIEthernetadapters arestillsold,andifyoubuyoneused,makesuretogetsoftwarewithit, sincemostofthecompaniesthatmadethemaredeadandgone.
Findingoldernetworkadapterscanbetricky,butifallelsefails,searchonthe eBayauctionsiteatwww.ebay.com—it’sagreatsourceforoldhardware.Luckily, noneofthesedevicesshouldbeparticularlyexpensive.
MACAddresses Yourcomputerprobablyhasaserialnumber,butit’slikelyprintedonlyon theoutsideofthecase—thecomputerdoesn’tknowwhatitsserialnumberis. However,everynetworkadapter—Ethernetorwireless—hasauniqueserial numbercalledaMACaddress.MACstandsforMediaAccessControl;ithas nothingtodowithApple’sMacintoshcomputers. EthernetworksbysendingpacketstospecificMACaddressesonthenetwork. IfMACaddressesweren’tunique,itwouldbepossiblefortwocomputerswith thesameaddresstoconnecttothesamenetwork.Andifthathappened,well, itwouldbeliketryingtodirectatraintooneoftwoidenticallynamedrailroad stations.Ifitwereatelevisionsitcom,hilaritywouldensue;intherealworld, peoplegetextremelyangrywhenthingsareimproperlydelivered.Thesame istrueinthecomputerworld. TIP MACaddressesareassociatedwithnetworkadapters,notcomputers,soif yourcomputerhasabuilt-inEthernetnetworkadapterandawirelessnetwork adapter,eachhasitsownuniqueMACaddress.
TheIPaddressesnecessaryforacomputertocommunicateontheInternet areassociatedwithMACaddressesusingaprocesscalledAddressResolution
455
456
TheWirelessNetworkingStarterKit
Protocol(ARP).IPnetworksspanmanyEthernetnetworks,andtheassociation ofIPwithMACletstrafficleaveacomputer,hitarouter,transittheInternet, passasecondroutertoalocalnetwork,andreachanothermachineontheother end.ThankstoARP,theroutersknowwhichIPaddressesareconnectedto whichMACaddressesoneachlocalnetworksegment.Youcanhavemany IPaddressesassignedtoasingleMACaddress,butonlyoneMACaddress perIP. Forthemostpart,youdon’tneedtoknowanythingaboutMACaddresses. Therearethreeexceptionstothatrule,andalthoughwedon’tgointothemin greatdetailhere,wetouchontheminotherpartsofthebook,sodon’tpanic ifsomeofthisinformationgoesoveryourhead.
• YoucantellcertaingatewaystoassignthesameIPaddresstoaspecific
MACaddressatalltimes.Thisway,youcansetyourlaptoptogetanIP addressviaDHCP(DynamicHostConfigurationProtocol,whichwe coverlaterinthisappendix)nomatterwhereyoumayhappentobe,and ifyou’reathomeorintheoffice,youcanensurethatyourcomputerwill alwaysgetthesameIPaddressonthosenetworks.Whenyou’retraveling, althoughyouwon’tbeabletogetthesameIPaddress,youdon’thaveto changeyournetworkconfigurationtoreceiveadynamicallyassignedIP addressfromtheremotenetwork’sDHCPserver.
• Youcansetupsecurityonawirelessnetworksoonlycomputerswith
specificMACaddressesareallowedtoconnect.Thisapproachisfairly secure,but…
• MostnetworkadapterscanhavetheirMACaddresseschangedeither
easilyorwithabitofelbowgrease.Whenanadapterleavesitsassembly line,itmustbesettoauniqueaddress,whichistypicallyalsostampedona labelattachedtoit.Theaddressisalsostoredinpersistentbutchangeable memoryonthenetworkadapter.Therearetworeasonsyoumightwant tochangeaMACaddress.First,somecableISPsanduniversitiesrestrict networkconnectionstoregisteredMACaddresses.Cablecompaniesoften allowyoutoregisteronlyonemachine.Ifyouwanttomovecomputers aroundorshareaconnectionviaawirelessgateway,youmustsetthenew networkadapter(theadaptermakingtheconnection)totheMACaddress oftheregisterednetworkadapter.Wirelessgatewaysoftenprovidean optionintheirsoftwaretoresettheMACaddressforthisreason.The otherreasonisn’tsonice—ifyou’reawirelessnetworkcracker,cloning theMACaddressofacomputerthat’slegitimatelyallowedonawireless networkisnecessaryforhijackingnetworkaccess.Sadbuttrue.
AppendixA| NetworkingBasics
Hubs&Switches Thinkbacktoourdiscussionofnetworktopologiesforamoment.Remember thatinastarnetworktopologythere’salwaysacentralhub,fromwhichall theconnectionsradiatelikespokesinawheel?Well,that’swhereEthernet hubscomefrom—theyactasthecentralpointtowhichallthecomputerson anetworkconnect. NOTE Infact,wirelessaccesspointsareessentiallyjusthubsforwirelessnetworks. TheyuseradiowavesinsteadofEthernetcables,ofcourse,butotherwisethey workinalmostexactlythesameway.Wetalkmoreaboutwirelessaccess pointsinChapter3,WirelessHardware.
Hubshavetwoormoreportsintowhichyoucanplugcomputers(although a2-porthubmayseemfairlypointless,sinceitletsyouconnectonlytwo computers;two-porthubstendtobeextremelysmallandintendedforcreating quicknetworkswhiletraveling). TIP Whendecidinghowlargeahubtobuy,buyonewithmoreportsthanyou thinkyouneed.Theextraportsalwayscomeinhandy.
Aswithnetworkadapters,hubsmustsupportthetypeofEthernetyour networkuses,soifyou’veinstalledFastEthernet(100Base-T)orGigabit Ethernet(1000Base-T),makesureyourhubsupportsitifyouwanttotake advantageofthatspeed.Modernhubscanauto-sensethespeedofthenetwork andconfiguretheirportsappropriately—there’snoproblemwithmixingand matching10Base-TdevicesandFastEthernetdevicesonasingle10/100 auto-sensinghub. NOTE Thoughthey’relesscommonnow,itusedtobeeasytofindhubsthathad notjust10Base-TRJ-45ports,butalsoaBNCportfor10Base-2networks. Thatmadeiteasytomixnetworktypes;forinstance,youcoulduse10Base-2 coaxialcableforalongcablerunandplaceahuboneitherendfordevices thatcouldconnectonlywith10Base-Tnetworks.
TypesofHubs Therearethreetypesofhubs:passive,switching,andintelligent.
• Apassivehubdoesnothingmorethanactasaconduitforthedatafroma
computerononespokeofthewheeltoacomputeronanotherspoke.You needtoknowthreeimportantfactsaboutpassivehubs,sincetheyaccount forthedifferenceswiththeothertwotypes.First,passivehubsshareall
457
458
TheWirelessNetworkingStarterKit
thebandwidthonthenetworkinternally.So,let’ssaythatyouhaveeight computerspluggedintoan8-port,10Base-Tpassivehub.Ifyou’recopying filesfromonecomputertoanother,andcopyingthosefilesisusing5 Mbpsofbandwidth,theothersixcomputersmustsharetheremaining 5Mbpsforwhateverelsetheywanttodo.That’sbecausewhenapacket arrivesfromacomputerononespoke,thepassivehubcopiesittoallthe otherspokes,eventhoughit’sdestinedonlyforoneparticularcomputer. Contrastthatinamomentwithaswitchinghub.Second,withapassive hub,theonlyfeedbackyougetisanLEDthatindicateswhenacomputer isattachedtotheport(theLEDislit)andwhentrafficisflowingtoor fromthatcomputer(theLEDflashes).Contrastthiswithanintelligent hub.Third,apassivehubmakesanEthernetnetworkappeartobeone segment,whichcanlimitmaximumdistancesandincreasecollisions.
• Aswitchinghub,alsocalledaswitch,readsthedestinationaddresson
everypacketandsendsittothecorrectphysicalport(ratherthantoall portssimultaneously,exceptforspecialbroadcastpacketsusedbyDHCP andafewotherprotocols).Thisvariationonthepassivehubprovidesa significantbenefit:becauseeachportisaseparateconnectionbetween theconnecteddevices,ratherthanshared,eachconnectionreceivesthe fullbandwidthavailableonthattypeofnetwork.Forinstance,let’ssay oureight-computernetworkfromourpassive-hubexampleisnowusing aswitchinghub.Whenyoucopyfilesfromonecomputertotheother, theswitchinghubmakesthosetwocomputers(andalltherestonthe network)thinkthatthosetwocomputersareconnecteddirectlytoone another.Shouldtwoothercomputersstartcommunicatingwhilethefiles arecopying,theswitchinghubdoesthesameforthem,givingthemavirtual directconnection.Aswitchinghubprovidesimprovedperformanceover apassivehub—itmakesanetworkrunfasterifyouregularlyhaveseveral pairsofcomputerscommunicatingwithoneanother.Switchinghubsare alsousefulwhenconnectingpassivehubsorswitchinghubstogetherin largernetworkconfigurations.Foraverysmallnetwork,whetheryouuse apassiveoraswitchinghubprobablydoesn’tmattermuch,butluckily, mosthubsareswitchinghubsthesedays,thankstotheloweredcostof thenecessarycircuitry.
• Anintelligenthubaddsfeaturesthatletnetworkadministratorsmonitor
trafficpassingthroughthehubandconfigureeachportseparately. Typically,youusethesefeaturesviaaWebbrowserconnectedtoaWeb serverembeddedinthehub.Asmallnetworkdoesn’tneedanintelligent hub.
AppendixA| NetworkingBasics
NOTE Ifyouwanttoconnecthubstogetherthatdon’thavecableauto-sensing, youmusteitheruseacrossovercablebetweennormalportsorapatchcable fromanormalportononehubtotheuplinkportonanotherhub.Seethe sidebar“CrossoverCablesandUplinkPorts”earlierinthisappendixformore details.
Whatsortofhubshouldyouget,givenachoice?Werecommendswitching hubs,becausethey’recheapandprovidethebestperformance.Onlylarger networkshavemuchuseforintelligenthubs.
Bridges Thenextimportantpieceofnetworkinghardwareisthebridge.Despitethe name,visualizingareal-worldbridgewon’thelpyouunderstandanetworking bridge.Instead,thinkaboutwhathappenswhenyouwanttotransferacargo container(apacket)fromonerailroadcartoanotherrailroadcaronadifferent, butnearbytrack.Thecargocontaineritselfdoesn’tchange,butyouneeda device,likeanautomatedconveyerbelt,tomovethecontainerfromonerailroad cartoanother. Innetworkingterms,thatconveyerbeltisabridge.Bridgesconnectsimilar networktypesthatusedifferentmediaorarephysicallyseparateinsomefashion fromoneanother.Toputitmoretechnically:abridgemovesdatafromone kindofphysicalmediumintoanotherwithoutdoingmuchwiththedata. Wefindbridgesprettyneat,becausethey’reinexpensiveandsolvemanytricky networkingproblems.YouneedabridgetoconnectawiredEthernetnetworkto awirelessnetwork,connectaLocalTalknetworktoawiredEthernetnetwork, connectaHomePNAnetworktoawirelessnetwork,andsoon. Althoughbridgesareoftenbuiltintootherdevices,suchaswirelessaccess pointsthatalsobridgebetweenwiredandwirelessnetworks,youcanalsofind themasstandalonedevices.They’reparticularlyusefulwhenyouhaveanolder network,suchasaLocalTalknetwork,thatyouwanttoconnecttoamore modernEthernetnetworkwithoutbuyingnewnetworkadapters. Bridgesaren’tparticularaboutwheretheysenddata—theyjustpasstraffic fromonenetworktotheother.Thismakesbridgesfast,sincetheydon’tlook atthedatatheypassandareusuallyapatheticaboutwhatnetworkprotocols areinvolved.Whenyouneedtotranslateonekindofprotocolintoanother, suchasmovingfromalocalareanetwork(LAN)toawideareanetwork (WAN),likeyourhomenetworkouttotheInternet,youneedarouter,which wedescribenext.
459
460
TheWirelessNetworkingStarterKit
Routers Inourtransportationmetaphor,bridgesmovethesamekindsofcontainersacross similarkindsoftransportationsystems,likecargocontainersfromonetrain toanothertrainonanothertrack.Routers,ontheotherhand,don’tjustmove containersaround,butcanalsoopencontainersandrepackagethecontentsin smallercontainers:thinkofashipmentarrivingatawholesalefurnitureoutlet bytrain,andthenhavingitsdiningroomsetsremovedfordeliverybytruck overthehighwaysystem. AmoreInternet-orientedexamplemightbetoimagineAmazon.com:the companyordersthousandsofbooksfromasinglepublisher,whicharriveby trainorfreighttruck.Thebooksareunloaded,sorted,putintonewpackages destinedforeachrecipient,andthenloadedintoatruck,runbyashipping companysuchasUPSorFederalExpress. Routersconvertaddress-basedprotocolsthatdescribehowinformationshould getfromoneplacetoanother.Eachpacketisinspectedandrepackagedwiththe appropriatedestinationinformationforthenetworkit’shandedoffto.Inpractice, thisroleoftencomesdowntoaroutertakingEthernetpacketscontaining Internet-bounddataorInternet-arrivingdataboundformachinesonalocal wiredorwirelessnetworkandtranslatingbetweenIPandMACaddresses. Routerscantalktootherrouters,too,ofcourse,andtrafficroutingacross theInternettypicallygoesEthernet,router,Ethernet,router,Ethernet,as datafindsitswayuptoahigh-enoughlevelto“see”itswaybackdowntoits destination. Asyoumightexpect,watchingandactingoneverypackettakesprocessing powerandRAM,makingroutersmoreexpensivedevicesthansimplebridges. Andyet,advancesintechnologyhaveenablednetworkinggearmanufacturersto buildroutingcapabilitiesintoevenratherinexpensivedevices,suchasLinksys gateways,whichactuallysportfullroutingcapabilities.Ofcourse,theyprobably wouldn’tmeettheneedsofalargenetwork,butforthesmallnetworkswhere they’reusuallyinstalled,theydojustfine. Thatsaid,ifyou’reinterestedinasmallnetwork,andifyourInternetconnection comesviacablemodem,DSL,orevenastandardmodem,youprobablydon’t needroutingcapabilitiesatall.Iftheyhappentobeinthedeviceyouwant, great,butdon’tpayextraforthem.Youcanalsodragoonoldercomputerstoact asrouterswiththeadditionofspecialsoftware—aprogramcalledIPNetRouter fromSustainableSoftworks(seewww.sustworks.com)hasbecomepopularbecause itcanturnevenanelderlyMacintoshintoafull-fledgedrouter.
AppendixA| NetworkingBasics
Gateways We’vementionedthatthemanufacturersofnetworkinggeartendtoplayfastand loosewithterminology,andnowhereisthatmoreevidentthanwithgateways. Technicallyspeaking,agatewayisthenextstepabovearouter—we’retalking aboutnetworkingbigiron. However,thetermisfarmorewidelyusedthesedaystomeanadevicethat mergesmost,ifnotall,ofthecapabilitiesofallthedevicesmentionedhere, plussomeothers—suchasstandardmodemsandfirewalls—forincreasing networksecurity.Plus,gatewaysfrequentlyofferadditionalsoftwarefeatures, suchasaDHCPserverandaNATgateway. NOTE Abettertermwouldbe“homegateway,”butwebowtothestandardusage todayandusejust“gateway”whenwerefertooneofthesejack-of-all-trades devices.
Inshort,youcan’tassumemuchwhenyouseetheterm“gateway.”It’sagoodbet thatthemanufacturerassumesthedevicehasseveralhelpfulfeaturestoconnect yourwiredorwirelessnetworktotheInternet,butbeyondthatyoumustread thespecificationscarefullytodeterminewhichfunctionsitperforms.
NetworkProtocols Inthisappendix,wetalkingeneralabouttransferringdata,butafewwords areinorderabouthowthatactuallyhappens.Youdon’tneedtoknowthis informationtosetupanetwork,butyoumayfindithandywhenyoutryto makecertainthingswork. Allcommunicationbetweencomputerstakesplaceaccordingtoasetofagreeduponrules,calledaprotocol,andofteninformally(andsometimesinaccurately) calledastandard.It’sexactlythesameascommunicationbetweenpeople,where theagreed-uponrulesarecalledalanguage.Anetworkprotocolisjustthat, thelanguagethattwocomputersmustspeaktounderstandoneanother. NOTE Standards are agreed upon by standards organizations, whether the organizationsareregulatory,consensus-drivenengineering,orindustry.Anyone candevelopaprotocol,anditmayevenbecomewidelyused,butwithoutthe stampofapprovalfromastandardsbody,itisn’tastandard.
Justasnumerouslanguageshavesprunguparoundtheglobe,manynetwork protocolshaveappearedovertime.However,thedrivetowardcommon
461
462
TheWirelessNetworkingStarterKit
communicationhascausedmanyoftheseprotocolstofadeaway;unlike endangeredhumanlanguages,there’sseldomamovementtokeepanunused networkprotocolfromdisappearing. Althoughthisisabitofanoversimplification,everynetworkprotocoltypically hasaspecificfunctionthatcombineswiththefunctionsofothernetwork protocolstomakecommunicationoverthenetworkpossible.Herewelookata selectsetofprotocolsyou’relikelytorunintowhensettingupyournetwork.
EstablishingaConnection PPP(Point-to-PointProtocol)isthereigningchampionfordial-upand broadbandconnectionnegotiation;thebroadbandEthernetversioniscalled PPPoEforPPPoverEthernet. PPPisasimplewayfortwodevices,afterestablishinganetworklinkofsome kind,tonegotiatealogin,andthenprovidenetworkdetailsfortheconnecting machine. WhenaclientconnectsviaPPPorPPPoE,itpassesitsusernameandpassword, amongotherdetails;theserverendoftheconnectionopensaccesstothegiven networkordial-upportoncetheconnectionisnegotiated.
NegotiatinganAddress Onceconnectedtoanetwork,yourdevicesneedaddresses.Ethernetdevices havetheirhardwareMACaddressesbydefault,andAppleTalk(seelaterinthis appendix)letsacomputerassignitsownuniqueaddress.ButintheTCP/IP world(again,seelaterinthisappendix),everydeviceneedsanIPaddress, whichmustbeenteredmanually(forstaticnetworks)orassigneddynamically. It’sthislattercasethatwelookathere. DHCP(DynamicHostConfigurationProtocol),whichwediscussinmany contextsthroughoutthisbook,enablesaservertoassignanIPaddressto anymachineonthesamenetworkthatwantsone.Whenacomputerwitha DHCPclient,foundinmostoperatingsystems,firstconnectstoanetwork, itbroadcastsamessagesaying,“Hey,givemeanaddress!” OneormoreDHCPserverscanreplywith,“Ihavethisaddresstooffer.”The clientconfirmswiththeappropriateDHCPserverthatithasacceptedthe offeredaddress,afterwhichtheclientisnowafullmemberofthenetwork, withanaddress,agateway,andusuallyDNSserverinformation. NAT(NetworkAddressTranslation)workswithDHCPtotranslatebetween theDHCP-assignedprivate,non-routableaddressesthataren’treachableoutside
AppendixA| NetworkingBasics
ofthelocalareanetworkandthepublicIPaddressofthegateway.So,for instance,DHCPmightassignanIPaddressof192.168.1.20toacomputer,but nooneontheInternetcanreachthatprivateIPaddresswithoutNATacting asthetrafficcop.TheNATserverinterceptsoutboundrequestsleavingthe network,andrewritesthemsotheyappeartocomefromthegateway’spublic, routableInternetaddress.Italsorewritestheresponsetotheserequestsand sendsthembacktotheinternalmachinethatmadetherequest. NOTE Ifyou’reinterested,therearethreekindsofNAT:thekindyoufindinhome gatewaysmapsprivateaddressestospecificportsonthegateway’spublic address(portaddresstranslation).Thetwoothersmaponestaticaddressto another(aprivateaddresstoadedicatedpublicaddress)andhandleamanyto-manyapproachinwhichalocalpoolofprivateaddressesisarbitrarily mappedtoapoolofpublicaddresses.
PackagingandAddressingData Thenextsetofprotocolspackagedataintodiscrete,addressedlumpsthatcan passacrossanetwork.Theaddressinginformationhelpsindividualmachines onanetworkorroutersconnectingtoothernetworksdeliverthelumpsto theirdestinations. Inallcases,there’sapartoftheprotocolthatdealswithpackaging(theTCPin TCP/IP),andapartthatdealswithaddressing(theIPpartofTCP/IP).These arealmostalwayslumpedintoasinglenameorconcept.AppleTalkcomprises bothparts.TCP/IPdominatesmostnetworkdiscussionsthesedays,butyou shouldalsounderstandhowMicrosoft’sNetBEUIandApple’sAppleTalkinteract withmodernwirelessnetworksbecausethey’restillsufficientlycommon.
Ethernet YoumayrecallfromearlierinthisappendixthatEthernetisalow-levelnetwork protocolwhichcomesinseveralflavors.Ethernetsendsdatainlumpscalled frames,andalloftheprotocolswediscussbelow—TCP/IP,NetBEUI,and AppleTalk—canbeencapsulated,orwrappedupinEthernetframes.Ethernet usesMACaddressestodeliverdata.
TCP/IP TCP/IPisasetoftwoseparateprotocolsthatworktogether:TCP(Transmission ControlProtocol)andIP(InternetProtocol).TCPputspacketstogetherand takesthemapart;IPhandlesaddressing.Togethertheyformthebasisofmost communicationontheInternet.
463
464
TheWirelessNetworkingStarterKit
ThemajoradvantageofTCP/IPovertheotherprotocolsisthatit’scompletely standardizedandwellsupportedincomputeroperatingsystems.Ithasother benefitsaswell,suchasexcellentperformanceandscalabilitytoverylarge networks.SinceTCP/IPiseverywhere,almosteverynetwork-relatedapplication communicatesviaTCP/IP. BothMacsandWindowscomputerscanspeakTCP/IPwithnotrouble.In WindowsMeandearlier,theNetworkcontrolpanelprovidesthenecessary options;themuch-improvedNetworkConnectionscontrolpanelhandlesit inWindowsXP.InMacOS9,youusetheTCP/IPcontrolpanel;inMacOS X,theNetworkpreferencespanehasthecontrolsyouneed.Welookatthe stepsnecessarytoconfigurethesedifferentoperatingsystemstouseTCP/IP inAppendixB,ConfiguringYourNetworkSettings.
NetBEUI NetBEUI(NetBIOSExtendedUserInterface,pronouncedNet-BOO-ee)was developedbyIBMforusewithitsLANManagerproductandsubsequently adoptedbyMicrosoftforWindows.Itsbenefitsincludehighperformanceand easydiscoveryofnetworkresourceslikefileserversandprinters.NetBEUI remainsavailableinWindowsforcommunicatingwithothercomputersrunning Windows;however,technicallimitationsensuredthatNetBEUIwouldnever beusedinlargenetworks,andperhapsinpartbecauseofthat,itwasnever usedtoconnectcomputersofdifferenttypes. YoucanuseNetBEUIastheunderlyingprotocolforsharingfilesandprinters inWindows,butit’sprobablyeasieratthistimetostickwithTCP/IPinstead, especiallysincesomeresidentialgatewaysmaynotbridgeNetBEUIfromwired towirelessnetworks.
AppleTalk AppleTalkisasuiteofnetworkprotocolsdevelopedbyApplefornetworking MacintoshcomputersandLaserWriterlaserprinterstogether,andwhenit cameout,itwasrevolutionary.ThoughAppleTalkisn’taparticularlyhighspeednetworkprotocol,itofferswelcomefeaturestousers,suchasautomatic discoveryofnetworkdevices,sousersdon’thavetoknowtheaddressesof computersorprinterstowhichtheywanttoconnect. NOTE AfriendofoursatApple,StuartCheshire,helpedleadaworkinggroupthat developedastandardprotocolcalledZEROCONF(forzeroconfiguration),an attempttobringtheease-of-useofAppleTalktoTCP/IPnetworking.Apple callsthetechnologyRendezvousandispromotingitheavilytohardware
AppendixA| NetworkingBasics manufacturers;MicrosofthasalreadybuiltpartofitintoWindowsXP, remarkably.Sinceit’sastandardthat’sintheprocessofbeingfinalized bytheInternetEngineeringTaskForce(IETF),anInternetstandardsbody, ZEROCONFhasagoodchanceofsucceeding.Formoreinformation,visit www.zeroconf.org.
Severalsoftwareproducts,includingMicrosoft’sownServicesforMacintoshin WindowsNT/2000andthefreeUnix/Linux/BSDNetatalkpackage,support AppleTalkforotherplatforms,butAppleTalknevertookoffforconnecting computersotherthanMacs.EvenApplehasbeenmovingawayfromAppleTalk, insteadbasingallofitsnetworkservicesonTCP/IP.BecauseoldMacsandold AppleLaserWriters(whichcommunicateviaAppleTalk)tendtostickaround, though,AppleTalkisn’tlikelytodisappearentirelyforsometime. IfyourMacintoshhardwarewaspurchasedinthelastfewyears,youdon’thave toworryaboutAppleTalkatall.TokeepanoldLaserWriteravailableonyour network,however,youneedtomakesureyouhaveAppleTalkturnedon(check theAppleTalkcontrolpanelinMacOS9ortheNetworkpreferencespane inMacOSX).Ifyoubuyanaccesspoint,makesureitcanbridgeAppleTalk fromwiredtowirelessnetworks;forinstance,Apple’sAirPortBaseStation can,whereasLinksys’saccesspointscannot. NOTE AdamworkedaroundthislimitationinhisLinksysgatewaybyconnectinghis LaserWritertoanAsantéTalkEthernettoLocalTalkBridge,andthensharing theprinterfromaserverrunningMacOSX.HecanprinttotheMacOSXbasedprintserverusingTCP/IP(heusestheDesktopPrinterUtilityinMac OS9,andhecreatedaprinterusingIPPrintinginMacOSX’sPrintCenter utility);theserverthenpassestheprintjobtotheLaserWriterviaAppleTalk andtheAsantéTalkEthernettoLocalTalkBridge.It’sneatthatitworksatall, andanaddedbenefitisthatprintjobscanwaitontheserveruntilheturns ontheprinter,evendayslater.
ApplyingNetworks Movinguponemorelevelintheschemeofthings,youneedprogramsthat talkovernetworksandexchangeinformation.Otherwise,whybotherhavinga networkatall?It’slikelythatyou’realreadyfamiliarwithmanyoftheprotocols inthiscategoryintheTCP/IPworld,atleastthroughtheapplicationsthat implementthem.
DNS EverycomputerontheInternetmusthaveauniqueIPaddressthatidentifies it.ButIPaddresseslike216.168.61.154aren’teasyforhumanstorememberor type,sothedomainnamesystem(DNS)wasdevelopedtotranslatebetween
465
466
TheWirelessNetworkingStarterKit
human-readablenameslikewww.tidbits.comandtheirassociatedIPaddresses. So,ifyouvisitwww.tidbits.cominyourWebbrowser,thebrowserasksaDNS serverwhatIPaddressgoeswithwww.tidbits.com.TheDNSserverchecksto seeifitknowstheIPaddressforwww.tidbits.comalready;ifnot,itqueriesother DNSserversuntilitfindtheappropriateIPaddress.ThentheDNSserver returnstheIPaddress, 216.168.61.154,toyourWebbrowser,whichproceeds tomaketheconnectiontothewww.tidbits.comserver.
PortsinaStorm Inthisappendix,wetalkabouttwodifferent waysaddressingcantakeplace—Ethernet MACaddressesandIPaddresses.Buthow doesacomputerdifferentiateamongthedifferenttypesofdatathatcomein?Whatseparates anemailmessagefromaWebpagefroman instantmessage?Oneword:ports,andinthis casewe’renottalkingaboutphysicaljackson yourcomputer. Togobacktoourrailroadanalogy,ifyouconsideracomputertobearailroadstation,thena portisaloadingdockatthestationthataccepts onlyonetypeofcargo.Perishablefoodsgoto oneloadingdock,heavyequipmenttoanother, andsoon.Similarly,everyInternetservicefrom emailtotheWebusesaspecificport.Thus,a portisessentiallyanaddressrefinement—the IPaddressidentifiesthedestinationcomputer, andtheportnumberidentifieswhatsortof dataisbeingsenttothatcomputer. Manyportnumbershavebeenagreedupon foralongtime(andarethusreferredtoas “well-known”ports),soforinstance,SMTP usesport25,DNSusesport53,theWeb usesport80,andsoon.However,nothing preventssomeonefromrunningaserveron anotherwiseunusedport,soyou’llsometimes seeWebserversrunningonport8080.And
someprotocols,likeFTP,maystartonone portbutswitchtoanotherunusedportafter settinguptheconnection. Youshouldknowthreemainfactsaboutports:
• IfaWebsiteyouwanttovisitisrunningon anunusualportnumber,youmustbuildit intotheURLyousendotherpeopleoruse onWebpages,asinhttp://www.example.com: 8080/index.html.Theportnumbercomes afterthedomainnameandacolon.
• Firewallsusuallyworkbyallowingtraffic
topassononlyafewspecificports.Ifyou trytouseanapplicationthatrequiresaport thatyourfirewallhasclosed,thatapplication won’twork.
• RunningserversbehindaNATgateway
canbeproblematic,becausetheNATgatewaywon’tknowwheretodirectincoming requests.Atechniquecalledportmapping helpsworkaroundthisproblem.Inyour NATgateway,yousimplysaythatalltraffic onport80,forinstance,shouldbepassedto aninternalcomputerthat’sactuallyrunning aWebserver.Withoutthisportmapping, themachineactingastheNATgateway wouldassume—incorrectly—thatitwas theintendeddestination.
AppendixA| NetworkingBasics
NOTE IPaddressesmaychangeforinfrastructurereasons,orwhenacompanymoves serversfromonehostingfacilitytoanother.ButbecauseDNS-assignednames canstayconstant,theyenableDNStoworkasapointertoresourcesinstead oftopermanent,fixedaddresses.
DNScanbeaproblemonanynetworkthatreliesonDHCPandNATtotranslate betweenprivateinternaladdressesandasingleexternalIPaddress.ManyInternet serviceprovidersofferdynamicIPaddressesthatcanchangefromdaytoday;this approachpreventsDNSserversontheInternetfromknowingyourIPaddress, andthuspreventspeoplefromconnectingdirectlytoyourcomputer.Luckily, there’saworkaroundthatletspeopleconnecttoyourcomputerevenwhenyou haveadynamicIPaddress.AservicecalleddynamicDNSenablesyoutomapan unchanginghostnametowhateveryourcurrentIPaddressmaybe.SeeChapter 16,BuyingaWirelessGateway,formoreaboutdynamicDNS.
FTP FTP(FileTransferProtocol)isanincreasinglycreakywaytoretrievefilesfrom oruploadfilestoaremoteserver.FTPismostcommonlyusedinconjunction withWebservers,whereyouuseFTPtouploadtheHTMLfilesthatmake upaWebsite. FTPisoneoftheearliestInternetprotocols,andithasabehaviorthatcancause frustrationifyouuseitfrombehindaNATgatewayandafirewall.Whenyou initiateanormalFTPsession,theFTPserverrespondstoanarbitraryportto startthetransaction.UnlessyourfirewallandNATgatewayaresetuptoallow incomingaccesstoanyoldport,theconnectionwillbeblocked.
PasswordsintheStream FTPsendsitspasswordsasplaintext,which shouldworryyou,sinceanetworksnooperwho managedtostealyourpasswordbywatching yourFTPtrafficcanusethatpasswordtolog intoaterminalaccountonthesamemachine oruploadnewfilestoyourWebsite.
maintainsecuritybysendingyouconfirmation emailandrequiringthatyouclickalinkinthat message,makingitpossibleforasnooperto readyouremailcouldopenyouuptoahost ofotherproblems.
Bydefault,POPandIMAPalsotransmittheir passwordswithnoencryption,meaningthat someonecouldreadyouremail.Thatmaynot sounddire,butbecausemanyInternetservices
SeeChapter24,WirelessWorries,foradviceon evaluatingyourrealriskandChapter26,SecuringDatainTransit,forhowtoencryptyour passwordsandotherdatawhileintransit.
467
468
TheWirelessNetworkingStarterKit
Luckily,manyFTPclientsandmostserverssupportanoptioncalledpassive FTP.PassiveFTPstartsaconnectionfromthewell-knownport21,whichis reservedforFTP,andtheserverrepliesoverthesameport.
SMTP,POP,andIMAP Thesethreeprotocolsareusedforsendingandreceivingemail.Mailthat yousendreliesonSMTP(SimpleMailTransferProtocol),whileyoureceive incomingemailviaPOP(PostOfficeProtocol)orIMAP(InternetMessage AccessProtocol).Forthemostpart,there’snothingunusualinhowthese protocolsinteractwithwiredorwirelessnetworks.
HTTP ThemostcommonapplicationprotocolinuseontheInternettodayisHTTP (HypertextTransferProtocol).ItstartedasthebasiclanguageoftheWeb, althoughit’snowusedforavarietyofotherfunctions,includingtheWebDAV fileservice(Web-BasedDistributedAuthoringandVersioning).
ConfiguringYour NetworkSettings
B
Mostmoderncomputersdefaulttousingnetworksettingsthatjustworkas soonasyoumakesomesortofanInternetconnection.Achievingthiseaseof useinvolvestheuseofDHCP,whichiscalledDynamicHostConfiguration Protocolforareason.WhenyouuseDHCP,yourcomputerpicksupallits networksettingsdynamicallyfromaDHCPserver(usuallyinyourwireless gateway),andyoudon’thavetosetanythingelse.Westronglyrecommend thatyouuseDHCPwheneverpossible,particularlyifyou’retraveling,sinceit makesswitchingamongdifferentnetworksmucheasier. Insomecases,youmayneedtoenternetworksettingsmanuallyratherthan relyingonDHCP.Ifyou’reworkingonanexistingnetwork,askthesystem administrator,orpersonwhosetitup,whattoenter.Ifyou’reconnecting directlytoanInternetserviceprovider,refertoitsdocumentation,askitsHelp Desk,orusetheadviceinthesidebar“ConfiguringYourNetworkSettings Manually.” TIP Youmayneedtoconfigureyourcomputerwithmanualsettingsbrieflywhen settingupanewwirelessgateway,sinceyoucan’taccessaWeb-basedinterface unlessyourcomputercanbeonthesamenetwork(usually192.168.1.xor 10.1.1.x,wherexisanynumberexcept0and255)asthegateway.Referto yourgateway’smanualforspecifics.
470
TheWirelessNetworkingStarterKit
ConfiguringNetworkSettingsinWindows NomatterwhichversionofWindowsyou’reusing,youmustinstallyourwireless networkadapterandconfigurethenetworksettingsappropriatelybeforeyou canuseanyoftheinstructionsinChapter6,ConnectingYourWindowsPC,to configureyourwirelessclientsoftware.Followthesestepstoconfigureyour networksettings: NOTE IfyourWi-Finetworkadapterisalreadyinstalledandworking,skiptothestep 4belowthatcorrespondstoyourversionofWindows.
1. InstallthedriversforyournetworkcardusingtheCD-ROMorfloppy
diskthatcamewithit,orusinganinstalleryoudownloadedfromthe manufacturer’sWebsite. 2. Shutthecomputerdown,andconnectyournetworkadaptertothecomputer.
Powerupagain. TIP Shuttingdownisn’tessentialforPCCardorUSBwirelessnetworkadapters, butitisforPCIcardsorotherinternalcards,andstartingfromscratchis alwaysagoodidea.
3. Ifallgoeswell,Windowsidentifiesyournewwirelessnetworkadapter,
loadsthedriveryouinstalled,andcreatesanentryintheNetwork(95/98/ Me/NT)orNetworkConnections(XP/2000)controlpanelcorresponding tothehardware(FigureB.1). FigureB.1 Windowsrecognizes newhardwareand configuresit.
NOTE IfWindowsdoesnotautomaticallydetectandconfigureyournewwireless networkadapter,youshouldrefertoAppendixC,HowtoTroubleshoot,and Chapter14,TroubleshootingYourConnection,fortroubleshootingtactics andsolutions.
AppendixB| ConfiguringYourNetworkSettings
Here’swherethestepsdiverge,splittingintoinstructionsforearlierversions ofWindows(95,98,Me,andNT)andformorerecentversions(2000 andXP). Windows95/98/Me/NT 4. OpentheNetworkcontrolpanel,andintheConfigurationtabcheckthat
youhaveTCP/IPmappedtothenewdevice(FigureB.2).Forinstance,if yourcardisidentifiedinWindowsas“LinksysWPC11WirelessNetwork Adapter,”youshouldseeanentrythatsays“TCP/IP->LinksysWPC11…” 5. Ifyouneedadditionalnetworkingprotocols(manypeopledon’t),click
Add,chooseProtocol,scrolltoMicrosoftorothercompaniesontheleft, andselectNetBEUIorwhicheverotherprotocolyouwantorneed. Ifyou’reusingdynamicaddressingwithaDHCPserver,whichwe recommendbecauseit’stheeasiest,youcanleavethedefaultsettings aloneandskiptostep8,whereourinstructionsconvergeagainforall versionsofWindows.
ConfiguringYourNetworkSettingsManually Ifyou’reconnectingtoyourownaccesspoint andhavedecidednottouseDHCP,noone cantellyouwhatnetworknumberstoenter. That’susuallynotasbadasitsounds,because ifyou’rethetypeofpersonwhowantstouse amanualconfiguration,yougenerallyknow whattoenter.Inthatsituation,here’sabrief rundownofthenecessarybitsofinformation toenter.
• IPaddress.ThisistheIPaddressforyour computer.Itmustbeinthesameprivate networkrangeasyouraccesspoint,usually 192.168.1.xor10.1.1.x,wherexisanynumberexcept0and255(whicharereserved forspecialpurposes).Thenumbermustbe uniqueonthelocalprivatenetwork.
• Subnetmask.Thissettingindicatesthesize ofyournetwork,andifyou’reusinganIP
addressinoneofthetworangesabove,you shouldenter255.255.255.0forsubnetmask.
• Gatewayorrouteraddress.Thisisthein-
ternalIPaddressofyouraccesspoint,and it’sprobablyanIPaddressinyourprivate range,like192.168.1.1.(Wealwaysmake ourgatewaysoneofthefirstaddressesin theIPrange,skipnineaddresses,and thenstartassigningIPaddressestocomputers.Thegatewayusuallyendsupbeing 192.168.1.1,forinstance,andthecomputers startat192.168.1.10.)Microsoftusesthe termgateway;Applecallsthesamething arouter.
• DNSserveraddresses.Forthesenumbers, entertheaddresses—therewillusuallybe atleasttwo—giventoyoubyyourISP.
471
472
TheWirelessNetworkingStarterKit FigureB.2 Network controlpanel’s Configurationtab.
6. SelectTCP/IP->device(whereyourparticularadapter’snameappears
insteadofdevice)fromthelistandclickProperties(FigureB.3). 7. Ineachofthreetabs—DNSConfiguration,Gateway,andIPAddress—
clicktheradiobuttonsforenablingDNSandspecifyinganIPaddress, afterwhichyoucanenterthenecessaryIPaddress,subnetmask,gateway address,andDNSserveraddresses. TIP Wheredoyougetthesesettings?Seethesidebar“ConfiguringYourNetwork SettingsManually”inthisappendix. FigureB.3 TCP/IPProperties.
AppendixB| ConfiguringYourNetworkSettings
WindowsXP/2000 4. OpentheControlPaneldirectory(accessiblefromtheStartmenuin
WindowsXP,andfromtheSettingsmenuintheStartmenuinWindows 2000),andthenopenNetworkConnectionsinWindowsXP(Figure B.4)orNetworkandDial-upConnectionsinWindows2000. FigureB.4 WindowsXP Network Connections window.
5. Right-clicktheiconnamedWirelessNetworkConnectionandchoose
PropertiesfromtheshortcutmenutoopenthePropertiesdialogforthe connection(FigureB.5).IfnoitemnamedWirelessNetworkConnection isinthelist,thentheadapterisn’tinstalledcorrectly,andyoushould walkthroughthestepstoinstallthenetworkadapteragain,orreadour troubleshootingadviceinChapter14,TroubleshootingYourConnection. FigureB.5 WindowsXP WirelessNetwork Connection Propertiesdialog.
473
474
TheWirelessNetworkingStarterKit
NOTE Eachwirelessconnectionisnumberedseparately,soifyouremoveandadd manywirelessadapters,youmayfindyourselfwithconnectionslabeled “WirelessNetworkConnection12,”asGlenndidonamachineusedfor testingwirelessnetworkcards.
6. SelectInternetProtocol(TCP/IP)fromthelist.Ifthere’snocheckmark
intheboxnexttoitsname,checkthatbox.(IfTCP/IPorotherprotocols youneedaren’tlisted,clickInstall,andselectthemfromtheProtocolslist orClientslist.)ClickthePropertiesbuttontoopentheTCP/IPProperties dialog(FigureB.6). FigureB.6 WindowsXPTCP/IP Propertiesdialog.
7. Ifyou’reusingdynamicaddressingwithaDHCPserver,thenyoucan
leavethedefaultsettingsaloneandskiptostep8. Otherwise,selectUsetheFollowingIPAddressandUsetheFollowing DNSServerAddressesradiobuttonsandentertheappropriatevaluesfor yourIPaddressandDNSservers.(Seethe“ConfiguringYourNetwork SettingsManually”sidebarearlierforwheretogetthesenumbers.) AllWindowsversions 8. ClickOKtwice:oncetoclosetheTCP/IPPropertiesdialogandasecond
timetoclosetheNetworkcontrolpanelorWirelessNetworkConnection Propertiesdialog. 9. Restartyourcomputerwhen(orif)Windowspromptsyoutodoso.
AppendixB| ConfiguringYourNetworkSettings
ConfiguringNetworkSettingsinMacOS8.6/9.x ToconfigureyournetworksettingsinMacOS8.6and9.x,youworkinthe TCP/IPandAppleTalkcontrolpanels.Followthesestepstoconfigureyour networksettings.Afterthat,youcanreturntotheinstructionsinChapter8, ConnectingYourMacintosh,toconfigureyourAirPortsoftware: 1. FromthehierarchicalControlPanelsmenuintheApplemenu,choose
TCP/IPtoopentheTCP/IPcontrolpanel. 2. FromtheFilemenu,chooseConfigurationstoopentheConfigurations
dialoganddisplaythedifferentconfigurationsyoumayhave(FigureB.7). FigureB.7 Creatinga newAirPort configuration.
3. IfthereisaconfigurationcalledAirPort,selectitandclickMakeActive.
Otherwise,selectanyotherconfiguration,clickDuplicate,andnamethe configuration“AirPort”(orwhateveryouwant—thenameisn’timportant). ThenselectyournewAirPortconfigurationandclickMakeActive. 4. BackintheTCP/IPcontrolpanel’smainwindow,chooseAirPortfrom
theConnectViapop-upmenu(FigureB.8). 5. Assumingyou’reconnectingtoanAirPortBaseStationorotheraccess
pointthathasDHCPturnedon,chooseUsingDHCPServerfromthe FigureB.8 Configuringthe TCP/IPcontrol panelforusewith AirPort.
475
476
TheWirelessNetworkingStarterKit
Configurepop-upmenu.IfyouinsteadwanttouseastaticIPaddress, chooseManuallyfromtheConfigurepop-upmenuandentertheappropriate IPaddress,subnetmask,routeraddress,andDNSserveraddresses(Apple labelsthisfield“Nameserveraddr”).Ifyou’renotsurewhattoenterhere, refertothe“ConfiguringYourNetworkSettingsManually”sidebarnear thestartofthisappendix. 6. ClosetheTCP/IPcontrolpanel,andsavethesettingswhenprompted. 7. FromthehierarchicalControlPanelsmenuintheApplemenu,choose
AppleTalktoopentheAppleTalkcontrolpanel. 8. Follow steps 2 and 3 again to select or create a new AirPort
configuration. 9. FromtheConnectViapop-upmenu,chooseAirPort(FigureB.9). 10. Close the AppleTalk control panel, and save the settings when
prompted. FigureB.9 Configuringthe AppleTalkcontrol panelforusewith AirPort.
ConfiguringNetworkSettingsinMacOSX InMacOSX,youchangenetworksettingsintheNetworkpreferencespane inSystemPreferences.Followthesestepstoconfigureyournetworksettings. Afterthat,youcanreturntotheinstructionsinChapter8,ConnectingYour Macintosh,toconfigureyourAirPortsoftware: 1. ChooseSystemPreferencesfromtheApplemenu,orclickitsiconon
theDock,andonceSystemPreferencesopens,clicktheNetworkiconto displaytheNetworkpreferencespane. 2. ChooseAirPortfromtheShowpop-upmenu.
IfAirPortdoesn’tappearinthemenu,chooseNetworkPortConfigurations, selecttheOncheckboxnexttoAirPort,andchooseAirPortfromthe Showpop-upmenu.
AppendixB| ConfiguringYourNetworkSettings
ThedisplaychangesbacktotheAirPortconfigurationscreen. 3. ClicktheTCP/IPtab,andfromtheConfiguremenu,chooseUsingDHCP
ifyouraddressisassigneddynamicallybyaDHCPserver.Ifyouwant toenterastaticIPaddressinstead,chooseManuallyandenteryourIP address,subnetmask,router,andDNSservers(FigureB.10).Ifyou’renot surewhattoenterhere,refertothe“ConfiguringYourNetworkSettings Manually”sidebarnearthestartofthisappendix. FigureB.10 ConfiguringTCP/IP forusewithAirPort.
4. ClicktheAppleTalktab,andcheckMakeAppleTalkActivetoletAppleTalk
passoveryourwirelessnetworkalongwithTCP/IP(FigureB.11). TIP WithAirPortandanothernetworkingmethodactive,likeEthernet,MacOSX warnsyouthatAppleTalkcanworkoveronlyoneofthenetworks.
5. ClicktheApplyNowbuttontoactivateyourchanges.
TIP Ifyoutravelregularlyandfindthatyouneedtochangeyoursettingsoften, youcaninsteadcreatemultiplelocationsusingtheNewLocationiteminthe LocationmenuatthetopoftheNetworkpreferencespanel.Eachlocationcan haveitsownAirPortconfiguration,andyoucaneasilyswitchamongthem usingtheLocationmenu.
477
478
TheWirelessNetworkingStarterKit FigureB.11 Configuring AppleTalkforuse withAirPort.
HowtoTroubleshoot
C
Mostpeoplehavelittletroublenoticingproblems.Butwe’venoticed—andas usabilityexpertDonNormanhasfrequentlysaid—thatnewusersassumethat it’sthembehavingincorrectlyratherthanacomputer-relatedfaultthatcan(and should)beeliminated.Ifyoufindyourselfroutinelyperformingthesamesetof stepstoworkaroundsomeproblem,werecommendtakingafewmomentstowork throughthesestepstoseeifyoucansolvetheproblemandsimplifyyourlife. NOTE Sometimesworkaroundsdoreflectabsencesinaprogramoroperatingsystem. Determiningwhetherit’sabug,amisunderstanding,oranabsenceiskeyto troubleshooting.
Themostimportantpieceofadvicewecangiveinthisappendixis:be methodical.Ifyoustarttryingsolutionstoaproblemwithoutthinkingabout whatcausedtheproblemandwhattheeffectofanygivensolutionmaybe,you justcomplicatetheentiresituation.Thebestwaytoencourageamethodical approachistogetanotebookandtakenotesaboutwhatyousee(especiallyany errormessages),whatyoudo,andtheeffectsofwhatyoudo.There’snoneed tobetrulyobsessiveabouttakingnotes,butmakesureyouatleastdescribe theorderofevents,justincaseyouneedtoreferbacklater. Followthisfive-stepprocesstogettothebottomofanyproblem.
1.DescribetheProblem Thefirststepistoidentifytheproblemandgatherinformationaboutit.That soundssimple,anditusuallyis,becausemostproblemsaren’tparticularly
480
TheWirelessNetworkingStarterKit
subtle.Perhapsyoucan’tsendemail,oryouronewiredcomputerisn’tvisible tothecomputersonyourwirelessnetwork. It’simportanttodetermineiftheproblemisreproducibleorintermittent. Althoughanintermittentproblemmaybelessannoyingthanareproducible problem,sinceyoumaybeabletokeepworkingthroughit,intermittentproblems aremuchhardertotrackdown,becauseoneofthevariablesisrelatedtosome time-orstate-relatedfact.Reproducibleproblemsbegtobesolved,because yougenerallycan’tkeepworkinguntilyou’vesolvedtheproblem. Alsopayattentiontoanyvisibleindicatorsthatmightgivemoreinformation abouttheproblem.Forinstance,mostnetworkadaptershaveLEDsthatindicate whenthey’repoweredupandflashwhentrafficisflowing.IfthoseLEDsaren’t workingthewayyouexpect,that’sanimportantpieceofinformationtoadd tothedescription. Finally,beonthelookoutforanyerrormessageswhensomethingfails—or eventhefactthatnoerrormessageappears.Writethesedownexactlyasyou seethemortakescreencaptures,sinceeverydigitorletterinanerrornumber canbeimportant.
2.BreaktheSystemApart Onceyouhaveafirmgraspontheproblemyou’retryingtosolve,youneedto startbreakingthesystemrelatedtotheproblemintodiscretestepsorpieces. Thenyoucanstartanalyzingdifferentpartsofthewhole.Thehardparthere isthatyoumaynotrealizewhatthedifferentpartsofthesystemare,making itdifficulttounderstandhowonecouldfail. Forinstance,taketheexampleofawirelessnetworkthatalsohasonecomputer connectedviaanEthernetcable.Inthissamplenetwork,theonewiredcomputer isusedasaninformalfileserver.You’reusingoneofthewirelesscomputers, andyousuddenlycan’tconnecttoasharedfolder.Whatarethevariables involvedhere?Let’sdeterminewhatmustbetrueforthesituationtowork properly,afterwhichwecanstarttestingeachofthecomponents.Here’swhat mustbetrue:
• On your computer, you need properly installed file sharing client software.
• Yourcomputermusthaveaworkingconnectiontotheaccesspoint. • Theaccesspointmustallowyoutoseeacomputerconnectedviawired Ethernet.
AppendixC| HowtoTroubleshoot
• ThewiredEthernetcomputermusthaveaworkingconnectiontothe accesspoint.
• FilesharingserversoftwaremustberunningonthewiredEthernet computer.
• AfoldermustexplicitlybesharedonthewiredEthernetcomputer. Youcouldcertainlybreakthesepiecesintoevensmallerpieces,butthisshould besufficienttogetstarted. Keepinmindthatwhatwe’vejustdescribedisonlyoneworkingsystem,whichis important,becauseifthereareotherworkingsystems—otherwirelesscomputers thatcanseethefileserver—thathelpsusisolatetheproblemmorequickly. Noteallthesevariablesbrieflyinyournotebook,andifyou’reapictureperson, considerdrawingyourselfadiagramofhowitallfitstogether;diagramscan comeinhandyifyouneedtobreakthesystemapartbydisconnectingcables orrearrangingequipment.
3.AskYourselfQuestions Nowthatyou’veidentifiedallthepartsofasystem,it’stimetolookcarefully ateachpart,makingupapossiblereasonwhyafailureatthatpointcouldbe responsibleforthewholeproblem.Inourexample,let’stakeeachvariableand analyzeit,askingquestionsthatleadtotests:
• Filesharingclientsoftwareisofcoursenecessary,butsinceyouwere abletoconnectpreviously,it’sagoodassumptionthatit’sinstalled.Isit turnedon?Hasanythingchangedsinceyoulastconnectedsuccessfully thatmightprovideaclue?Haveyourestarted?(It’salwaysworthtrying.) Whataboutothercomputers?Cantheirfilesharingclientsoftwaresee thewiredcomputer?
• Areyouconnectedtotheaccesspoint?Isitworkingforothernetworkrelatedtasksatthesametimeyoucan’tconnecttothewiredcomputer?
• Istheaccesspointconfiguredcorrectlysowirelesscomputerscanseethe
wiredcomputer?Sinceitworkedproperlybefore,thislikelyisn’tthesource oftheproblem.Hasanythingchangedontheaccesspointsinceyoulast connectedthatcouldberelated?
• CanthewiredcomputerconnecttotheaccesspointviaEthernet?Never underestimatethetroubleabroken,loose,orflakycablecancause.
481
482
TheWirelessNetworkingStarterKit
• Isfilesharingonthewiredcomputerturnedonandconfiguredproperly? Hasanythingchangedonthatcomputerthatmighthaveresultedinfile sharingbeingturnedofforreconfigured?Haveyourestartedthewired computerrecently?
• Isthesharedfolderstillshared?Couldsomeonehavechangedwhich folderswereshared?Hasthefolderbeenmovedorrenamedorotherwise modifiedinsomewaythatmighthavechangeditsstate?
Wementionedthedifferencebetweenreproducibleandintermittentproblems above;ifyouhaveanintermittentproblemconnectingtothewiredEthernet computer,thatgeneratesadditionalquestions.
• Doestheproblemhappenatalltimesofday?Doesithappenrightafter you’vedonesomethingelse?Isitrelatedtothepresenceorabsenceofany othercomputersonthenetwork?
Jotthesequestionsdowninyournotebook,numberingthemsoyoucaneasily referbacktothemwhenyoustartansweringthequestionsthroughtesting.
4.AnswerQuestions Onceyouhaveyourlistofquestions,revisititandthinkaboutatestyoumust performtoanswereachquestion.Separateyourquestionsroughlyintoeasy, moderate,andhardcategories(youmightwriteanE,M,orHnexttoeach question’snumberinthemargin). Alsogiveyourintuitionachancetowork.Ifyouhaveanaggingfeelingthat yourspousemighthaveletyour4-year-oldnephewplayagameonthewired Ethernetcomputer,startwiththatmachine.Or,ifyoujusthadtoresetthe accesspointtofactorydefaultsettingsforanotherreason,startthere. Whereveryouchoosetostart,beginwithteststhateliminatetheeasiestquestions first.Forinstance,it’strivialtocheckifyournephewkickedtheEthernetcable outofthejack;there’snoreasontoconsiderreinstallingtheentireoperating systemonthatmachineuntilyou’veexhaustedeveryeasieroption. NOTE Glennknowsaboutreinstallingtheoperatingsystematthispoint:heonce wentthroughthepainofreinstallingWindowsXPProfessionalbeforebeing toldthatasingle,obscuresystemserviceneededtobereset.Oy.
Workingmethodicallyisessentialinthisstep,andifyouchangesomething inawaythatsignificantlychangesyourvariables,it’sbest(ifpossible)toput
AppendixC| HowtoTroubleshoot
itbacksothesituationstaysthesameaswhenyouanalyzedtheproblem.For instance,ifyouhadbeenthinkingaboutinstallinganewaccesspointthat you’djustbought,don’tdothatinthemiddleofthetroubleshootingprocess oryouriskconfusingeverything. Makesuretocheckoffeachquestionyouanswerinyournotebook,andnote anyinterestingthingsthathappenedwhenyouperformedthetest.Wedon’t suggestyoudothisbecauseyou’regoingtoforgetwhatyou’vedonewhile you’retroubleshooting,butbecauseyoumayhaveforgottenbythenexttime theproblemhappens.Plus,ifyouendupwantingtoasksomeoneelsefor help,youcansayauthoritativelythatyouhadindeedtriedaparticulartest withnegativeresults. Inmostsituations,thesolutiontoyourproblemwillmakeitselfclearduring thisprocessofansweringquestions.Perhapsit’ssummer,andthereinstallation ofyourscreendoorisblockingthewirelessnetworksignal,orperhapsyour spouseconfiguredthecomputerinanunusualwayforyournephew’sgame. Maybeyouraccesspointlosttrackofthewireless-to-wiredEthernetbridge settings,ormaybeyourcomputerjustneededtoberestarted.
5.GetExpertHelp Butwhatif,afterallthesesteps,youstillhaven’tsolvedtheproblem?Failureto solveaproblemonyourownisnocauseforsurrender,becauseyouusuallyjust don’tunderstandthesystemwellenoughtobreakitintoappropriatechunks. Orperhapsyousimplydidn’tthinkofthenecessarytests. Forinstance,inourexample,ifyoudidn’trealizethatallthenetworktraffic hadtopassthroughtheaccesspoint,andafactorydefaultreset(perhapscaused byalightningstrike-drivenpowersurge)hadturnedoffwireless-to-wired Ethernetbridging,youcouldeasilyhavetestedeverythingelsewithoutrealizing whatyouweremissing. That’swhereexpertscomein.Sometimestheymayhavesolvedsomany problemsthattheyautomaticallyknowthesolutiontoyourproblembasedon yourdescription.Butmoreoftentheycansimplybreaktheproblemdowninto morechunks,oneofwhichusuallyturnsouttobetheproblem. Here’swhereintermittentproblemscandriveyoucrazy.Althoughanexpertcan offersuggestionsaboutwheretolook,ifyouhaveasystemthatworkssomeof thetime,it’sdifficulttodeterminewhetheryouweretestingthewrongvariables orifyouweretestingtherightvariablesatthewrongtimeorincombination withthewrongsetofothervariables.
483
484
TheWirelessNetworkingStarterKit
WheretoTurn Soyouneedhelp.Whereshouldyouturnfirst?Givetheorderinwhichyou jumpfromexperttoexpertsomethought,sinceyourgoalshouldbetofinda solutiontoyourproblemwiththeleasteffortandcost,nottomentiontheleast irritationtoyourcollectionofexperts. Beforeanythingelse,trysearchingontheWeb,bothincompanysupport databasesandinGoogle(www.google.com).Theonlyhardpartiscomingup withappropriatesearchterms,butit’softenworthfiveminutesofsearching inGoogle.Youwouldn’tbelievethenumberofquestionswe’vereceivedover theyearswhoseanswerswereeasilyfoundinGoogle(sincethat’swherewe lookfirst,too). Ifyouhaveanybooksormagazinesthattouchonthetopic,it’sworthlookingin themaswell,althoughweusuallyprefertosearchtheWebfirst,sinceit’sfaster thanflippingthroughanindexorscanningmultipleissuesofamagazine. NOTE Ofcourse,forproblemswithwirelessnetworking,Chapter14,Troubleshooting YourConnection,andChapter23,TroubleshootingYourWirelessNetwork, arerequiredreading.There’slittlethat’smoreannoyingtoabookauthor thansomeoneaskingforhelpwithouthavingreadtheappropriatesections ofhisorherbookfirst.
IfaWebsearchdoesn’tturnupananswer,oratleastsomenewteststotry, thefastest,cheapest,andeasiestpersontoaskforhelpisanexpertfriend.If youhavesuchafriend,werecommendaskingthatpersonforhelpnext.Be careful,though,becauseoverusingafriend’swillingnesstoansweryourtechnical questionsorfixyourproblemscanstrainotherwisesolidfriendships.Andif thefriendisreallymoreofanacquaintance,evenmorecareiswarrantedto avoidcausingirritation. Ifpossible,trytoperformroughlyequivalentfavorsforthefriendhelpingyou soshedoesn’tfeelexploited.Adamandhiswifeevenhaveapersonal“friend consultingrate”forcomputerhelp:dinner.Thatway,theeventchanges fromaconsultingvisitintoasocialeventwithfriends,andeveryonefeels appropriatelyrewarded.Glennhastradedconsultingforasushilunchanda newcellphone. TIP Ifyou’reeverconfusedaboutwhatsortofhardwaretobuy,eventothepointof decidingbetweenaMacandPC,onewayofbreakingthedeadlockistopick theoptionalreadychosenbyyourbestexpertfriend.Inotherwords,figureout
AppendixC| HowtoTroubleshoot whoyoucancallat9p.m.onaSaturdaynightforhelp,andbuyeitherwhat thatpersonownsorrecommends.Ofcourse,thatfriendmightrecommend theoppositeplatformifsheknowswhatshe’sgettinginto.
Ifyoudon’thaveanexpertfriend,thenextbestoptionistocontactthetechnical supportdepartmentrunbythemanufacturerofthedeviceinquestion.Ifyou haven’talreadydoneso,visititsWebsiteandsearchquicklytoseeifithasanonline databaseofproblemsandsolutionsthatcansolveyourprobleminstantly,along withoften-essentialfirmwareupdatesthatyoucandownloadandinstall. TIP AdamwasrecentlytestinganAsantéwirelessgatewaythatwashaving hugeproblemspickingupandkeepingaDHCP-assignedIPaddressfromhis cableISP.HelookedforafirmwareupdateonAsanté’sWebsite,butbecause theycategorizedthewirelessgatewayunder“Routers,”andnotalsounder “Wireless,”hissearchesallfailed.Oncehecalledtechsupportandwastoldhow tosearchthesupportsite,hewasabletodownloadandinstallthefirmware updatethatsolvedallofhisproblems.
IftheWebsitedoesn’thelp,sendemailorcall.Companytechsupportengineers arelikelytoknowmoreabouttheproductsyou’reusingthananyoneelse,and it’stheirjobtohelpyouifyou’reacustomer(butthatdoesn’tmeanyoushould everbesnottytothem,asweexplainlater).Contactingtechsupportisoften yourbestoptionforgettingfast,accuratehelp. That’snottosaycompanytechsupportworksinallsituations.Techsupport engineersareoftenpaidpoorly,soturnoverishigh,meaningthatit’snot uncommontogetatechsupportengineerwhoknowslessthanyoudo.(Inthat case,askpolitelyifyourproblemcanbeescalatedtosecond-levelsupport.) Somecompanieschargeforsupport,andevenwhensupportisfree,thecalls areseldomtoll-freeanymore.Thatwouldn’tbebad,butit’salltoocommon towaitonholdfor30minutesbeforeyoueventalktoaperson,andthere’s littlethatismorefrustratingthanknowingthatyourphonebillisincreasing 10centsperminutewhileyousitthere,notgettingyourworkdone. Finally,sometechsupportengineersmayknowtheirproductswell,butifthe problemstemsfromaninteractionbetweenseveralproducts,theymaynotsee thebiggerpicture,ortheymaytrytopasstheblameontoanothercompany (whichwill,inthemostannoyingcases,passitback). TIP FiguringthatSonytechnicalsupportwouldhaveonelessexcusetomakein theeventofaproblem,GlennoncerecommendedthatafriendbuyaSony Vaio-brandedversionoftheOrinocoPCCardforthefriend’sVaiolaptop.
485
486
TheWirelessNetworkingStarterKit
Assumingtechsupportfailsyouorisn’tworthcontactingbecauseofusurious chargesorridiculousphonewaittimes,thenextplacetolookforhelpisan appropriateInternetforum.Thehardparthereisidentifyingtherightplace toask,sincesomanydifferentgroupsexist.Checkforappropriatemailing lists,Usenetnewsgroups,Web-basedsupportforums,andevenIRCchannels. Whenwesay“appropriate,”wemeanit.Watchtheforumbrieflybeforeposting yourquestiontomakesurethatwhatyouplantoaskfitsinwiththekindsof discussionsthatgoon,becausepostinganoff-topicrequestforhelpwillirritate peopleunnecessarilyandwon’tprovideyouwiththesolutionyouneed.Plus, itwastesyourprecioustime. TIP Don’tbegreedywhenitcomestoaskingforhelpinInternetforums.They workonlybecauseindividualsarewillingtodonatetheirtimeandknowledge tothepublicgood,soifyouwanttheforumtothrive,beasportandhelp otherswhenyoucan.
Ifallotheravenueshavefailed,orifyouhavenotimeorpatienceforanyof thepreviousapproaches,considerhiringaconsultant.Goingtheconsultant routecoststhemostandisn’tnecessarilyquick,dependingontheconsultant’s scheduleandhowfamiliarhealreadyiswithyoursituation.Butiftheproblem issufficientlysevereorannoying,thetimeandmoneywillbewellspent.
HowtoReportProblems Whenitcomestimetoreportyourproblemstosomeoneelse,yournotesare invaluable,becausewithoutthem,youfindyourselfrepeatingtestsjustto verifytheresultsonemoretime.Obviously,howyoureportaproblemvaries dependingontowhomyou’rereportingit,butthisapproachshouldworkin mostsituations. First,createaprofileofyourcomputerthatlists:
• Yourmodelofcomputer,howmuchmemoryithas,andwhichoperating
systemyou’reusing,withitsmajorversionnumber(likeWindowsXPPro) andanypatches(suchasthe.8inMacOSX10.2.8orServicePack1for WindowsXP).
• Anyrecentchangestothesystem,suchasupgradingtheoperatingsystem itselforinstallingnewdrivers.
• Specialextensionsoradd-insinstalled,likeathird-partyfirewallor,in MacOS9,systemextensions.
AppendixC| HowtoTroubleshoot
• Anyrelevantadd-ondeviceslikeasecondmonitor,third-partyvideocard, SCSIcard,audio/videohardware,scanner,andsoon.
• Versionnumbersforsoftwareordriversthatarerelevanttotheproblem. Often,outdatedortoo-newdriverscauseproblems.
TIP InWindows,lookforaprogramcalledSystemInformation(it’sgenerallyinthe SystemToolsfolderinsideyourAccessoriesfolder),andontheMac,lookfor AppleSystemProfilereitherinyourApplemenuinMacOS9,orinyourUtilities folderinMacOSX.Theseutilitiescangenerateprofilesofyourcomputerthat youcansaveandsendalongwithyourproblemreport.
Onceyou’vedevelopedaprofilethatyoucanmakeavailableifasked,it’stime toreporttheactualproblem.Outlineyourproblemandnotethatyou’vedone standardtroubleshooting.Thenbrieflyrelatewhatyou’vetriedalready,butdon’t gointodetailrightaway,sincethemerefactthatyou’reaskingforhelpmeans thatwhatyoutestedwasn’thelpful.Howyoucontinuetoproceeddependson howinteractivethesupportmediumis. Forsupportsituationsthatlendthemselvestofastinteraction(suchasinperson, viathephone,orinstantmessaging),letthesupportpersonaskquestionsand guideyouthroughtheprocess,sincehelikelyhasideasaboutwheretheproblem
BeNice! Actually, there is something worse than providingincompleteanswerstoquestions, andit’salittlehardtosaythis,butdon’tbea jerk!Youwouldn’tbelievehowmanypeople assumethattheproblemissomehowthetech supportperson’sfault.Yes,you’refrustrated, andpossiblyevenangry,becauseofhaving boughtapieceofhardwareorsoftwarethat justisn’tworking.But,you’refarmorelikely togethelpifyou’renice,oratleastpoliteand professional,whentalkingwiththetechsupportperson. Althoughmostpeoplearemorepolitewhen they’reaskingforhelpinanindependentmailinglistorotheronlineforum,there’sstilla
tendencytowhineorthreatennevertobuy productsfromthecompanyagain.Badidea, becausethepeoplewhoaremostlikelytobe abletohelpyouprobablylikethecompanyand itsproducts,andthemoreyourantandrail, thelessinterestedtheybecomeinresponding toyou.Further,ifyouaresufficientlyannoying,theymaypreferthatyouturntoanother company’sproductsinsteadofcontinuingto harassthem. Putbluntly,there’satimeandaplaceforcomplaints,andcomplaintsshouldbeseparated fromrequestsforhelp.Thatwayyougetthe maximumeffectfromyourcomplaintandstand thebestchanceofreceivinghelp.
487
488
TheWirelessNetworkingStarterKit
is.Ifyoulaunchintoadetailedretellingofwhatyou’vetriedrightoff,youmay overwhelmhimwithunnecessarytrivia.Don’tbeoffendedifheaskswhether lightsarelitorthedeviceispluggedin.Itcanbeirritating,butit’shisversion ofmethodicalproblem-solving. Whenyou’reaskingforhelpinasituationwhereinteractionisslow(suchas directemail,mailinglistposting,Usenetnewsposting,oraWebsupportforum posting),followyourbriefsummaryofwhatyoutriedwithamoredetailedlist ofthetestsyouperformedandyoursystemconfiguration.There’snoneedto explainwhathappenedwithteststhatfailedtoshedanylightonthesituation, butitishelpfultolistthemallsopeopletryingtohelpdon’taskabouttests you’vealreadyperformed.(Intheseslow-interactionformsofcommunication, aback-and-forthinterchangecantakeadayortwo,soyouwanttokeepthe numberofmessagesassmallaspossible.) Ineithersituation,trytoanswerquestionsfromtheexpertsasquicklyand completelyaspossible.Fromourperspectiveofhelpingpeopleovertheyears, there’snothingworsethangettingincompleteanswerstoquestions,forcing ustoaskthesamequestionsinslightlydifferentwaysandstringingoutthe entireinterchange.
DealingwiththeInsolvable We’dliketopretendthatifyoujustfollowallthestepsoutlinedaboveyou cansolveanyproblem.Unfortunately,thereareasmallnumberofproblems thatwillresistyourbestefforts,andthebesteffortsofeveryexpertyoucan bringtobear.That’sbecauseeverythingyoutrytakestimeandeffort,and there’salimittohowmuchenergyandmoneyyoushouldinvesttosolvea givenproblem.Sometimesthebetterpartofvaloristogiveupandbuynew hardwareorsoftwarethateliminatestheproblementirely.Thehopeis,of course,thatyourealizeyou’reheadingdownthispathbeforeyou’vewasted toomuchtimeandeffort. Don’tletthefactthatsomeproblemscan’tbesolvedwithareasonableamountof effortpreventyoufromtrying.Inthevastmajorityofcases,workingmethodically throughthestepswe’veoutlinedwillresultinsuccess.
Glossary
G
Usethisglossarytolookupshortdefinitionsfortermsrelatedtowirelessnetworking.Formore detailedinformation,refertothechaptersindicatedattheendofeachdefinition. 1000Base-T
SeeGigabitEthernet.
100Base-T
AnincreasinglycommonEthernetwiringstandardthatworksalmostexactlylike 10Base-T,butincreasesthemaximumthroughputto100Mbps.100Base-Tis oftencalled“FastEthernet.”(AppendixA)
10Base-2
AnEthernetwiringstandardthatusesthincoaxialcable,hasamaximumsegment lengthof185meters,runsat10Mbps,usesabusnetworktopology,andisn’tin commonuseanymore.10Base-2isalsocalled“ThinNet.”(AppendixA)
10Base-5
AnEthernetwiringstandardthatusesthickcoaxialcable,hasamaximumsegment lengthof500meters,usesabusnetworktopology,runsat10Mbps,andisn’tin commonuseanymore.10Base-5isalsocalled“ThickNet.”(AppendixA)
10Base-T
ThemostcommonEthernetwiringstandard.10Base-Tusestwistedpairwiring that’susedtoconnectbuildings’telephonewiretothetelephonecompany,runs at10Mbps,usesastarnetworktopology,andislimitedtoamaximumsegment lengthof100meters.(AppendixA)
1x
Aprefixforcellulardatatechnologythatindicatesthatonly1.25MHzofspectrum areinuse.(Chapter4)
1xEV-DO
Anupcomingthird-generationcellulardatatechnologyforCDMAnetworksin testingbyVerizonWireless.EV-DOstandsforEvolutionDataOptimized(but issometimesreferredtoasEvolutionDataOnly).(Chapters4,30)
490
TheWirelessNetworkingStarterKit 1xEV-DV
Anupcomingthird-generationcellulardatatechnologyforCDMAnetworks intestingbySprintPCSandAT&TWire-less.EV-DVstandsforEvolution Data/Voice.(Chapter4)
1xRTT
AcellulardatatechnologyforCDMAnetworks.RTTstandsforRadioTransmission Technology.1xRTThasatheoreticalmaximumof144Kbpsofbandwidth,butachievesa practicalthroughputofonly50to70Kbpsintherealworld.(Chapters4,30)
3x
Aprefixforafuturethird-generationCDMAcellularnetworkthatwilluse5 MHzofspectrum,or3timesthe1xspectrumuse.(Chapter4)
802.11 specifications
Afamilyofspecificationsrelatedtowirelessnetworking.Therearetoomany 802.11specificationstolisthere,soseethereferencedchaptersforfulldescriptions. (Chapters2,4)
802.11a
OneofthreewirelessnetworkingspecificationsundertheWi-Firubric.802.11a usesthe5GHzbandandrunsat54Mbps.802.11aislittleusedoutsidespecific businesssituations.(Introduction,Chapter2)
802.11b
Themostcommonofthethreewirelessnetworkingspecificationsincludedinthe Wi-Ficertificationmark.802.11busesthe2.4GHzbandandrunsat11Mbps. (Introduction,Chapter2)
802.11g
ThenewestofthethreeWi-Fispecifications.802.11gisbackwardcompatiblewith 802.11b,thanksinparttoitsuseofthe2.4GHzband,anditrunsatthe54Mbps speedof802.11a.Mostnewequipmentuses802.11g.(Introduction,Chapter2)
802.16
ThetechnicalnameforWiMax.802.16andasubset,802.16a,areusedforlonghaulandbackhaulconnections.(Chapter4)
802.1X
Anauthenticationspecificationthatallowsaclienttoconnecttoawirelessaccess pointorwiredswitchbutpreventstheclientfromgainingaccesstotheInternet untilitprovidescredentials,likeausernameandpassword,thatareverifiedbya separateserver.In802.1X,therearethreeroles:thesupplicant(client),authenticator (switchoraccesspoint),andauthenticationserver.(Chapters6,16,22)
accesspoint
Thehubofawirelessnetwork.Wirelessclientsconnecttotheaccesspoint,and trafficbetweentwoclientsmusttravelthroughtheaccesspoint.Accesspointsare oftenabbreviatedtoAPinindustryliterature,andyoumayalsoseethemreferredto as“wirelessrouters,”“wirelessgateways,”and“basestations.”Weprefertouse“access point”whendiscussingtrueaccesspointsthatdon’talsoshareInternetconnections orbridgebetweenwiredandwirelessnetworks.(Chapters3,14,16,17,19)
adhoc connections
Spur-of-the-momentconnectionsmadeforaspecificreasonandthenshutdown. Mostusesofinfraredcommunicationsareforadhocconnections.(Chapters1,12)
adhocmode
Aninformalwayofcreatingawirelessnetworkbetweentwoormorecomputers withouttheneedforacentralizedaccesspoint.(Chapters12,19)
Glossary
adhocnetwork
Ashort-termwirelessnetworkcreatedbetweentwoormorewirelessnetwork adapterswithoutgoingthroughanaccesspoint.Adhocnetworksarehandyfor quicklytradingfileswhenyouhavenootherwayofconnectingtwoormore computers.(Chapters3,12,19)
AES
Anextremelystrongencryptionstandardthat’sjuststartingtobecomeavailable. AESstandsforAdvancedEncryptionSystem.(Chapter22)
aggregator
Acompanythatresellsaccesstoothercompanies’wirelessnetworks.(Chapters 28,29)
AirPortExtreme
Apple’smarketingnameforits802.11gwirelessnetworkingtechnology.(Chapters 2,8)
AirPort
Apple’smarketingnameforits802.11bwirelessnetworkingtechnology.(Chapters 2,8)
amplifier
Adeviceyoucanconnecttoyourantennatoincreasethesignalstrengthand amplifyweakincomingsignals.(Chapter34)
antenna
Adeviceconnectedtoawirelesstransceiverthatconcentratestransmittedand receivedradiowavestoincreasesignalstrengthandthustheeffectiverangeofa wirelessnetwork.Toacceptanantenna,adevicemusthaveanappropriateantenna jack.(Chapters3,14,16,21,23,33,34)
APOP
AprotocolforprotectingemailpasswordsusedwithPOP.APOPstandsfor AuthenticatedPostOfficeProtocol.(Chapter26)
AppleTalk
AnetworkprotocolusedprimarilybyolderMacsandLaserWriterprinters.If youhavesuchhardware,youmustensurethatanyaccesspointsyoubuysupport AppleTalk.(Chapter16,AppendixA,AppendixB)
authenticate
Theprocessofconfirmingtheidentifyofsomeoneconnectingtoanetwork. (Chapters3,22)
authentication server
Aback-enddatabaseserverthatconfirmstheidentifyofasupplicanttoan authenticatorinan802.1X-authenticatednetwork.(Chapter22)
authenticator
Thegatekeeperroleinan802.1X-authenticatednetwork.Youcanthinkofthe authenticatorasagatekeeper;accesspointsandEthernetswitchescanactas authenticators.(Chapter22)
backhaul
ConnectingInternetaccesstoalocationoverlongorshortdistances.Traditionally, wirednetworkshavebeennecessaryforbackhaul,butwith802.16,alsoknown asWiMax,backhaulviawirelesswillbecomeevenmorecommonthanitiswith Wi-Fi.(Chapter4)
band
Anothertermforspectrumusedtoindicateaparticularsetoffrequencies.Wireless networkingprotocolsworkineitherthe2.4GHzorthe5GHzbands.(Chapters 1,2,4)
491
492
TheWirelessNetworkingStarterKit bandwidth
Seethroughput.
basestation
Seewirelessgateway.
Bluetooth
Ashort-rangewirelesscablereplacementtechnology.(Chapters4,11,18)
bridge
Adevicethatpassestrafficbetweentwonetworksthatusedifferentmediaorare physicallyseparate,butwhichusesimilarnetworkstandards.Commonusesfor bridgesincludeconnectingwiredandwirelessnetworks,connectingaHomePlug networktoawirelessnetwork,andconnectingdistantwirelessnetworks(withthe aidofantennas).(Chapters20,33,34,AppendixA)
bridging
Theactofconnectingtwonetworksviaabridge.(Chapters20,33)
busnetwork
Anetworktopologyinwhichallthecomputersconnecttoasinglewire.Busnetworks arealsosometimescalled“daisy-chain”networks,andtheyaren’tcommonlyused anymore.(AppendixA)
captiveportal
AWebpagethatappearsautomaticallywhenyoutrytoaccessanyURLwhen firstconnectedtosomepublicwirelessnetworks.Onthecaptiveportalpage,you mustenterlogininformationoragreetoacceptableusepoliciesbeforeyoucanuse thewirelessnetworktodoanythingelse.(Chapter32)
Cat5
TheonlytypeoftwistedpairwireyoushouldbuyforEthernetnetworks.Cat3 isn’tratedfor100Mbps.(AppendixA)
CDMA
ThetypeofdigitalcellularphonenetworkusedthroughoutmostoftheUnited States,butrareelsewhereintheworld.CDMAstandsforCodeDivisionMultiple Access,andCDMA2000isthethird-generation,or3G,extensiontowhichCDMA cellularoperatorsaregraduallyupgradingtheirnetworks.(Chapters4,30)
Centrino
AmarketingnamedevelopedandpromotedbyIntelforlaptopsthatusethePentiumMprocessor,anIntelPro/Wirelessmini-PCIadapter,andsomeofIntel’ssupport chips.Intelalsorequiressomecompatibilitytestingbeforemanufacturerscanuse theCentrinoname.(Chapter7)
certificate authority
Atrustedthirdpartythatcanassuretheidentityofotherswhenusingsecuritysystems likeSSL.Acertificateauthorityregistersthedigitalidentityofasiteorindividual, andletsyouconfirmmanuallyorautomaticallythatsomeoneyou’reinteracting with—say,overasecureWebconnection—iswhoheappearstobe.(Chapter26)
certificate
Aninstantiationofadigitalidentity.Certificatesaretypicallysignedbyotherpeople orcertificateauthoritiestoguaranteetheirauthenticity.(Chapter26)
channel
Aspecificportionoftheradiospectrum;forexample,thechannelsallottedtoone ofthewirelessnetworkingprotocols.802.11band802.11guse14channelsinthe 2.4GHzband,only3ofwhichdon’toverlap(1,6,and11).Inthe5GHzband, 802.11auses8channelsforindooruseand4othersforoutdooruse,andnoneof themoverlap.(Chapters2,6,15)
Glossary
circuit-switched network
Anetworkinwhichavirtualcircuitissetupforeachconnectioninordertosimulate havingaphysicalwirebetweentwopoints.Thetelephonesystemisacircuit-switched network.Circuit-switchednetworksaregenerallyconsideredlessefficientthan packet-switchednetworksliketheInternetbecausethecircuitremainsreserved evenwhennodataisbeingtransferred(i.e.whennooneistalking).(Chapter4)
cleartext
Sensitiveinformationlikepasswordssentacrossanetworkwithoutencryption. Cleartextisalsocommonlyreferredtoas“intheclear.”(Chapter24)
client association
Theprocessbywhichawirelessclient—likealaptopcomputer—connectstoan accesspoint.(Chapter3)
cloning
Theactofreplicatingonedevice’sMACaddressontoanothertoworkaround restrictionsthatpreventonlyparticularMACaddressesfromconnectingtoa network.Alsosometimescalled“spoofing.”(Chapter16)
closednetwork
Awirelessnetworkthatdoesn’tadvertiseitsnetworkname.(Chapters3,6,17, 25)
collision
Theinterferencethatresultswhentwodevicesonanetworkstarttransmittingat thesametime.
computerto-computer network
Seeadhocnetwork.
crossovercable
Ethernetcablethathasthetransmitandreceivepinsswitched.Youuseacrossover cabletoconnectcertainkindsofnetworkdevices,likehubs.(AppendixA)
daisy-chain network
Seebusnetwork.
decibels
Theunitusedformeasuringantennagain.DecibelsareabbreviatedasdB,and youmayalsoseedBm(decibelsrelativetoareferencelevelof1milliwatt)anddBi (decibelsrelativetoanisotropicradiator,orasinglepointantenna).(Chapters3, 21,34)
DHCP
AprotocolbywhichaserverautomaticallyassignsIPaddressestoclientsso usersdoesn’thavetoconfigurethemmanually.DHCPstandsforDynamicHost ConfigurationProtocol.(Chapters16,17,23,33,AppendixA,AppendixB)
dipoleantenna
Anantennatypethatoffersomnidirectionalcoverage,butnotmuchgain.Access pointsusuallyhaveoneortwodipoleantennastoincreasetheirgainslightly. (Chapters21,34)
directsequence spread spectrum
Oneoftwoapproaches(withfrequencyhoppingspreadspectrum)forsorting outoverlappingdatasignalstransmittedviaradiowaves.Directsequencespread spectrumiscommonlyabbreviatedtoDSSSorDS.802.11busesdirectsequence spreadspectrum.(Chapter1)
493
494
TheWirelessNetworkingStarterKit discoverable
ThestateinwhichaBluetoothdevicemustbetobeseenbyanotherBluetooth deviceforpairing.(Chapters4,11)
discovery
TheactinBluetoothoffindingadiscoverabledevicewithinrangeforpairing.
DMZ
AfeatureinaNATgatewaythatletsyouexposeamachineonyourinternal networktotheoutsideInternet.DMZnominallystandsfordemilitarizedzone, andissometimesalsocalled“virtualserver.”It’sbasicallyportmappingforall availableports.(Chapter17)
DNS
AnInternetprotocolformappingcrypticIPaddresses(like205.232.177.122) tohuman-readabledomainnames(likemacaroni.tidbits.com).DNSstandsfor DomainNameService.(Chapter16,AppendixA,AppendixB)
DSL
AcommonformofbroadbandInternetconnection.DSLstandsforDigital SubscriberLine(Introduction)
dynamicDNS
Atechniquethatletspeopleconnectapermanentdomainnametoanever-charging IPaddress.(Chapters16,17,AppendixA)
EAP
Astandardformofgenericmessagingusedin802.1X,amongotherplaces.EAP standsforExtensibleAuthenticationProtocol.(Chapter22)
EAP-TLS
Usedtocreateasecuredconnectionfor802.1Xbypre-installingadigitalcertificate ontheclientcomputer.EAP-TLSstandsforExtensibleAuthenticationProtocolTranslationLayerSecurity.(Chapters6,26)
EDGE
AnupcomingcellulardatatechnologyforGSMnetworks.EDGEatandsfor EnhancedDataGSMEnvironmentandshouldprovidemorethan100Kbpsof bandwidth.(Chapter4)
encapsulated
AwayofwrappingprotocolssuchasTCP/IP,AppleTalk,andNetBEUIinEthernet framessotheycantraverseanEthernetnetworkandbeunwrappedwhenthey reachthedestinationcomputer.(AppendixA)
ESSID
ExtendedServiceSetIdentifier.Seenetworkname.
Ethernet backbone
ThewiredEthernetnetworkyouusetoconnectaccesspointsinaroamingnetwork. (Chapters15,20)
Ethernet
Themostcommonnetworkingstandardintheworld,formallyknownasIEEE 802.3.(AppendixA)
Faradaycage
Anelectromagneticshield,whichmaybesimulatedinahousebychickenwire supportingplasteronthewalls.(Chapter1)
FastEthernet
See100Base-T.
fasthandoff
Awaythataccesspointscanletauthenticatedusersroamamongdifferentaccess pointswithoutlosingauthentication.Fasthandoffalsomakesvoice-over-IPpossible. Fasthandoffwillbemadepossiblewiththe802.11fspecification.(Chapter4)
Glossary
fingerprint
Ashortsequenceofcharactersyoucansendsomeonesoshecanverifythataspecific publickeyisactuallyyourpublickey.(Chapter26)
firewall
Anetworkprogramthatblocksmalevolenttrafficthatmightendangerthecomputers onyournetwork.(Chapters16,17,27)
firmware
Theinternalsoftwarethatrunsdedicatedhardwaredevices.Upgradestofirmware areoftennecessarytofixproblems.(Chapters2,14,16,23)
framebursting
Anapproachtoincreasingthespeedof802.11g-basedwirelessnetworksby unwrappingshort802.11gpacketsandrebundlingthemintoalargerpacketto reducetheimpactofmandatorygapsbetweenpackets.Frameburstingissometimes called“packetbursting.”(Chapters2,4)
frame
Apacketencapsulatedtotravelonaphysicalmedium,likeEthernetorWi-Fi. Apacketislikeashippingcontainer;aframeistheboatonwhichtheshipping containerisloaded.(AppendixA)
frequency hoppingspread spectrum
Oneoftwoapproaches(withdirectsequencespreadspectrum)forsortingout overlappingdatasignalstransmittedviaradiowaves.Frequencyhoppingspread spectrumiscommonlyabbreviatedtoFHSSorFH.Bluetoothusesfrequency hoppingspreadspectrum.(Chapter1)
Fresnelzone
Anellipticalareaoneithersideofthestraightlineofsightthatmustalsobeclear foralong-rangewirelessnetworktowork.(Chapter34)
FTP
AcommonwayoftransferringfilesontheInternet,thoughit’sprimarilyusedfor uploadingthesedays.FTPstandsforFileTransferProtocol.(AppendixA)
gain
Theamountbywhichanantennaconcentratessignalstrengthinawirelessnetwork. (Chapters3,21,34)
gateway
Seewirelessgateway.
Gigabit Ethernet
Anup-and-comingEthernetwiringstandardthatworksalmostexactlylike10BaseT,butincreasesthemaximumthroughputto1000Mbps,orroughly1Gbps.Gigabit Ethernetismoretechnicallyknownas“1000Base-T.”(AppendixA)
GPRS
AcellulardatatechnologyforGSMnetworks.GPRSstandsforGeneralPacketRadio Serviceandprovidesbetween10and50Kbpsofbandwidth.(Chapters4,30)
GSM
Theprimarytypeofdigitalcellularphonenetworkusedthroughoutmostofthe worldoutsidetheUnitedStates,andagrowingstandardintheU.S.GSMstands forGlobalSystemforMobileCommunications.GSMprovidesaveryslow(9600 bps)cellulardataservice.(Chapters4,30)
header
Addressinformationonpacketsthatsayswhereitshouldgo.(AppendixA)
high-gain antenna
Anantennathatsignificantlyincreasessignalstrength.High-gainantennasare necessaryforlong-rangewirelessnetworks.(Chapters33,34)
495
496
TheWirelessNetworkingStarterKit homegateway
Seewirelessgateway.
HomePlug
Anetworkingstandardthatusesstandardelectricalwiring.HomePlugisprimarily usefulforbridgingwirelessnetworksacrossobstacles(likebrickwalls)thatblock radiowaves.HomePlugrunsat14Mbps.(Chapter15,AppendixA)
HomePNA
Anetworkingstandardthatusesstandardtelephonewiring.HomePNAisprimarily usefulforbridgingwirelessnetworksacrossobstacles(likebrickwalls)thatblock radiowaves.HomePNA2.0runsat10Mbps,andthejust-definedHomePNA 3.0runsat128Mbps,intheory.(AppendixA)
HomeRF
Anow-defunctcompetitortoWi-Fithatintegratedvoice,data,andstreaming mediaintoasinglewirelesssignal.(Chapter2)
hotspot
Aplacewhereyoucanconnecttoapublicwirelessnetwork.(Chapters28,29)
HTTP
ThenetworkprotocolusedbytheWeb,althoughit’salsonowusedformanyother services.HTTPstandsforHypertextTransferProtocol.(AppendixA)
hub
Thecentraldeviceinastarnetwork,whetherwiredorwireless.Wirelessaccess pointsactashubsinwirelessnetworks.(AppendixA)
IEEE
TheInstituteofElectricalandElectronicsEngineers.TheIEEEisanon-profit, technicaltradeassociationthatdevelopsconsensus-basedtechnicalstandardsfor electronicsinseveralindustries.(Chapter2)
IMAP
AnincreasinglycommonwayofreceivingemailfromamailserverontheInternet. IMAPdefaultstostoringmailonaserver,incontrasttoPOP,whichstoresmailon yourcomputer.IMAPstandsforInternetMessageAccessProtocol.(AppendixA)
infrastructure mode
Themostcommonwayofcreatingawirelessnetworkinwhichclientsassociate withanaccesspoint.(Chapters6,12,19)
IPaddress
Thenumericaddress(like192.168.1.1)thatidentifieseachdeviceinaTCP/IP network.(Chapters17,33,AppendixA,AppendixB)
IPsec
Oneoftwoprotocols(withPPTP)usedforVPNs.IPsecstandsforIPsecurity. (Chapter26)
keyserver
AnInternet-basedserverthatletsyoulookupotherpeople’spublickeys.(Chapter 26)
latency
Thelengthoftimebetweenapacketbeingsentandtheresponsetothatpacket beingreturned.(Chapter5)
lineofsight
Aclearlinefromoneantennatoanotherinalong-rangewirelessnetwork.Aline ofsightisnecessaryforalong-rangenetworktoconnect.(Chapters1,33,34)
localarea network
Thecomputersatyoursite,connectedviaEthernetorWi-Fi.Localareanetworkis oftenabbreviatedtoLAN.Comparelocalareanetworkswithwideareanetworks. (Chapter3,AppendixA)
Glossary
LocalTalk
AnoldnetworkingstandardusedbyMacs.LocalTalkrunsat230.4Kbps. (AppendixA)
longhaul
Thetransmissionofdataoverlongdistances,potentiallymanymiles.Traditionally, wirednetworkshavebeennecessaryforlonghaul,butwith802.16,alsoknownas WiMax,longhaulviawirelesswillbecomemorefeasible.(Chapter4)
MACaddress
TheuniqueaddressassignedtoeverywirelessandwiredEthernetnetworkadapter. MACstandsforMediaAccessControl.DespitethefactthatMACaddresses areallunique,it’spossibletoassignonedevice’sMACaddresstoanotherdevice. (Chapters16,25,AppendixA)
masteraccess point
TheprimaryaccesspointinawirelessnetworkthatusesWDStoextendrange. ThemasteraccesspointsharestheInternetconnectionwiththerestoftheremote, orrelayaccesspoints,alongwithallthewirelessclients.(Chapter20)
mesh networking
Anetworktopologyinwhicheverydevicecancommunicatewithanyotherdevice that’swithinrange.Meshnetworkingisparticularlyinterestingforbringingwireless networkaccesstoanentireneighborhood.(Chapter5,AppendixA)
NAT
AnetworkservicethatmakesitpossibletoshareasingleIPaddresswithanetwork ofmanycomputers.NATstandsforNetworkAddressTranslation.SinceaNAT gatewayexposesonlyasingleIPaddresstotheoutsideInternet,it’susefulfor security,andsomemanufacturersmaycallit,somewhatincorrectly,a“firewall.” (Chapters16,27,AppendixA)
NetBEUI
AnoldernetworkingstandarddevelopedbyIBMforLANManagerandadopted foruseinMicrosoftWindows.NetBEUIstandsforNetBIOSExtendedUser Interface.(AppendixA)
network adapter
Thecardorbuilt-inhardwareusedinacomputerorhandhelddevicetoconnect toanetwork,whetherwiredorwireless.(Chapters3,14,AppendixA)
network diagram
Aroughpictureofaproposedorexistingnetwork.Networkdiagramsareextremely usefulforplanningnewnetworksandfortroubleshootingproblemswithexisting networks.
network interfacecard
CommonlyabbreviatedtoNIC.Seenetworkadapter.
networkname
Thenameyougivetoyournetwork;it’swhatshowsupwhenawirelessclient displaysavailablenetworks.Manymanufacturersusetheterms“SSID”or“ESSID” inplaceofnetworkname.(Chapters6,15,17)
network segments
Physicallyandlogicallyseparatesectionsofanetwork.Breakinganetworkinto segmentsincreasesbandwidthbyreducingtheamountoftrafficthateachdevice mustlistento.(AppendixA)
network topology
Thespecificlayoutofanetwork.(AppendixA)
497
498
TheWirelessNetworkingStarterKit omnidirectionalantenna
Anantennatypethatradiatesmoreorlessevenlyinallhorizontaldirections. Omnidirectionalantennasaresometimescalled“verticalwhipantennas.”(Chapters 21,34)
opennetwork
Awirelessnetworkthatisbroadcastingitsname.(Chapter3)
packetbursting
Seeframebursting.
packet
Adiscretechunkofdata,beingtransferredonaTCP/IPorotheraddressable network.(AppendixA)
packet-switched network
Anetworkinwhichdataistransferredindiscretechunks,calledpackets.TheInternet isapacket-switchednetwork.Packet-switchednetworksaregenerallyconsidered moreefficientthancircuit-switchednetworkslikethetelephonesystembecause multipleconnectionscanusethesamenetworksimultaneously.(Chapter4)
pairing
TheactofintroducingtwoBluetoothdevicestoeachothersotheycancommunicate. (Chapters4,11)
panelantenna
Anantennatypethatradiatesinonlyaspecificdirection.Panelantennasare commonlyusedforpoint-to-pointsituations.Youmayalsoseethemcalled“patch antennas.”(Chapters21,34)
parabolic antenna
Anantennatypethatradiatesaverynarrowbeaminaspecificdirection.Parabolic antennasofferthehighestgainforlong-rangepoint-to-pointsituations.(Chapter 34)
passiveFTP
AnoptioninFTPinwhichaconnectionstartsfromport21andtheserverreplies usingport21aswell,insteadofahighernumberedport,asitwouldnormally. (AppendixA)
passphrase
Oneormorewordsyoumustentertoauthenticatebothsidesoftheconnection whenpairingBluetoothdevices.Somemanufacturersmayusetheterms“password” or“passkey”instead.Moregenerically,youmayseepassphraseusedinplaceof “password”toindicatethatyoucanentermorethanasingleword.(Chapters11, 30)
pass-through
Seeportmapping.
patchantenna
Seepanelantenna.
patchcable
AnormalEthernetcable,asopposedtoacrossovercable.(AppendixA)
personal certificate
AcertificateyougenerateforusewithSSLthatdoesn’thaveacertificateauthority behindit.Personalcertificates,alsoknownas“self-signedcertificates,”aren’tsecure, butthey’regoodenoughincaseswhereyou’reworkingwithyourownSSL-enabled systems.(Chapter26)
PEAP
Amethodofsecuringan802.1Xsessionwithinanencryptedtunneltoprotect credentialsusedforloggingin.PEAPstandsforProtectedExtensibleAuthentication Protocol.(Chapters6,22)
Glossary
PGP
Atechnologyandsetofprogramsforencryptingdata.PGPstandsforPretty GoodPrivacy.(Chapter26)
PhoneNet
AnadapterthatenabledLocalTalknetworkstooperateoverstandardsilver-satin telephonewiring,ratherthanApple’sproprietaryLocalTalkcables.(AppendixA)
pigtail
Athincablethatconnectsanantennatoawirelessnetworkadapter,usually convertingbetweenplugtypesintheprocess.(Chapters3,21,33,34)
plaintext
Seecleartext.
plenum-rated
AtermuseddescribeEthernetcablethathasslow-burning,fire-resistantcasing thatemitslittlesmoke.Plenum-ratedEthernetcableisusedinoverheadductwork. (AppendixA)
point-tomultipoint
Awirelessnetworkinwhichonepoint(theaccesspoint)servesmultipleother pointsaroundit.Indoorwirelessnetworksareallpoint-to-multipoint,andlongrangewirelessnetworksthatservemultipleclientsusuallyemployeitherasingle omnidirectionalantennaormultiplesectorantennas.(Chapter34)
point-to-point
Along-rangewirelessnetworkbetweentwopoints.Point-to-pointwireless networksusedirectionalantennas.(Chapter34)
POP
ThemostcommonwayofreceivingemailfromamailserverontheInternet.POP defaultstostoringmailonyourcomputer,incontrasttoIMAP,whichstoresmail ontheserver.POPstandsforPostOfficeProtocol.(Chapter31,AppendixA)
portforwarding
Seeportmapping.
portmapping
TheactofmappingaportonanInternet-accessibleNATgatewaytoanotherport onamachineonyourinternalnetwork.Portmappingenablesyoutorunapublic InternetserviceonamachinethatisotherwisehiddenfromtheInternetbyyour NATgateway.Othernamesforportmappinginclude“portforwarding,”“passthrough,”and“punch-through.”(Chapters16,17,26)
port
Eitheraphysicaljackonanetworkdeviceorawayofidentifyingthetypeof databeingsentinanInternetconnection.EveryInternetservicehasitsownport number.(AppendixA)
Powerover Ethernet
Awiringschemethatletsyourunelectricalpowertoanaccesspointorwireless bridgeoverthesameEthernetcablethatconnectsthedevicetoyournetwork. PoweroverEthernetisoftenabbreviatedtoPoE.(Chapters15,34)
PPP
Anetworkprotocolthathandlesdial-upInternetconnections.PPPstandsfor Point-to-PointProtocol.(AppendixA)
PPPoE
AtechnologythatenablesanISPtorequireuserstologintoanalways-onInternet connection,somethingthatwouldn’totherwisebenecessary.PPPoEstandsfor PPPoverEthernet.(Chapters16,17,AppendixA)
499
500
TheWirelessNetworkingStarterKit PPTP
Oneoftwoprotocols(withIPsec)usedforVPNs.PPTPstandsforPoint-to-Point TunnelingProtocol.(Chapter26)
pre-sharedkey
ATKIPpassphraseusedtoprotectyournetworktrafficinWPA.Somemanufacturers usetheterm“pre-sharedsecret”instead.(Chapter22)
pre-shared secret
Seepre-sharedkey.
privatekey
Thekeyyoukeepsecretinpublic-keycryptographysystems.Youuseyourprivate keytodecryptencrypteddatasenttoyoubyotherpeople,whousedyourpublickey toencryptit.Youalsouseyourprivatekeytosignemailmessages;yourrecipients thenuseyourpublickeytoverifyyoursignature.(Chapter26)
promiscuous mode
Astateofawirelessnetworkadapterinwhichitlistenstoallthetrafficonawireless networkratherthanjustthetrafficaddressedtoyourcomputer.(Chapter25)
protocol
Seespecification.
publickey
Thekeyyougiveouttotheworldinpublic-keycryptographysystems.Otherpeople useyourpublickeywhensendingyouencrypteddata,whichyoucanthendecrypt withyourprivatekey.Youalsouseotherpeople’spublickeystoverifytheauthenticity ofmailmessagesthey’vesignedwiththeirprivatekeys.(Chapter26)
pullingwire
Theactofrunningnetworkcablingfromonelocationtoanother.Wirelessnetworks generallyobviatetheneedtopullwire,whichisoneoftheirgreatattractions. HomePlugandHome-PNAcanalsohelpyouavoidpullingwire.(AppendixA)
punch-through
Seeportmapping.
receive sensitivity
Thecapabilityofaradiotransceivertoreceiveweaksignals.Thelowerthereceive sensitivity,themorecapablethetransceiverisofunderstandingweaksignals. (Chapters3,5,34)
relayaccess point
Seeremoteaccesspoint.
relaying
Theactofsendingemailthroughyourmailserverwhenyou’renotconnectedto yourlocalnetwork.Spammerstakeadvantageofmailserversthatallowunrestricted relaying.(Chapter31)
remoteaccess point
OneofanumberofsecondaryaccesspointsinawirelessnetworkthatusesWDSto extenditsrange.Remoteaccesspoints,sometimesalsocalled“relayaccesspoints,” connecttoamasteraccesspoint.(Chapter20)
ringnetwork
Anetworktopologysimilartoabusnetwork,butwiththeendsofthewireconnected toformaring.Ringnetworksareuncommontoday.(AppendixA)
RJ-11
Aplugtypeusedbytelephones.Don’tconfuseitwiththelargerRJ-45plugtype usedinEthernetnetworks.(AppendixA)
Glossary
RJ-45
AplugtypeusedinEthernetnetworks.Don’tconfuseitwiththesmallerRJ-11 plugsusedforphonecables.(AppendixA)
roaming
Theactofseamlesslymovingyourwirelessconnectionfromoneaccesspointto anotherasyouwalkaround.Toenableroamingbetweenaccesspoints,connectthem tothesamewiredEthernetnetwork,givethemthesamenetworkname,andset themtousedifferent,non-overlappingchannels(1,6,and11).(Chapters15,20)
router
Anintelligentnetworkdevicethatgoesonestepbeyondbridgingbyconverting address-basedprotocolsthatdescribehowpacketsmovefromoneplacetoanother. Inpractice,thisgenerallycomesdowntotranslatingbetweenIPaddressesand MACaddressesfordataflowingbetweenyourlocalnetworkandtheInternet. Manypeopleusetheterminterchangeablywith“gateway.”YoumustentertheIP addressofyourrouterwhenconfiguringnetworksettingsmanually.(Appendix A,AppendixB)
scriptkiddies
Wanna-becrackerswhodon’thavethetechnicalskillstobreakintocomputerson theirown,sotheyusecannedcrackingsoftware.(Chapter27)
sectorantenna
Anantennatypethatradiatesinonlyaspecificdirection.Multiplesectorantennas arecommonlyusedinpoint-to-multipointsituations.(Chapter34)
self-signed certificate
Seepersonalcertificate.
signaldiversity
Aprocessbywhichtwosmalldipoleantennasareusedtosendandreceive,combining theirresultsforbettereffect.(Chapter21)
signalloss
Theamountofsignalstrengththat’slostinantennacable,connectors,andfree space.Signallossismeasuredindecibels.(Chapter34)
signalstrength
Thestrengthoftheradiowavesinawirelessnetwork.(Chapters5,34)
silversatin
Awiringtypeinwhichpairsofwiresrunside-by-side.Silversatinisusedfor pluggingintelephones;don’tuseitfornetworking.(AppendixA)
SMTPAUTH
AcommandintheSMTPprotocolthatrequiresidentificationbeforeanSMTP serverwillacceptoutgoingmailfromyou.SMTPAUTHisessentiallyauthenticated SMTP.(Chapters26,31)
SMTP
TheprotocolforsendingemailontheInternet.SMTPstandsforSimpleMail TransferProtocol.(Chapter31,AppendixA)
softwareaccess point
Awireless-enabledcomputerrunningspecialsoftwarethatenablesittoactexactly likeanwirelessaccesspoint.(Chapters12,19)
specification
In the networking world, a formal language used by different devices to communicate.Agreed-uponspecificationsbecomestandards.Specificationis generallyinterchangeablewiththeterm“protocol.”(Chapter2)
501
502
TheWirelessNetworkingStarterKit spectrum
Arangeofelectromagneticfrequencies.(Chapter1)
SSH
AsecuritysystemthatletsyoucreateencryptedtunnelsforanyInternetprotocol viaportforwarding.SSHstandsforSecureShell.(Chapters26,31)
SSID
ServiceSetIdentifier.Seenetworkname.
SSL
AsecurityprotocolthatsecuresInternettransactionsattheprogramlevel.SSL, whichstandsforSecureSocketsLayer,iswidelyusedinWebbrowserstoprotect creditcardtransactions,forinstance.SSLisacomponentinEAP-TLS(Extensible AuthenticationProtocol-TransportLayerSecurity).(Chapter26)
standard
Aspecificationthathasbeenagreed-uponbyenoughpartiesorgivenastampof approvalbyanindustrybody.(Chapter2)
starnetwork
Anetworktopologyinwhichalltrafficgoesthroughacentralhub.Mostwireless networksarestarnetworks.(AppendixA)
stumbler
Asoftwareprogramthatlooksforavailablewirelessnetworksinrangeandreports informationaboutthem.(Chapters15,21,25,28,32)
subnetmask
Anetworksettingthatindicatesthesizeofthenetworkyou’reon.(AppendixB)
supplicant
Theclientroleinan802.1X-authenticatednetwork.(Chapter22)
switch
Aspecifictypeofhubthatisolatesthecommunicationsbetweenanytwocomputers fromtherestofthenetwork,thusincreasingthroughput.Switchesarealsocalled “switchinghubs.”(AppendixA)
TCP/IP
TheprimarycommunicationprotocoloftheInternet.Actuallyapairofcooperating protocols,TCP/IPstandsforTransmissionControlProtocol/InternetProtocol. (Chapter16,AppendixA)
ThickNet
See10Base-5.
ThinNet
See10Base-2.
throughput
Theamountofdatathatcanbetransmittedinagivenamountoftime.Throughput iscommonlymeasuredinbitspersecond.(Althoughthroughputisnotreallya measurementofspeed,mostpeople,includingus,usetheword“speed”when talkingaboutahigh-throughputnetwork.)(AppendixA)
TKIP
Anencryptionkeythat’spartofWPA.TKIPstandsforTemporalKeyIntegrity Protocol.It’snominallyweakerthanthegovernment-gradeAES,butinthereal world,TKIPismorethanstrongenough.(Chapter22)
TLS
TransportLayerSecurity.SeeSSL.
transmitpower
Theamountofpowerusedbyaradiotransceivertosendthesignalout.Transmitpower isgenerallymeasuredinmilliwatts,whichyoucanconverttodBm.(Chapter34)
Glossary
trigger
Aspecialformofportmappinginwhichoutgoingtrafficonaspecificportalerts aNATgatewaytoallowincomingtrafficonotherports.Triggersareusedfor networkgaming.(Chapter16)
twistedpair
Awiringtypeinwhicheachpairofwirestwistsinacertainwaytoreduce electromagneticinterference.10Base-T,100Base-T,andGigabitEthernetalluse twistedpairwires.Comparetwistedpairtosilver-satintelephonewire,inwhichthe pairsdon’ttwist,andwhichthuscannotbeusedfornetworking.(AppendixA)
UltraWideband
Awirelessnetworkingapproachthatbroadcastsmillionsoftinypulsesattrillionthof-secondintervalsusingverylowpoweroverenormousswathsofspectrum.In comparison,traditionalradiosbroadcastcontinuouslyontinybitsofspectrum. UltraWidebandiscommonlyabbreviatedtoUWB.(Chapter5)
unshielded twistedpair
Themostcommontypeoftwistedpairwiring.Unshieldedtwistedpairlacksa shieldtoactasaground.UnshieldedtwistedpairisoftenabbreviatedtoUTP. (AppendixA)
uplinkport
Aspecialportonahuborswitchthathasthetransmitandreceivepinsswitched, soyoucanuseanormalpatchcableinsteadofacrossovercabletoconnectitto otherhubs.Manyhubsnowcomewithportsthatyoucanswitchbetweennormal anduplinkstatus,andotherscanautomaticallysensewhethertheyshouldswitch fromnormaltouplinkstatus,dependingonwhichdeviceisconnectedtothem. (AppendixA)
voice-over-IP
Awayofmakingtelephonecallsoverapacket-switchednetworkliketheInternet. Voice-over-IPrequiresspecialtelephonesandsoftware.Voice-over-IPiscommonly abbreviatedtoVoIP.(Chapters4,18)
VPN
Amethodofcreatinganencryptedtunnelthroughwhichalltrafficpasses,preventing anyonefromsnoopingthroughtransmittedandreceiveddata.VPNstandsfor virtualprivatenetwork.(Chapters10,16,26,31)
warchalking
Theactofmakinghobo-inspiredchalkmarksonwallsorsidewalkstoindicate thepresenceofwirelessnetworks.Warchalkingismoremediahypethanreality. (Chapters25,32)
wardriving
Theactofdrivingaroundwithyourlaptopopen,lookingtoseeifyoucanconnect toopenwirelessnetworksasyoudrive.Changethemodeoftransportationand youget“warwalking,”“warcycling,”and“warflying.”(Chapters25,32)
WDS
Atechnologythatenablesaccesspointstocommunicatewithoneanotherinorderto extendtherangeofawirelessnetwork.WDSisappearingin802.11g-basedaccess points,anditstandsforWirelessDistributionSystem.(Chapters16,17,20,23)
WEP
Anencryptionsystemforpreventingeavesdroppingonwirelessnetworktraffic. WEPstandsforWiredEquivalentPrivacy.WEPiseasilybroken,andisinthe processofbeingreplacedbyWPA.(Chapters6,8,10,14,16,17,23,25)
503
504
TheWirelessNetworkingStarterKit widearea network
Acollectionoflocalareanetworksconnectedbyavarietyofphysicalmeans.The Internetisthelargestandmostwell-knownwideareanetwork.Wideareanetwork isgenerallyabbreviatedtoWAN.(Chapter3,AppendixA)
Wi-Fi
AcertificationmarkmanagedbyatradegroupcalledtheWi-FiAlliance.Wi-Fi certificationencompassesnumerousdifferentstandards,including802.11a,802.11b, 802.11g,WPA,andmore,andequipmentmustpasscompatibilitytestingtoreceive theWi-Fimark(Introduction,Chapter2)
WiMax
Anothernameforthe802.16wirelessnetworkingspecificationusedforlong-haul andbackhaulconnections.(Chapter4)
wirelessaccess point
Seeaccesspoint.
wireless gateway
Asomewhatgenerictermthatweusetodifferentiatebetweenanaccesspointand amore-capabledevicethatcanshareanInternetconnection,serveDHCP,and bridgebetweenwiredandwirelessnetworks.Youmayalsoseetheterm“wireless router,”or“basestation.”(Chapters3,16,17,19,AppendixA)
wirelessISP
AcompanythatprovideswirelessInternetaccess.Thetermisoftenabbreviated toWISP.(Chapters28,29,33)
wireless network adapter
Seenetworkadapter.
wirelessrouter
Seewirelessgateway.
WPA
Amodernencryptionsystemforpreventingeavesdroppingonwirelessnetwork trafficthatsolvestheproblemsthatplaguedWEP.WPAstandsforWi-FiProtected Access.(Chapters6,8,14,16,17,23,25)
XTNDXMIT
AnextensiontoPOPthatletsyousendemailviaPOPinsteadofjustreceivingvia POP.XTNDXMITisn’tparticularlyreliable.(Chapter31)
yagiantenna
Anantennatypethatradiatesinonlyaspecificdirection.Yagiantennasareused onlyinpoint-to-pointsituations.(Chapter34)
zombie
Acomputerthathasbeentakenoverbyamalevolentprogramthatusesittoattack othercomputers.(Chapter27)
Index #
104-bitWEP,298,299 128-bitWEP,299 10Base-2cable,445 10Base-5cable,444 10Base-Tcable,445–446 100Base-Tcable,446,448 1000Base-Tcable,448–449 1xRTT(RadioTransmission Technology),2.5Gnetworks,41 2.4GHzband 802.11bstandard,12 Bluetooth,35–38 Fresnelzone,431 andsolidobjects,5 troubleshootinginterference,274 unlicensedfrequencies,4 WirelessMAN(Wireless MetropolitanAreaNetworking) standards,47 2.5Gcellnetworks,40–41 21stCenturyAirships,55 3Gcellnetworks,39–40 40-bitWEP,298,299 4Gcellnetworks,40 56-bitWEP,299 5GHzband 802.11astandard,14,430 FCCregulations,430 Fresnelzone,431 andsolidobjects,5 unlicensedfrequencies,4 WirelessMAN(Wireless MetropolitanAreaNetworking) standards,47
64-bitWEPstandard,299 802.15.1-2002standard,36 802.3standard,444 802.15standard,36.SeealsoBluetooth 802.15.4standard,36 802.16standard,46–47 802.11standards,historyofwirelessnetworking,9–10 802.16(WiMax),46–47 802.11WirelessNetworks:The DefinitiveGuide,xxi 802.15.3astandard,36,53 802.11astandardandnetworks channels,14 compatibilityamongstandards,10, 15,178–179 costofequipment,15 determiningneedfor,178–179 FCCregulations,430 historyofwirelessnetworking,9, ixx overview,10,13–15 throughput,10,14 Wi-Ficertification,11 wirelessgatewaysupport,178–179 802.11bDriverforOSX (IOXperts),96 802.11bstandardandnetworks AirPorttroubleshootingguide, 156,272 channels,12–13 compatibilityamongstandards,10, 178–179 determiningneedfor,178–179 historyofwirelessnetworking,9, xviii–ixx
LinksysBEFW11S4gateway, 195–201 long-rangeconnections,397 overview,10,12–13 packetoverhead,12 throughput,10,12 Wi-Ficertification,11 wirelessgatewaysupport,178–179 802.11dstandard,44,46 802.11estandard,43,44 802.11fstandard,44 802.11gstandardandnetworks channels,18 compatibilityamongstandards,10, 15,17–18,178–179 determiningneedfor,178–179 frameburstingtechnology,16–17 historyofwirelessnetworking,9, ixx interference,avoidingandtroubleshooting,274 LinksysWRT54Ggateway, 201–204 long-rangeconnections,397 overview,10,15–18 signalreflectionhandling,18 throughput,10,15,16,17 Wi-Ficertification,11 wirelessgatewaysupport,178–179 802.11hstandard,44,46 802.11istandard,44,45,300, 301–302 802.11jstandard,44,46 802.11kstandard,44 802.11lstandard,44 802.11mstandard,44,46 802.11nstandard,44,45
506
TheWirelessNetworkingStarterKit 802.1Xauthentication advancedWindowsconnections, 66–67 availablesoftware,270 overview,267–268 roles,267–268 troubleshootingnetworkconnectivity,162,277 WEPorWPAencryption,269 WindowsMobile2003handhelds, 112 802.1X/EAP,wirelessgateway support,188 900MHzband,4,274
A
AAUItransceivers,454–455 accessaccounts,commercial networks,379 accessliability,288–289.Seealso securityofnetworks accesspoints.Seealsobridges; gateways;hubs asbridges,21,22 bridgingwirelessnetworks(See bridges) clientassociations,20,26 connectingwithwirelessnetworks, 26 gateways(Seewirelessgateways) asgateways,22 inter-accesspointcommunication (802.11fstandard),44 Internetsharing,22 locatingwithstumblerprograms, 303–306,387–388 meshnetworkingcapabilities,51 multipleaccesspoints,175–176 naming,175–176 innetworkdiagrams,169 overview,20 planningwirelessnetworks,174, 175–176 protectingsystems(Seesecurityof computersystems) asrepeaters,22 securityfeatures,22 simultaneoususers,number supported,192
software(Seesoftwareaccess points) SpeedStreamPowerlineWireless AccessPoint,452 SSIDs,175–176,216 troubleshootingblockedreception, 273,275–276 troubleshootingneedforfrequent resets,277,279 troubleshootingnetworkconnectivity,157,276,277,279 troubleshootingsignalstrength, 272–274 troubleshootingWDS,282 troubleshootingwired-to-wireless connections,279 VPNsupport,builtin,188 vs.wirelessgateways,177,178 WEPandWPAencryption support,187 WirelessDistributionSystem,191 wirelessgateways(Seewireless gateways) wirelesshardwareoverview,20 accountaccessinformation accessaccounts,commercial networks,379 BoingoWirelessaccounts,363 securityconsiderations,291 activePDFComposer,154 adhocnetworks Bluetooth,35–38 atconferencehotels,341 creatinginMacOS8.6or9.x, 139–140 creatinginMacOSX,141 creatinginWindowsXP,138–139 infrarednetworks,4–5 IPaddresses,18 overview,17,137–138 softwareaccesspoints,simulating inWindowsXP,241–243 troubleshootingInternetconnections,280–281 troubleshootinglong-range connections,405 adapters.Seenetworkadapters; wirelessnetworkadapters AddressResolutionProtocol (ARP),455–456 addresses IP(SeeIPaddresses)
MAC(SeeMACaddresses) Websites(SeeURLs) advancedconnections,configuring PalmOSconnections,106–108 WindowsMobile2003connections,112–114 WindowsXPconnections,66–67 AdvancedTechnologiesGroup,55 AegisServer,270 Aerosol,303 AeroVironment,54 AES(AdvancedEncryption System),45 aggregators.Seealsoresellers; WISPs airportwirelessaccess,350–351 AT&TWireless,349,370 BoingoWireless,322,343, 346–348,352,358–363 GRICCommunications,349,368 hotspotnetworks,41–42 hotspotservices,creating,347 iPass,348,363–368 OSS(operationssupportsystems), 347 overview,346 VerizonWireless,349,370 wirelessISPs,342–346 AirBoard,Sony,231–232 airbornewirelessbroadband, 54–56 AirCard555,375–377 AirpanelSmartDisplays,ViewSonic,232 Airpathhotspotnetworks,41 AirpathWireless,344 airplanes airbornewirelessbroadband,54–56 in-airwirelessaccess,337,354–355 AirPort.Seealso802.11bstandard andnetworks adhocnetworks,139–140,141 AirPortBaseStation(SeeAirPort BaseStation) AirPortExtremeBaseStation(See AirPortExtremeBaseStation) AirPorttroubleshootingguide, 156,272 AirPortWeblog,xx built-inantennas,30 connectingtoBaseStations withoutAirPortcards,215
connectingtonetworks,89–91, 93–94 historyofwirelessnetworking,9 intermediateAirPortconnections, 91–96 manualnetworkconfiguration, 475–478 networkoptions,94–95 OS8.6or9.xconfiguration,89–90, 92–94 OSX10.3configuration,96 OSXconfiguration,90–91,94–96 preferredadaptersforMacintosh systems,28–29 preferredadapters(table),24 proprietaryinternalconnectors,27 simpleAirPortconnections,89–90 SoftwareBaseStation,configuring, 238–240 troubleshootingguide,156,272 WEPandWPAkeys,entering, 91–96 AirPortAdminUtility,204–215, 282 AirPortBaseStation addingexternalantenna,34,256 AirPortAdminUtility,204–215, 282 AirPorttroubleshootingguide, 156,272 connectingtoBaseStations withoutAirPortcards,215 troubleshootingneedforfrequent resets,277 AirPortExtreme built-inantennas,30 preferredadaptersforMacintosh systems,28–29 preferredadapters(table),24 printersharing,154 proprietaryinternalconnectors,27 AirPortExtremeAdminUtilityfor Windows,204 AirPortExtremeBaseStation addingexternalantenna,34 AirPortExtremeAdminUtilityfor Windows,204 AmericaOnlineconnections, sharing,192–193,214 connectingtoBaseStations withoutAirPortcards,215 DHCPservice,213,214
Index Java-basedconfigurationprogram, 204 securenetworksetup,208–209 simplenetworksetup,205–208 USBprintersharing,225 WEPencryptionsettings,208–209 AirPorttroubleshootingguide, 156,272 AirPortWeblog,xx airports,wirelessnetworksin DenverAirport,349 LaptopLanes,351 overview,350–351 SanFranciscoInternational Airport,337 AirSnortutility,308 allowablepoweroutput/gain combinations,428–429 AlohaNetworks,56 AmericaOnline(AOL),192–193, 214 amplifiers,407,418–419 Amsterdam,Wi-Fiaccessin,351 AngelTechnologies,54 Anonymizer.com,317 antennajacks,34,179–180,256 antennas addingtoAirPortBaseStations, 34,256 forAirPortandAirPortExtreme cards,30 allowablepoweroutput/gain combinations,428–429 amplifiersvs.antennas,407 antennacable,415,416–417, 421–422 antennajacksinwirelessgateways, 34,179–180,256 builtintowirelessnetwork adapters,257 cableconnectors,417 cablelength,260,431–432 compatibilitywithnetworking hardware,33,34,179,256–257 connectingtonetworkingdevices, 33–34 dipoleantennas,259–260,413 distancebetween,effectonsignal strength,423–424 enhancingsignalswithinbuildings, 33 extendingexistingnetworks,403
FCCregulations,33,179,256–257 gain(Seegainofantennas) gain,calculating(Seegain,calculating) healthconcerns,electromagnetic radiation,408 home-builtantennas,414 indoorantennas,overview, 255–256 indoorinstallationtips,260 installing,430–434 legalandillegalantennas,428–430 lightningsuppressors,410,419 line-of-sightconsiderations, 430–431 locationandweatherconsiderations,423,425,433 long-rangeantennas,400,403, 408–414 long-rangewirelessconnections,33 forMiniPCIcards,30 minimizingcablelength,431–432 mounting,410 omnidirectionalantennas,258,410 overview,32 panelantennas,258–259,411–412 parabolicantennas,409,412 patchantennas,258–259,411–412 pigtails,415–416 “Pringlescan”antennas,414 radiationpatterns,409 ruggedizedenclosures,434 sectorantennas,411 signallossinantennacable,416, 421–422,431–432 inTitaniumPowerBookG4,163 troubleshootingsignalstrength, 162–163 vendors,locating,407 wirelesshardwareoverview,20 yagiantennas,412 Antheil,George,7 anti-virussoftware,327–328 AOL(AmericaOnline),192–193, 214 APOP(AuthenticatedPOP), 310–311 AppleAirPortWeblog,xx AppleAttachmentUnitInterface (AAUI)transceivers,454–455 AppleStores,Wi-Fiaccess,340
507
508
TheWirelessNetworkingStarterKit AppleSystemProfiler,487 AppleWirelessMousesetup, 132–135 AppleTalk,184 APs.Seeaccesspoints ApSniff,303 ARP(AddressResolution Protocol),455–456 AsantéFR1004ALgateway,225 AsantéTalkEthernettoLocalTalk Bridge,450 Asia,40,42 Atheroschipsanddrivers,101 AT&TWireless 2.5Gnetworkplans,41 cellulardatanetworkplans,40,372 hotspotnetworks,42 Wi-Fiaggregatorservices,349 wirelessnetworks,349,370 attacks.Seealsosecurityof computersystems anti-virussoftware,327–328 denialofservice(DoS)attacks, 293,327 firewalls,328–331 generalsecurity(Seesecurity) likelihoodofattacks,286–287 NAT(NetworkAddressTranslation),330–331 systemvulnerabilities,326–327 typesofattacks,325–327 viruses,293,326–327 worms,293,326 zombies,293,326 Australiantokenringnetwork,443 AuthenticatedPOP(APOP), 310–311 AuthenticatedSMTP,311, 381–382 authenticationandauthentication protocols.Seealsoencryption andencryptionkeys 802.11istandard,45 802.1Xauthentication(See802.1X authentication) accesspoints,securityfeatures,22 advancedauthenticationmethods, 80 AuthenticatedPOP(APOP), 310–311 networkauthenticationinwireless gateways,188
SMTPAUTH,311,381–382 WEP(SeeWEPauthentication andencryption) WPA(SeeWPAauthentication andencryption) authorsofthisbook,credentials, xxi Axis,224,225
B
backhaulcommunication,46–47 backingupdata network-basedbackups,439–440 traveltips,384 backwardcompatibility,802.11g standard,17–18.Seealsocompatibilityamongstandards bandwidth,andhubtypes,457–458 Barnes&Noble,354 BaseStation.SeeAirPortBase Station basestations.Seeaccesspoints; AirPortBaseStation Bauman,Neil,338 BayAreaWirelessUsersGroup, 427 BeefStewcanantennas,414 BEFW11S4gateway,195–201 Belkin,28 bidirectionalpairing,138.Seealso pairingBluetoothdevices blimps,airbornewirelessbroadband,54–56 blockedreception,troubleshooting,273,275–276 Bluetooth bidirectionalpairing,116 Bluetoothmouseexample,132–135 devicediscovery(Seediscovering Bluetoothdevices) devicesusingBluetooth,37–38 discoverability(Seediscoverability) fileexchangeexample,130–132 interferencewithotherspecifications,36,37 overview,35–37 pairingoverview,115–117 pairingT68icellphonewith Macintosh,371–373
pairingunderMacOSX,122–125 pairingunderWindowsXP, 117–121 Palmsynchronizationexample, 126–129 passphrases,116,117 printservers,225 printeradapters,224 stumbler,findingBluetooth devices,305 BluetoothSpecialInterestGroup, 37 BNCconnectors,445 BoingoWireless accountinformation,363 clientsoftware,358–363 costofWi-Fiaccess,343 hotelwirelessservices,352 overview,346–348 troubleshootingnetworkconnections,363 VPNfacilities,322,362 bookstoreswithWi-Fiaccess,354 Borders,354 Boston,Wi-Fiaccessin,340 BrickHouse,329 bridges accesspointsas,21,22 dedicatedbridges,21 withmultipleaccesspoints,175 networkconnectionstolong-range wirelessnetworks,403 innetworkdiagrams,171 overview,245–247,459 pairsormultiplesofidentical bridges,254 troubleshootingwired-to-wireless connections,279 usingmultipleWi-Ficards,247 usingWirelessDistributionSystem (WDS),247–252 Wi-Fi–to–Ethernetbridges,247, 252–253 wired/wirelessbridging,21 WirelessDistributionSystem(See WDS(WirelessDistribution System)) wirelesshardwareoverview,20 wireless/wirelessbridging,22 BroadbandWirelessExchange Magazine,398 Broadcom,67–69
BuffaloTechnology,31 buildingantennas,414 BuildingWirelessCommunity Networks,347,414 built-inadaptercards,24 busnetworks,442
C
cables antenna(Seecables,antenna) Ethernet(Seecablesandwiring, Ethernet) network(Seecables,network) cables,antenna antennacable,415,416–417, 421–422 antennacableconnectors,417,421 antennalocationandweather considerations,423,425,433 minimizingantennacablelength, 431–432 pigtails,415–416,422 signallossinantennacable,416, 421–422,431–432 cables,network Ethernet(Seecablesandwiring, Ethernet) hubs,selecting,457 troubleshootingInternetconnections,281 troubleshootingwired-to-wireless connections,279 cablesandwiring,Ethernet 10Base-2cable,445 10Base-5cable,444 10Base-Tcable,445–446 100Base-Tcable,446,448 1000Base-Tcable,448–449 crossovercables,447 FastEthernet,446,448 GigabitEthernetcable,448–449 hubs,selecting,447,457–458 patchcables,447 plenum-ratedcable,446 PoweroverEthernetdevices,175 representinginnetworkdiagrams, 172 ThickNet,444 ThinNet,445 uplinkports,447
Index calculatingantennagain.Seegain, calculating calculators,online free-spacesignallosscalculator, 423 Fresnelzoneandradiolineofsight, 431 gaincalculators,420,425 cameras.Seedigitalcameras CaplioProG3,Ricoh,221 captiveportals,389 CarAreaNetworks,337 CaseWesternReserveUniversity wirelessnetwork,338 CasioXF-800Wi-Ficolortelevision,232 Cat3,Cat5cable,446 CDMAcellulardatanetworks, 40–41,375–377 cd3o,231 cellphones.Seealsocellulardata networks Bluetoothphones,37,38 3Gphones,39–40 SonyEricssonT68icellphone, 371–375 cellulardatanetworks 2.5Gnetworks,40–41 3Gnetworks,39–40 4Gnetworks,40 CDMAnetworks,40–41,375–377 circuit-switchedvs.packetswitchednetworks,39 costcomparisons,372 GPRSnetworks,371–375 GSMnetworks,371–375 hotspotnetworks,41–42 limitationsof,38–39 throughput,38–39,371,376–377 Wi-Fiaccessonhighways,337 Centrinolaptops,ConfigFree software,81–87 certificatesandcertificateauthorities,320 certificationprocess,Wi-Fi Alliance,11 channels 802.11astandard,14 802.11bstandard,12–13 802.11gstandard,18 directsequencespreadspectrum (DSSS),6,7
legalusageindifferentcountries, 13,176 formultipleaccesspointnetworks, 176 Cheshire,Stuart,464–465 chipsetsinadapters Atheroschipsanddrivers,101 driversforotherchips,102 Intersilchipsanddrivers,100 Linux-WLANproject,102 Orinocochipsanddrivers, 100–101 Cingular 2.5Gnetworkplans,41 cellulardatanetworkplans,40,372 hotspotnetworks,42 circuit-switchednetworks,39 CiscoSystems,25,234 clientassociations,20–21,26 clientsoftware configuring(Seeconfiguring connectionstowireless networks) troubleshootingconnectivity, 156–162 climate,effectonsignalstrength, 423,425 cloningMACaddresses,190,456 closednetworks connectingtowirelessnetworks,26 connectingusingAirPort,94 connectingusingLinksysclient,74 falsesecurityof,296 findingwithstumblerprograms, 304,305 CodeDivisionMultipleAccess (CDMA)networks,40–41, 375–377 colleges,wirelessnetworksat,163, 338–339 collisions,data,441 colortelevision,Wi-Fi-enabled, 232 CometaNetworks,344 commercialwirelessnetworks accessaccounts,379 aggregators,346 AirpathWireless,344 inairports,350–351 AT&TWireless,349,370 Barnes&Noble,354
509
510
TheWirelessNetworkingStarterKit BoingoWireless,322,343, 346–348,352,358–363 Borders,354 captiveportals,389 CometaNetworks,344 ConnexionbyBoeing,337,355 costofWi-Fiaccess,343 FatPort,344 GRICCommunications,349,368 hotspotdirectories,339 hotspotservices,creating,347 inhotels,351–352 in-airwirelessaccess,354–355 iPass,348,363–368 Kinko’s,354 LaptopLanes,351 McDonalds,353 NetNearU,344 overview,341–342 ProntoNetworks,344 inretailchains,352–354 roamingaggregators,346 Schlotzsky’sDeli,353–354 SprintPCS,349,368 Starbucks,352–353 STSN,345 SurfandSip,345 T-MobileHotSpot,343,345,370 TenzingCommunications,355 troubleshootingroamingnetwork access,163 Wayport,345 wirelessISPs,342–346 communitywirelessnetworks, 336,339 CompactFlashcardnetwork adapters,24,30 compatibility antennasandnetworkinghardware,33,34,179,256–257 filesharingacrossplatforms,143, 144,146,149,150 networkingstandards(Seecompatibilityamongstandards) printersharingacrossplatforms, 154 compatibilityamongstandards 802.11astandard,15,178–179 802.11bstandard,178–179 802.11dstandard,46
802.11gstandard,15,17–18, 178–179 802.11hstandard,46 802.11jstandard,46 Wi-Ficertification,10 computerintrusionliability,288, 292–293.Seealsosecurityof computersystems computerprofiles,486–487 computer-to-computer networking.Seeadhocnetworks computers attackson(Seeattacks) innetworkdiagrams,169 planningwirelessnetworks,168 protecting(Seesecurityof computersystems) concretewalls,troubleshooting blockedreception,275–276 conferences,wirelessnetworksat, 341 ConfigFreesoftware,82–87 configurationinterfaces,wireless gateways,181–182 configuringconnectionstowireless networks.Seealsoconfiguring wirelessnetworks;connecting towirelessnetworks 802.1Xauthentication,66–67,112 AirPortclientconfiguration,89–96 BoingoWirelessclientconfiguration,359–361 Broadcomclientconfiguration, 67–69 Centrinolaptops,81–87 ConfigFreeconnectionmanagementsoftware,81–87 FreeBSDsystems,99–102 hardwareinstallation,59–60 iPassclientconfiguration,363–368 Linksysclientconfiguration,69–76 Linuxsystems,99–102 Macintoshsystems,89–97 networksetupwhiletraveling,388 Orinococlientconfiguration, 76–78 otherclients,clientconfiguration, 78–80,96–97 PalmOShandhelds,104–108 problemsolving(Seetroubleshooting)
troubleshooting(Seetroubleshooting) troubleshootingnetworkconnectivity,156–162 Unix-likesystems,99–102 WindowsMobile2003handhelds, 108–114 WindowsXPsystems,60–67 configuringwirelessnetworks.See alsospecificnetworkcomponents components,determiningneed for,173 multipleaccesspoints,175–176 networkdiagrams,167–173 planningnetworks,167–169 stepsinnetworkconfiguration, 174–175 connectingtowirelessnetworks. Seealsoconfiguringconnections towirelessnetworks;configuringwirelessnetworks aggregators,346–349 airportwirelessnetworks,350–351 captiveportals,389 cellulardatanetworks,371–377 clientassociationsteps,26 closednetworks,26 collegenetworks,338–339 commercialnetworks,341–355 communitynetworks,336 configuringconnections(See configuringconnectionsto wirelessnetworks) coolestWi-Filocations,337 failures(Seetroubleshooting) findingnetworkswhiletraveling, 387–389 freewirelessnetworks,336–341 hotspotdirectories,339 hotelwirelessaccess,351–352 in-airwirelessaccess,354–355 libraries,336,338 loginaccesswhiletraveling,389 long-rangewirelessnetworks, 400–401 networksetupwhiletraveling,388 opennetworks,26 problemsolving(Seetroubleshooting) retailchains,352–354 roamingaggregators,346–349
traveltips,389–391 troubleshooting(Seetroubleshooting) universitynetworks,338–339 wirelessISPs(WISPs),342–346, 398–399 connections,Internet,sharing.See Internetconnections,sharing connectivity,troubleshooting, 156–162,276–277,278 ConnectivityDoctor,85–87 connectors forantennacable,417,421 antennalocationandweather considerations,423,425,433 FCCregulations,416 pigtails,415–416 signallossfrom,417,421 ConnexionbyBoeing,337,355 constructionmaterialsandsignal strength,5 consumerelectronics,wireless.See gadgets,wireless contentencryption.Seealsoencryptionandencryptionkeys public-keycryptographyoverview, 312–313 sharingkeys,314–315 usingPGP,315 coolestWi-Filocations,337 copyingfiles,319 copyrightedmusicdownloads,289 cordlessphones,networkinterference,274 costconsiderations 1000Base-TEthernet,448 802.11aequipment,15 cellulardatanetworks,38–39,372 commercialWi-Fiaccess,343 hotelWi-Fiaccess,351 McDonaldsWi-Fiaccess,353 wirelessaccesswhiletraveling,390 wirelessgateways,193 CreativeTechnology,231 credentialsofauthors,xxi CrossingPlatforms:AMacintosh/ WindowsPhrasebook,xxi crossovercables,447 cryptography,public-key.See public-keycryptography customsettings,troubleshooting networkdevices,280
Index
D
D-Link,185,221–222,225 daisychains(busnetworks),442 DanaStreetRoastingCompany, 340 DantzDevelopment,329,439 data backingup(Seebackingupdata) collisions,441 security(Seesecurityofdata) throughput(Seethroughput) datatransmissionmethods,6–7 Dave,143,146,192,226 Dayton,Sky,346 dB,dBi,dBmratings,signal strength,408–409 dBmtowattsconversionchart, 409,428 deactivatingPCcards,157 decibelratingsofantennas dB,dBi,dBmratings,signal strength,408–409 dBmtowattsconversionchart, 409,428 defaultsettings,troubleshooting networkdevices,280 demilitarizedzones,186 denialofserviceattacks.SeeDoS attacks desktopPCs,preferrednetwork adapters,24,26–27 devicediscovery.Seediscoverability;discoveringBluetooth devices devices,pairing.SeepairingBluetoothdevices DHCP leasetimes,183,214 onmultipleaccesspoints,176 multipleIPaddresses,213 networksetupwhiletraveling,388 overview,462 singleIPaddresses,213 troubleshootingInternetconnections,280 inwirelessgateways,182–183 DHCPclient,189 DHCPClientIDs,189 diagrams.Seenetworkdiagrams
dial-upconnections backupconnections,406 modemsinwirelessgateways,181 softwareaccesspointsand,238 digitalcameras CompactFlashnetworkadapters, 30 stillcameras,220–221 usesforwirelesstechnology, 219–220 videocameras,221–223 DigitalMediaReceiver,HewlettPackard,230–231 dipoleantennas,259–260,260,413 directsequencespreadspectrum (DSSS),6,7 directories communitynetworkdirectory,336 hotspotdirectories,336,339 WISPdirectories,398 Direcway,56,399 discoverability.SeealsoBluetooth overview,37,116 underMacOSX,122 underWindowsXP,118 discoveringBluetoothdevices.See alsoBluetooth overview,37,116 passphrases,116,117 underMacOSX,122–125 underPalmOS,126 underWindowsXP,119–121 distancebetweenantennas,signal strengthand,423–424 DMZs,186 DNS dynamicDNSinwirelessgateways, 184–185 overview,465–467 domainnamesystem.SeeDNS DoSattacks.Seealsoattacks;securityofcomputersystems firewalls,328–331 NAT(NetworkAddressTranslation),330–331 systemsecurityconsiderations, 293,327 Dr.Bott,34 drivers Atheroschipsanddrivers,101
511
512
TheWirelessNetworkingStarterKit Hewlett-PackardWi-Fidrivers, 99,100 Intersilchipsanddrivers,100 opensourcedriverforMacOS X,29 opensourcedriversforotherchip sets,102 Orinocochipsanddrivers, 100–101 ThomasMcQuitty’smodifications, 28–29 forUnix/Linux/BSDsystems, 99–102 USBadaptersforMacintosh systems,28 Windowsnetworkadapters, installing,60 DSSS(DS)(directsequencespread spectrum),6,7 dstumbler,305 DVDs,backingupdata,384 dynamicaddressing,troubleshootingInternetconnections, 280 dynamicDNS LinksysWRT54Ggatewaysetup, 204 overview,467 inwirelessgateways,184–185 DynamicHostConfiguration Protocol.SeeDHCP
E
EDGE(EnhancedDataGSM Environment),2.5Gnetworks, 41 electricalpowerforaccesspoints, 175,238 electricalpowerlines,451–452 electromagneticradiation,health concerns,408 electromagneticshields,5 electromagneticspectrum,4–5,5, 430–431 ElectronicFrontierFoundation,7 email APOP(AuthenticatedPOP), 310–311 AuthenticatedSMTP,311, 381–382
complicationswhentraveling, 380–382 contentencryption,311–315 genericWebmail,381 ISPWebmail,380–381 passwordencryption,310–311,467 POPaccount,checkingthen sendingmail,381 public-keycryptography,312–315 relaying,380 sendingovervirtualprivate networks,382 SMTPAUTH,311,381–382 SSHtunneling,382 SSLsupportinemailprograms, 381 tipsforworkingwhiletraveling, 380–382,390 userauthenticationforoutgoing messages,311,381 viruses,spreading,326 Webmail,380–381 XTNDXMIT(extendedtransmit) option,382 encapsulation,463 enclosures,ruggedized,434 encryptedpipes.Seetunnels encryptionandencryptionkeys 802.11istandard,45 accesspoints,securityfeatures,22 APOP(AuthenticatedPOP), 310–311 contentencryption,311–315 emailpasswordencryption, 310–311,467 encrypteddata,typical,290 end-to-end(Seeend-to-end encryption) extractingpasswordsusingettercap utility,308 extractingWEPkeys,308 fingerprints,314,316 non-encrypteddata,typical, 289–290 passwordguidelines,291 pre-sharedsecrets,263,301 public-keycryptography,312–315 sharedsecrets,298,299 SSH(SecureShell),315–319 SSL(SecureSocketsLayer), 319–322
TKIP(TemporalKeyIntegrity Protocol),262–263,301 VPNs(SeeVPNs(virtualprivate networks)) WEP(SeeWEPauthentication andencryption) inwirelessgateways,187 WPA(SeeWPAauthentication andencryption) end-to-endencryption emailpasswordencryption, 310–311 public-keycryptography,312–315 SSH(SecureShell),315–319 SSL(SecureSocketsLayer), 319–322 VPNs(SeeVPNs(virtualprivate networks)) EnforaWirelessLANPortfolio,31 EnGeniuscard,25,162 Engst,Adam,xxi Engst,Tonya,336,338 EnhancedDataGSMEnvironment(EDGE),2.5Gnetworks, 41 EpsonBluetoothPrintAdapter, 224 EricssonT68icellphone,371–375 errormessages,troubleshooting, 480 ESSIDs,175–176 EtherFastgateway,195–201 Ethernet Ethernetprotocol,463 Ethernetstandard,444 Metcalfe,Bob,444 Ethernetadapters LinksysWET11,32 LinksysWET54G,252–253 makingprinterswireless,224 networkadaptersforMacintosh systems,28 overview,24,31–32 Wi-Fi–to–Ethernetbridges,247, 252–253 Ethernetcablesandwiring 10Base-2cable,445 10Base-5cable,444 10Base-Tcable,445–446 100Base-Tcable,446,448 1000Base-Tcable,448–449 crossovercables,447
FastEthernet,446,448 GigabitEthernetcable,448–449 hubs,selecting,447,457–458 patchcables,447 plenum-ratedcable,446 PoweroverEthernetdevices,175 representinginnetworkdiagrams, 172 ThickNet,444 ThinNet,445 uplinkports,447 Ethernetnetworks.Seealso networks connectingtoLocalTalknetworks, 449–450 MACaddresses,455–456 wired/wirelessbridging,21 Ethernetports,180,185–186.See alsonetworkadapters Ethernetprotocol,463 Ethernetstandard,444 EtherPEG,306 ettercaputility,308 EudoraforWindowsandMacintosh: VisualQuickStartGuide,xxi Europe,42,46 exchangingfiles.Seefilesharing expansioncards,24,25,26–27,454 experthelp.Seealsotroubleshooting;troubleshooting process communicatingwithexperts, 487–488 companytechnicalsupport, 485–486 expertfriends,484–485 Internetforums,486 locating,483–486 reportingproblems,486–488 ExtendedSSIDs(ESSIDs), 175–176 extendedtransmit(XTNDXMIT) option,382 extendingnetworkstoremote locations.Seealsolong-range wirelessnetworks determiningantennalocations, 402–404 existingnetworks,401–404 high-speedInternetaccess, 396–401 overview,395–396,401–402
Index testingantennalocations,403 troubleshootinglong-range networks,404–406 two-hopnetworks,404 externalantennas.Seeantennas extractingpasswordsandkeys,308 EZGoalHotspots,339
F
F-Secure,317 failures.Seetroubleshooting Faradaycages,5 FastEthernetcable,446,448 FatPort,344 FCCregulations 2.4GHznetworks,431 5GHznetworks,431 antennasandantennajacks,33, 179,256–257 licensedvs.unlicensedspectrum,4 long-rangewirelessnetworks, 427–429 Part15Regulations,427 pigtailsandconnectors,34,179, 416 FHPWireless,51 FHSS(FH)(frequencyhopping spreadspectrum),6–7,36 fileexchangesoftware,383 fileservers,228–229,383,438 filesharing.Seealsofiletransfer accessingsharedfiles,145–146, 149–150,151–153 Bluetoothfileexchange,130–132 filesharingacrossplatforms,143, 144,146,149,150 IPfileservers,remoteaccess,383 Linux/Unixsystems,143,144 overview,143,144,438 sharingfiles,144–145,146–148, 150–151 sharingprinters,153–154 Wi-Fifileservers,228–229 filetransfer,17,36,130–132.See alsofilesharing;FTP files copyingwithSCP(SecureCopy), 319 encryptingusingpublic-keycryptography,311–315
ensuringaccesstowhentraveling, 382–384 fileservers,228–229,383,438 filetransfer,17,36,130–132 onlinestorage,383 sharing(Seefilesharing) filters.Seefirewalls filters,obscuringlaptopscreens, 391 findingtechnicalsupport,483– 486.Seealsotroubleshooting; troubleshootingprocess findingwirelessISPs,398 findingwirelessnetworks aggregators,346–349 airportwirelessnetworks,350–351 BoingoWirelesslocations,362 collegewirelessnetworks,338–339 commercialnetworks,341–355 communitynetworks,336 atconferences,341 coolestWi-Filocations,337 freecommerciallocations,339–341 freenetworks,336–341 Google,340 hotspotdirectories,339 inhotels,351–352 in-airwirelessInternetaccess, 354–355 iPasslocations,366 LaptopLanes,351 libraries,336,338 retailchains,352–354 roamingaggregators,346–349 stumblerprograms,303–306, 387–388 universitynetworks,338–339 warchalking,307,388 Wi-Fidetectors,227–228,388 wirelessISPs(WISPs),342–346, 398–399 fingerprints,314,316 firewalls IPaddressesandpingtests,278 MacOSXfirewall,330 NAT(NetworkAddressTranslation),330–331 overview,328–329 personalfirewallsoftware,329 portforwarding,186 portsand,466
513
514
TheWirelessNetworkingStarterKit troubleshootingInternetconnections,281 WindowsXPfirewall,330 inwirelessgateways,185–186 firmware,190,277,281 Fleishman,Glenn author’scredentials,xxi Wi-FiNetworkingNews,300, xx,xxii Flickenger,Rob,175,347,414 folders,sharing.Seefilesharing for-feewirelessnetworks.See commercialwirelessnetworks frameburstingtechnology,16–17, 43 frames,441,463 FreeSecureWideAreaNetwork, 265 free-spacesignalloss,422–424 freewirelessnetworks collegenetworks,338–339 communitynetworks,336 conferences,341 coolestWi-Filocations,337 freecommerciallocations,339–341 hotspotdirectories,339 hotspotservices,creating,347 libraries,336,338 tradeshows,341 troubleshootingroamingnetwork access,163 universitynetworks,338–339 FreeWorldDialup,234 FreeBSDsystems,99–100 FreeS/WAN,265 frequencyhoppingspreadspectrum(FHSS),6–7,36 Fresnelzone,431 friends,expert,484–485.Seealso experthelp;troubleshooting process “frottle,”443 FSV-PGX1fileserver,Sony,229 FTP.Seealsofiletransfer overview,467–468 passwordencryption,467 remotefileaccess,383 SecureFTP,317,320,322 FujiPhotoFilmWi-Fi-enabled camera,221 futuretrends
airbornewirelessbroadband,54–56 meshnetworks,49–51,444 satellite-basedwirelessnetworking, 56 ultrawideband,52–54
G
G3PowerBooks,24,29 G4PowerBooks,29 gadgets,wireless cameras,219–223 fileservers,228–229 gameconsoleWi-Fiadapters, 233–235 LCDprojectors,232–233 monitors,232 musicplayers,229–231 photoplayers,230–231 printservers,224–226 printeradapters,224 printers,226 stillcameras,220–221 televisiontransmitters,231–232 videocameras,221–223 Wi-Fidetectors,227–228,388 Wi-Fiphones,233–235 gain,calculating.Seealsogainof antennas allowablepoweroutput/gain combinations,428–429 antennagain,422 finalcalculations,425–426 free-spacesignalloss,422–424 onlinegaincalculators,420,425 receivesensitivity,424–425 signallossinantennacable,416, 421–422 spreadsheetcalculations,426–427 transmitpower,420–421 gainofantennas allowablepoweroutput/gain combinations,428–429 calculating(Seegain,calculating) decibelrating,408–409 dipoleantennas,260,413 omnidirectionalantennas,258,410 overview,422 panelantennas,259,411 parabolicantennas,412 patchantennas,411
sectorantennas,411 yagiantennas,412 Gast,Matthew,xxi gatewayaddresses,471,472 gateways.Seealsowirelessgateways accesspointsasgateways,22 innetworkdiagrams,169 overview,461 softwareaccesspoints(Seesoftwareaccesspoints) troubleshootingInternetconnections,281 GeneralPacketRadioService (GPRS),2.5Gnetworks,41 GigabitEthernetcable,448–449 Gimp-Print,192 Gladwell,Malcolm,438 GlobalSystemforMobile Communications(GSM),2.5G networks,40–41 GlooLabs,230 GlubTech,322 Go-VideoNetworkedDVDplayer, 231 Google,340 GPG(GNUPrivacyGuard),312 GPRScellulardatanetworks, 371–375 GPRS(GeneralPacketRadio Service),2.5Gnetworks,41 GrandstreamNetworks,234 graphics,extractingfromnetwork traffic,306 GRICCommunications,349,368 GSMcellulardatanetworks, 371–375 GSM(GlobalSystemforMobile Communications),2.5G networks,40–41
H
hacking,preventing.Seesecurity ofcomputersystems;securityof data;securityofnetworks haltingPCcards,157 hardware accesspoints(Seeaccesspoints) antennas(Seeantennas) bridges(Seebridges) gateways(Seegateways)
hubs(Seehubs) networkadapters(Seenetwork adapters) routers,460 switches,180–181 switchinghubs,458 Wi-Ficertification,10,11 wirelesshardwareoverview,19,20 hardwareabstractionlayerfor Atheroschips,101 headers,306,436 healthconcerns,electromagnetic radiation,408 HeathrowAirport,Wi-Fiaccess in,351 Heliosairplane,airbornewireless broadband,54–55 help.Seetroubleshooting HerkimerCoffee,340 Hewlett-Packard,99,100, 230–231 hexadecimalWEPkeys,298 high-altitudeplanes,airborne wirelessbroadband,54–56 highways,Wi-Fiaccess,337 historyofwirelessnetworking, 9–10,xviii–ixx home-builtantennas,414 HomePhonelineNetworkingAlliance.SeeHomePNAnetworks HomePlugbridges,innetwork diagrams,172,173 HomePlugnetworks comparedtoHomePNAnetworks, 451,452 networksecurity,452 overview,451–452 troubleshootingblockedreception, 276 HomePlugPowerlineAlliance.See HomePlugnetworks HomePNAnetworks comparedtoHomePlugnetworks, 451,452 overview,450–451 troubleshootingblockedreception, 276 HomePod,230 HornWare,151 hostnames,mappingIPaddresses to,184–185 hotspotnetworks,41–42
Index HotSpotOperators(HSOs).See WISPs hotspots.SeealsoWISPs hotspotdirectories,339 hotspotnetworks,41–42 hotspotservices,creating,347 troubleshootingroamingnetwork access,163 hotels,wirelessnetworksin, 351–352 HotSpotList.com,339 HotSyncingdatausingBluetooth, 126–129 houses inaccessibleroomsandsignal strength,168,169 overlayingnetworkdiagrams,169, 174 howtotroubleshoot.Seetroubleshootingprocess HSOs(HotSpotOperators).See WISPs HTTP,468 hubs.Seealsoaccesspoints intelligenthubs,458 innetworkdiagrams,169 overview,457 passivehubs,457–458 instarnetworks,440,442 switchinghubs,458 uplinkportsandadjacentports, 447 wirelessgateways,180–181 HughesNetworkSystems,56 HyperLinkTechnologies,34,175, 179,257,418,419
I
IBackup,383 IBM802.11bWirelessPrint Adapter,224 iBooks,24 identifyingproblems,479–480 identities,verifying.Seepublic-key cryptography IEEE,10.Seealsostandards illegalantennas.Seelegalrestrictions,long-rangewireless networks iMacs
preferrednetworkadapters,24,28 third-partyadapters,configuring, 96–97 images,extractingfromnetwork traffic,306 IMAP,467,468 in-airwirelessaccess,337,354–355 incomingnetworktraffic firewalls,185–186 listeningtonetworktraffic, 306–308 portforwarding,186 triggers,186 increasingsignalstrength, 162–163.Seealsosignalstrength infrarednetworks,4–5 initializationvectors,299,301 insolvableproblems,488.Seealso troubleshootingprocess installingantennas.Seealso antennas cablelengthandeaseofaccess, 431–432 Fresnelzone,431 lightningsuppressors,410,419 line-of-sightconsiderations, 430–431 locationandweatherconsiderations,423,425,433 ruggedizedenclosures,434 InstituteofElectricalandElectronicsEngineers.SeeIEEE IntegoNetBarrierX3,329 IntelPro/Wireless2100Network Connectioncard,81 intelligenthubs,458 inter-accesspointcommunication (802.11fstandard),44 Interarchy,278,317 interference in2.4GHzband,5,274 in5GHzband,5 802.11bchannels,13 avoiding,274 Bluetooth,36,37 constructionmaterials,5,275–276 directsequencespreadspectrum (DSSS),6,7 Faradaycages,5 frequencyhoppingspreadspectrum (FHSS),6–7 atinfraredfrequencies,4–5
515
516
TheWirelessNetworkingStarterKit troubleshootingintermittent signals,274 twistedpairwiring,445 intermittentproblems,480 intermittentsignals,troubleshooting,274 internalwirelessadapters.Seealso wirelessnetworkadapters CompactFlashcards,30 MiniPCIcards,27 overview,23,24 PCcards,25,454 PCIcards,26–27 SecureDigitalIO(SDIO)cards, 30–31 Internet connections(SeeInternetconnections) innetworkdiagrams,171–172 sharingconnections(SeeInternet connections,sharing) Internetaccessaccounts,commercialnetworks,379 Internetconnections.Seealso Internetconnectionsusing long-rangewirelessnetworks backhaulcommunication,46–47 Internetaccesswhiletraveling, 387–389 sharing(SeeInternetconnections, sharing) troubleshooting,280–281 troubleshootingroamingnetwork access,163 Internetconnections,sharing accesspointsasgateways,22 AmericaOnlineconnections, 192–193,214 DHCPclients,189 liabilityconsiderations,288–289 MACaddresscloning,190,456 Macintoshsystems,238–240, 240–241 overview,437–438 PPPoE,189–190 security(Seesecurityofnetworks) singlevs.multipleIPaddresses, 213 softwareaccesspoints,237–238 WEPencryptionconsiderations, 241 WindowsXPsystems,241–243
wirelessgatewayfeatures,189–190 Internetconnectionsusinglongrangewirelessnetworks 802.11bvs.802.11g,397 becomingaWISP,399 extendingDSLInternetaccess,397 findingWISPs,398–399 IPaddresses,400–401 overview,396–398 redundantconnections,397–398 satellite-basedInternetaccess,399 sitechecks,400 troubleshooting,404–406 InternetExplorerKitforMacintosh, xxi InternetSecurityforYourMacintosh: AGuidefortheRestofUs,325 InternetStarterKitseries,xxi Intersilchipsanddrivers,100 IOXperts,29,96 IPaddresses.SeealsoMAC addresses acquiringusingDHCP,462 foradhocnetworks,18 AddressResolutionProtocol (ARP),455–456 determining,278 DHCP(SeeDHCP) DNSprotocol,465–467 dynamicDNS,184–185 extractingfromnetworktraffic, 306 firewallsandpingtests,278 Internetconnectionsusinglongrangenetworks,400–401 IPaddressauthentication,297 IPsecVPNsandNAT,323 linkingtoMACaddresses, 182–183,455–456 manualnetworkconfiguration, 471,472,474,476,477 mappingtohostnames,184–185 multipleIPaddresses,192,213 NAT(SeeNAT(NetworkAddress Translation)) networksetupwhiletraveling,388 numberofcomputerssupportedby gateways,192 pingtest,278 restrictingnetworkaccess,297 singleIPaddress,sharing, 183–184,213
staticIPaddresses,401 translatingprivatetopublic addresses(SeeNAT(Network AddressTranslation)) troubleshootingInternetconnections,280 usingsoftwareaccesspoints,238 inWi-Fi–to–Ethernetbridges,253 IPfileservers,383 IPsecurity(IPsec),323.Seealso VPNs iPass connectionsettings,364–365,367 findinglocations,365,366,367 iPassConnect,363–368 Macintoshclientconfiguration, 367 overview,348 Windowsclientconfiguration, 364–366 iPhoto2forMacOSX:VisualQuickStartGuide,xxi IPNetMonitor,278 IPNetRouter,240,460 IPNetSentry,329 IPsec,323.SeealsoVPNs(virtual privatenetworks) IPsec-over-L2TP,323.Seealso VPNs(virtualprivatenetworks) Ipswitch,405 IQinvisionIQeye3Wi-Fivideo camera,223 ISPs built-inVPNclients,322 DHCPClientIDs,189 MACaddresscloning,190 PPPoEtechnology,189–190 sharingInternetconnections(See Internetconnections,sharing) wireless(SeeWISPs) iStumbler,305
J
Japan,42,46 Jiwire,339,xxii Jones,Matt,307
K
KensingtonTechnologyGroup, 391 KensingtonWi-FiFinder,227 keys,encryption.Seeencryption andencryptionkeys keyservers,314 Kinko’s,354 KisMAC,304 Kismet,305
L
Lamarr,Hedy,7.SeealsoThat’s Hedley! LANEthernetports,180,185–186 LaptopLanes,351 laptopPCs ConfigFreesoftware,Centrino laptops,81–87 laptopsecuritywhiletraveling, 390–391 preferrednetworkadapters,24, 25,27 latency,56 LCDprojection,wireless,232–233 LEAP,188 leasetimes,DHCP,183,214 Leffler,Sam,101 legalantennas.Seelegalrestrictions,long-rangewireless networks legalchannelusageindifferent countries,13 legalrestrictions,long-range wirelessnetworks.SeealsoFCC regulations Part15Regulations,427 point-to-multipointnetworks,428 point-to-pointnetworks,428–429 poweroutput/antennagain,allowablecombinations,428–429 legalityofmonitoringtools,303, 308 liabilityconsiderations.Seealso security accessliability,288–289 computerintrusionliability,288, 292–293
Index networktrafficliability,288, 289–292 overview,286 libraries,wirelessnetworksat,336, 338 licensedvs.unlicensedspectrum,4 LightweightExtensibleAuthenticationProtocol(LEAP),188 lightningsuppressors,410,419 line-of-sightissues 2.4GHzband,5 5GHzband,5 antennainstallation,430–431 Fresnelzone,431 infrarednetworks,4 physicsofsolidobjects,5 Linksys BEFW11S4gateway,195–201 clientsoftwareconfiguration, 69–76 CompactFlashnetworkadapters, 30 EtherFastgateway,195–201 printservers,225 WAP11,needforfrequentresets, 277 WET11,28,32,252–253 WET54G,252–253 Wireless-BGameAdapter, 235–236 Wireless-BInternetVideo Camera,222–223 Wireless-BMediaAdapter,230 Wireless-Bsoftware,70–71 Wireless-GGameAdapter, 235–236 Wireless-Gsoftware,71–76 Wireless-GVPNBroadband Router,266–267 WPG-11WirelessPresentation Gateway,233 WPG-12WirelessPresentation Player,233 WRT54Ggateway,201–204 LinuxandLinux-likesystems configurationinterfacesforwireless gateways,181–182 filesharingoverview,143,144 FreeS/WANVPNsoftware,265 Wi-Fidrivers,99–102 Linux-WLANproject,102 LocalTalknetworks,449–450
lockinglaptopstotables,391 LocustWorld,51 London,Wi-Fiaccessin,351 long-distancelinks.Seelong-range wirelessnetworks longhaulcommunication,46–47 long-rangeantennas.Seeantennas long-rangewirelessnetworks airbornewirelessbroadband,54–56 amplifiers,418–419 antennas(Seeantennas) connectingto,400–401 extendingDSLInternetaccess,397 extendingexistingnetworks, 401–404 healthconcerns,electromagnetic radiation,408 Internetconnections,396–401 legalrestrictions,427–429 likelihoodofsnooping,287 redundantconnections,397–398 two-hopnetworks,404 wirelessISPs(SeeWISPs) lossofsignal.Seesignalloss
M
3MNotebookPrivacyFilter,391 .Mac,383 MACaddresses.SeealsoDHCP;IP addresses associatingwithIPaddresses, 455–456 changing,456 cloning,190,456 linkingIPaddresses,182–183 restrictingnetworkaccess,296–297 troubleshootingnetworkconnectivity,161,276 WDSconfiguration,250,282 inWi-Fi–to–Ethernetbridges,253 MacOS8.6 adhocnetworks,139–140 AirPortconfiguration,89–90, 92–94 “MacOSAll”extensionset,158 networksettings,configuring, 475–476 preferrednetworkadapters,28 SoftwareBaseStation,configuring, 238–240
517
518
TheWirelessNetworkingStarterKit “MacOSAll”extensionset,158 MacOS9.x accessingsharedfiles,149–150 adhocnetworks,139–140 AirPortconfiguration,89–90, 92–94 “MacOSAll”extensionset,158 networksettings,configuring, 475–476 pingtest,278 preferrednetworkadapters,28,29 sharingfiles,146–148 sharingprinters,154 SoftwareBaseStation,configuring, 238–240 third-partyclientconfiguration, 96–97 WEPorWPAkeys,entering,92 MacOSX accessingsharedfiles,151–153 adhocnetworks,141 AirPortconfiguration,90–91, 94–96 Bluetoothdevices,pairing, 122–125 Bluetoothfileexchange,131–132 Bluetoothmousesetup,132–135 BluetoothPalmHotSync,128–129 firewall,enabling,330 LinksysBEFW11S4,initial configuration,196 networksettings,configuring, 476–478 pingtest,278 preferrednetworkadapters,28,29 sharingfiles,150–151 sharingprinters,154 WEPorWPAkeys,entering,92 MacOSXServer10.3(Panther) AirPortconfiguration,96 VPNsoftware,built-in,265 Macintoshsystems.Seealsospecific OSversions AirPortconfiguration,89–96 AirPorttroubleshootingguide, 156,272 AmericaOnlineconnections, sharing,192–193,214 AppleSystemProfiler,487 AppleTalkprotocol,464–465 configurationinterfacesforwireless gateways,181–182
connectingtoBaseStations withoutAirPortcards,215 InternetSharing,configuring, 240–241 IPaddresses,determining,278 iPassclientsoftware,367 LocalTalknetworks,449–450 “MacOSAll”extensionset,158 networksettings,configuring, 475–478 pairingwithT68icellphones, 371–373 PCcards,deactivating,157 PhoneNetnetworks,449–450 pingtest,278 preferrednetworkadapters,24,26, 28–29 printserversinwirelessgateways, 192 printersharing,192,225,438–439 sharingInternetconnections, 238–241 stumblerprograms,304–305 third-partyclientconfiguration, 89–96 troubleshooting(Seetroubleshooting) VPNsoftware,built-in,265 vulnerabilitytoattacks,326–327 WEPorWPAkeys,entering,92 macroviruses,328 MacStumbler,160,276,304 MacWireless,28,175 malfunctioningsystem,describing partsof,480–481 MariottInternational,352 MartianTechnology,228–229 masteraccesspoints,WDS,249 MaxumDevelopment,405 McAffee’sVirusScan,328 McDonalds,353 McQuitty,Thomas,28 MediaAccessControladdresses. SeeMACaddresses MeetinghouseAegisServer,270 meshnetworks,49–51,443–444 MeshNetworks,51 messages email(Seeemail) encrypting(Seepublic-keycryptography) Metcalfe,Bob,444
Microsoft,securitypatchesfor Windowssystems,326 MicrosoftVisio,168 microwaveovens,troubleshooting networkinterference,274 MiniPCIcardnetworkadapters, 24,27,30 Ministumbler,305 MobileCommandSystemsNomad printer,226 MobileStar,41 modesettings,clientconfiguration software,80 modems integratingwithwirelessgateways, 181 innetworkdiagrams,171 troubleshootingInternetconnections,281 usingEricssonT68icellphone, 373–375 monitoringtools extractingWEPkeys,308 legalityof,303,308 listeningtonetworktraffic, 306–308 monitoringnetworkservices,405 stumblertools,303–306,387–388 MonitorMagic,405 monitors,wireless,232 MountEverest,Wi-Fiaccess,337 MountainView,CA,Wi-Fiaccess, 340 mountingantennas.Seealso installingantennas durabilityandweatherconsiderations,433–434 lightningsuppressors,410,419 ruggedizedenclosures,434 mouse,Bluetooth,132–135 MP3players,30,229–231 multi-playergaming,186,235–236 multipleaccesspoints,175–176.See alsobridges musicdownloads,289 musicplayers,wireless,229–231 MyDocsOnline,383
N
Nconnectors,417
Nalley’sBigChunkBeefStewcan antennas,414 names accesspointSSIDs,175–176,216 hostnames,mappingIPaddresses to,184–185,465–467 networknamesettings,wireless clients,79 NATgateways,466 NAT(NetworkAddressTranslation) NATgateways,466 overview,462–463 aspassivefirewall,330–331 portforwarding,186 VPNsand,188,323 inwirelessgateways,183–184 Netatalk,144 NetBarrierX3,329 NetBEUI,464 NetDriveWireless,MartianTechnology,228–229 NetGate,25,162 NetNearU,344 Netopia,329 NetStumbler,160,276 Netstumbler,303 networkadapters.Seealsowireless networkadapters configuringnetworksettings, 469–478 overview,453 tipsforworkingwhiletraveling, 390 troubleshooting,156–157,160,162 typesof,454–455 NetworkAddressTranslation. SeeNAT(NetworkAddress Translation) networkauthenticationinwireless gateways,188 network-basedbackups,439–440 networkcables.Seecables,network networkcards.Seealsonetwork adapters;wirelessnetwork adapters tipsforworkingwhiletraveling, 390 networkdevices.Seealsohardware accesspoints(Seeaccesspoints) antennas(Seeantennas) bridges(Seebridges)
Index gateways(Seegateways) hubs(Seehubs) networkadapters(Seenetwork adapters) routers,460 switches,180–181 switchinghubs,458 Wi-Ficertification,10,11 wirelesshardwareoverview,19,20 wirelessnetworkadapters(See wirelessnetworkadapters) networkdiagrams overview,167–168 representingaccesspoints,169 representingbridges,171 representingcomputers,169 representinggateways,169 representingHomePlugbridges, 172,173 representinghubs,169 representingInternet,171–172 representingmodems,171 representingprinters,169,171 representingwiredconnections, 169,172 representingwirelessconnections, 169,172 networkhardware.Seenetwork devices networkinterfacecards.See networkadapters networkmonitoringsoftware,405 networknames,troubleshooting networkconnectivity,161,276 networkprotocols AppleTalk,464–465 DHCP(SeeDHCP) DNS,465–467 Ethernet,463 Ethernetprotocol,444 FTP,467–468 HTTP,468 IMAP,468 NAT(SeeNAT(NetworkAddress Translation)) NetBEUI,464 overview,461–462 passwordencryption,467 POP,468 PPP,462 PPPoE,189–190,462
proprietaryprotocolsupportin wirelessgateways,184 SMTP,468 TCP/IP,463–464 ZEROCONF,464–465 networktopologies busnetworks,442 meshnetworks,443–444 ringnetworks,442–443 starnetworks,440–441 networktrafficsecurity.Seealso securityofdata EtherPEG,306 ettercaputility,308 liabilityconsiderations,288, 289–292 listeningto,306–308 localtrafficprotection,262–263 ntoputility,307 rovingtrafficprotection,263–267 tcpdumputility,306 NetworkedDVDplayer,GoVideo,231 networks collisions,441 connectingdifferentnetwork protocols(Seerouters) connectingdifferentnetworktypes (Seebridges) failures(Seetroubleshooting) frames,441 Internetsharing(SeeInternet connections,sharing) long-rangewireless(Seelongrangewirelessnetworks) networkcommunicationoverview, 441 overview,435–437,441 problemsolving(Seetroubleshooting) protocols(Seenetworkprotocols) railroadanalogy,436–437,453, 459,466 segments,441 throughput,441 topologies,440–444 troubleshooting(Seetroubleshooting) usesfornetworks,437–440 wireless(Seewirelessnetworks) NewArchitectmagazine,297
519
520
TheWirelessNetworkingStarterKit NewYorkCity,wirelessaccessin, 336 NewburyOpen.net,340 NICs.Seenetworkadapters NikonD2HPro,220–221 Nomadprinter,MobileCommand Systems,226 NortonAntiVirus,328 ntoputility,307 NYCwireless,336
O
O2Connect,340 officebuildingnetworks,likelihoodofsnooping,287 Oh,Michael,340 omnidirectionalantennas,258, 409,410,428 OmniGraffle,168 ontheroad.Seetraveling one-timeconnections.Seeadhoc networks one-waypairing.SeepairingBluetoothdevices onlinecalculators free-spacesignallosscalculator, 423 Fresnelzoneandradiolineofsight, 431 gaincalculators,420,425 onlinefilestorage,383 onlineinformation.SeeURLs OpenDirectoryProject,398 opennetworks connectingtowirelessnetworks,26 liabilityconsiderations,288–289 stumblerprograms,303–306, 387–388 opensourcesoftwareanddrivers, 29,102,312 operationssupportsystems(OSS), 347 Oppenheimer,Alan,325 Orinoco,76–78,100–101 OS8.6.SeeMacOS8.6 OSX.SeeMacOSX OS9.x.SeeMacOS9.x OSXServer10.3(Panther).See MacOSXServer10.3(Panther)
OSS(operationssupportsystems), 347 overhead.Seepacketoverhead
P
packetbursting(framebursting) technology,16–17,43 packetheaders,306 packetoverhead,12,16–17 packet-switchednetworks,39 packets,436 PageSentry,405 pairingBluetoothdevices.Seealso Bluetooth bidirectionalpairing,116 discoverabilitysettings,116,118, 122 discoveringotherdevices,116, 119–121,122–125,126 one-waypairing,138 overview,115–117 passphrases,116,117 T68icellphoneswithMacintosh, 371–373 underMacOS,122–125,371–373 underPalmOS,116 underWindowsXP,117–121 PalmOShandhelds advancednetworkconnections, 106–108 EnforaWirelessLANPortfolio,31 HotSyncingusingBluetooth, 126–129 intermediatenetworkconnections, 105–106 networksettings,modifying,106, 108 preferrednetworkadapters,24, 30–31 simplenetworkconnections,104 VPNsettings,107 panelantennas,258–259,411–412 parabolicantennas,409,412 parallelportnetworkadapters,455 Part15Regulations,FCC,427 passiveFTP,468 passivehubs,457–458 passphrases,116,117,263,312.See alsopasswords passthrough(portforwarding),186
passwords.Seealsopassphrases APOP(AuthenticatedPOP), 310–311 emailpasswordencryption, 310–311,467 encryptionbynetworkprotocols, 467 extractingusingettercaputility, 308 guidelinesforsecurepasswords, 291 onnon-secureWebsites,310 recommendationsfordatasecurity, 291 WEPkeys(SeeWEPauthenticationandencryption) WPAkeys(SeeWPAauthenticationandencryption) patchantennas,258–259,411–412 patchcables,447.Seealsocrossover cables PCcardnetworkadapters.Seealso networkadapters meshnetworkingcapabilities,51 networkadaptersforMacintosh systems,28 opensourcedriver,OSX,29 overview,24,25,454 troubleshootingnetworkadapters, 156–157,160,162 Windowsnetworkadapters, installing,60 PCCards deactivating,157 networkadapters(SeePCcard networkadapters) PCIcardnetworkadapters,24, 26–27,28,60,454 PCs.SeeWindowssystems PCSConnectionManager,368 PDFFactory,154 PDFs,154 Perlscripts,319 personalcertificates,320 personalfirewalls,329 PersonalTelco,336,337 PGP(PrettyGoodPrivacy), 311–315 PhoneNetnetworks,449–450 phones,wireless,233–235 photoplayers,wireless,230–231 physicsofsolidobjects,5
pigtails connectingantennas,33–34, 415–416 FCCregulations,34,416 overview,415–416 SeattleWirelessPigtailsWebpage, 416 signallossinantennacable,416, 422 pingtest,278 PioneerCourthouseSquareWi-Fi access,337 planningwirelessnetworks accesspointlocations,174,175–176 gatheringnetworkinformation, 168–169 inaccessibleroomsandsignal strength,168,169 multipleaccesspoints,175–176 networkdiagrams,167–173 overview,167 shoppinglist,173 plenum-ratedcable,446 PocketPChandhelds,24,30–31, 108–114,305 PoEdevices,175 point-to-multipointnetworks multiplebridges,254 omnidirectionalantennas,410 poweroutput/antennagain,allowablecombinations,428 sectorantennas,411 point-to-pointnetworks FCCregulations,430 pairedbridges,254 panelantennas,258–259,411–412 patchantennas,258–259,411–412 poweroutput/antennagain,allowablecombinations,428–429 Point-to-PointTunneling Protocol,323.SeealsoVPNs POPandPOPservers APOPpasswordencryption, 310–311 emailpasswordencryption,467 overview,468 POPaccount,checkingthen sendingmail,381 XTNDXMIToption,382 portforwarding,186,315,316–317, 318
Index portmapping(portforwarding), 186,214 Portland,Oregon,Wi-Fiaccess in,337 ports firewallsand,466 overview,466 portmapping,186,214,466 portnumbers,466 portsadjacenttouplinkports,447 uplinkports,447 well-knownports,466 PostScriptprinters,225 powercycling troubleshootingInternetconnections,281 troubleshootingneedforfrequent reboots,277,279 troubleshootingnetworkconnectivity,162 powerlines,HomePlugnetworks, 451–452 PowerMacs,24,28,96–97 poweroutput allowableoutput/antennagain combinations,428–429 wattstodBmconversionchart, 409,428 PoweroverEthernetdevices,175 PowerBooks,24,29,96–97 Pozar,Tim,427 PPPoE,189–190,462 PPTP,323.SeealsoVPNs pre-sharedkeys,263 pre-sharedsecrets,263,301 precipitation,effectonsignal strength,423,425 PreferredNetworkslist,Windows XP,66 PrettyGoodPrivacy(PGP), 311–315 preventingunauthorizednetwork access.Seesecurityofcomputer systems;securityofdata;securityofnetworks “Pringlescan”antennas,414 printservers,191,224–226 printspooling,191,226 printeradapters,wireless,224 printersharing Dave,154,226,439 overview,438–439
PDFfilesasalternative,154 printservers,wireless,224–226 printspooling,191,226 printeradapters,wireless,224 printersinnetworkdiagrams,169, 171 USBprinters,154 Wi-Fi-enabledprinters,226 betweenWindowsandMacintosh computers,154,226,439 wirelessgatewaysasprintservers, 191 PrintToPDF,154 privacy,286.Seealsosecurity privatekeys.Seepublic-keycryptography problemsolving.Seetroubleshooting;troubleshooting process problems,insolvable,488 problems,reporting,486–487, 487–488.Seealsotroubleshooting;troubleshooting process profiles BoingoWirelessclientconfiguration,359–361 computerprofiles,troubleshooting process,486–487 ConfigFreesoftware,Centrino laptops,83–85 projection,wireless,232–233 promiscuousmode,306 ProntoNetworks,344 protectingnetworksfromunauthorizedaccess.Seesecurityof computersystems;securityof data;securityofnetworks protocols.Seenetworkprotocols protocols,network AppleTalk,464–465 DHCP(SeeDHCP) DNS,465–467 Ethernet,463 FTP,467–468 HTTP,468 IMAP,468 NetBEUI,464 overview,461–462 passwordencryption,467 POP,468 PPP,462
521
522
TheWirelessNetworkingStarterKit PPPoE,189–190,462 proprietaryprotocolsupportin wirelessgateways,184 SMTP,468 TCP/IP,463–464 public-keycryptography GPG(GNUPrivacyGuard),312 overview,312–313 PGP,315 sharingkeys,314–315 inSSH,316 inSSL,319–320 publickeys.Seepublic-keycryptography;SSL publiclibraries,wirelessnetworks at,336,338 pulses,UltraWidebandtransmissions,52–54 PulverInnovations,234 punch-through(portforwarding), 186 purchasingwirelessnetworking equipment.Seealsocostconsiderations;planningwireless networks networkdiagrams,167–173 shoppinglist,173
Q
QualityofService(QoS),802.11e standard,43 questions,troubleshootingprocess, 481–483 QuickerTek,163
R
rabbitearantennas,259,413 TheRaceforBandwidth,xxi radiationpatterns,antennas,409 radiotransceivers poweroutput/antennagain,allowablecombinations,428–429 receivesensitivity,424–425 transmitpower,420–421 RadioTransmissionTechnology (1xRTT),2.5Gnetworks,41 radiowaves 2.4GHzband,5 5GHzband,5
datatransmissionmethods,6–7 infraredband,4 interference,5 physicsofsolidobjects,5 unlicensedspectrum,4 RADIUS,wirelessgateway support,188 railroadanalogyfornetworks, 436–437,453,459,466 rain,effectonsignalstrength,423, 425 RAMdrives,USB,backingup data,384 rangeofwirelessnetworkadapters, 238 RealWorldAdobeGoLive,xxi RealWorldScanningandHalftones, xxi rebootingcomponents troubleshootingInternetconnections,281,432 troubleshootingneedforfrequent resets,277,279 troubleshootingnetworkconnectivity,158 receiveamplifiers,418 receivesensitivity,radiotransceivers,424–425 reception,troubleshooting, 275–276 RecordingIndustryAssociationof America(RIAA),289 RedFang,306 redundantInternetconnections, 397–398 Reisert,Joseph,409 relayaccesspoints,WDS,249 relayingemail,380 remoteaccesspoints,WDS,249 remotebackupprograms,384 remoteconfigurationsettings,210 remotecontrolsoftware,383 remotelocations,extending existingnetworks.Seealsolongrangewirelessnetworks determiningantennalocations, 402–404 extendingInternetaccess,396–401 overview,395–396,401–402 testingantennalocations,403 troubleshootinglong-range networks,404–406
two-hopnetworks,404 repeaters,20,22 reportingproblems,486–487,487– 488.Seealsotroubleshooting; troubleshootingprocess reproducibleproblems,480 resellers.Seealsoaggregators AirpathWireless,344 CometaNetworks,344 customWISPconfigurationsoftware,357–358 FatPort,344 hotspotservices,creating,347 NetNearU,344 ProntoNetworks,344 Speakeasy,347 SprintPCS,349,368 STSN,345 SurfandSip,345 VerizonWireless,349,370 Wayport,345 resettingcomponents troubleshootingInternetconnections,281,432 troubleshootingneedforfrequent resets,277,279 troubleshootingnetworkconnectivity,162 restrictingaccesstocomputers.See securityofcomputersystems restrictingaccesstodata.Seesecurityofdata restrictingaccesstonetworks.See securityofnetworks retaillocationswithwireless networks AppleStores,340 Barnes&Noble,354 Borders,354 freeretaillocations,339–341 Kinko’s,354 McDonalds,353 NewburyStreet,Boston,340 Schlotzsky’sDeli,353–354 St.Louis,Missouri,340 Starbucks,352–353 Retrospect,439 RIAA(RecordingIndustryAssociationofAmerica),289 RicohCaplioProG3,221 ringnetworks,442–443
RoamAD,51 roaming.Seetraveling roamingaggregators.Seeaggregators rooms,inaccessible,andsignal strength,168,169 routeraddresses,471,476,477 routers,51,281,460.Seealsoaccess points;gateways ruggedizedenclosures,434 ruralInternetaccess.Seelongrangewirelessnetworks ruralnetworks,likelihoodof snooping,287
S
“SafeModewithNetworking,”158 safetyofdata.Seesecurity Samba,144 SamsungML2152WWi-Fienabledprinter,226 SanFranciscoInternational AirportWi-Fiaccess,337 SanDisk,30 SanswireTechnologies,55 SanyoElectricDSC-SX560prototype,221 satellite-basedInternetaccess,399 scanningnetworks,306–308 SchipholAirport,Wi-Fiaccess in,351 Schlotzsky’sDeli,353–354 SCP(SecureCopy),319 SCSIEthernetadapters,455 searchingfortechnicalsupport, 484–486.Seealsotroubleshooting;troubleshooting process SeattleWirelessPigtailsWeb page,416 sectorantennas,411 SecureDigitalIOcardnetwork adapters(SDIO),24,30–31 SecureFTP,317,320,322 SecureFTP101article,322 SecureSocketsLayer.SeeSSL (SecureSocketsLayer) security 802.11istandard,45 accesspoints,securityfeatures,22
Index accountaccessinformation,379 APOPencryption,310–311 authentication(Seeauthentication andauthenticationprotocols) closednetworks(Seeclosed networks) ofcomputers(Seesecurityof computersystems) contentencryption,311–315 DMZs,186 encryption(Seeencryptionand encryptionkeys) end-to-endencryption(Seeendto-endencryption) fingerprints,314,316 firewalls(Seefirewalls) HomePlugnetworks,452 IPaddressauthentication,297 laptopsecuritywhiletraveling, 390–391 liabilityconsiderations,286, 287–288,287–293 likelihoodofattacks,286–287 listeningtonetworktraffic, 306–308 MACaddressesand,296–297,456 NATgateways,466 opennetworks(Seeopennetworks) overviewofsecurityconsiderations, 285–286 passwordguidelines,291 portforwardinginwirelessgateways,186 privacyarticle,TidBITS,286 public-keycryptography(See public-keycryptography) restrictingaccesstocomputers(See securityofcomputersystems) restrictingaccesstodata(Seesecurityofdata) restrictingaccesstonetworks(See securityofnetworks) securenetworks,configuringwirelessgateways,199–200,202–203, 208–209 SMTPAUTHcommand,311, 381–382 snoopingandspread-spectrum transmission,7 SSH(SecureShell),315–319,382 SSL(SecureSocketsLayer), 319–322
triggersinwirelessgateways,186 VPNs(virtualprivatenetworks), 107,112–114,188,322–324,362, 385 WEPencryption(SeeWEP authenticationandencryption) WPAencryption(SeeWPA authenticationandencryption) securityofcomputersystems anti-virussoftware,327–328 basicprecautions,327 damagetodata,292 denialofservice(DoS)attacks, 293,327 exploitationofvulnerabilities, 292–293 firewalls,328–331 laptopssecurity,390–391 liabilityconsiderations,288, 292–293 likelihoodofattacks,286–287 NAT(NetworkAddressTranslation),330–331,462–463 “shouldersurfers,”390–391 theftofdata,292 typesofattacks,325–327 viruses,293,326–327 worms,293,326 securityofdata accountaccessinformation,291 basicprecautions,327 contentencryption,311–315 contentsoffilesandemail,291 damagetodata,292 emailpasswordencryption, 310–311,467 encrypteddata,typical,290 encryption,benefitsof,309–310 liabilityconsiderations,288, 289–292 listeningtonetworktraffic, 306–308 localtrafficprotection,262–263 onlinemovements,tracking,291 overview,309 passwordguidelines,291 public-keycryptography,312–315 roamingusers,263–267 SSH(SecureShell),315–319 SSL(SecureSocketsLayer), 319–322 theftofdata,292
523
524
TheWirelessNetworkingStarterKit TKIPencryptionkeys,262–263 typesofdataatrisk,290–291 unencrypteddata,typical,289–290 VPNs(virtualprivatenetworks), 107,112–114,188,263–267, 322–324,362,385 WEPencryption(SeeWEP authenticationandencryption) WEPkeyextractiontool,308 WPAencryption(SeeWPA authenticationandencryption) securityofnetworks 802.11istandard,300–302 802.1Xprotocol,267–270 authenticatedlogins,267–270 closednetworks(Seeclosed networks) copyrightedmusicdownloads,289 ineffectivesecuritymeasures, 295–297 legalityofmonitoringtools,303, 308 liabilityconsiderations,288–289 listeningtonetworktraffic, 306–308 MACaddresses,restrictingaccess by,296–297,456 opennetworks,abuseof,288–289 restrictingnetworkaccess,296–297 stumblerprograms,303–306 toolsformonitoringnetworks, 302–308 WEPencryptionvulnerabilities, 297–300 WEPkeyextractiontool,308 WPAencryption,300–302 securitypatches,Windows systems,326 segments,network,441 self-signedcertificates,320 Sentman,James,405 ServiceSetIdentifier(SSID), 175–176,216 settings,custom,troubleshooting networkdevices,280 sharedsecrets pre-sharedsecrets,263,301 WEPencryption,298,299 WPAencryption,301 SharePoints,151 sharingAmericaOnlineconnections,192–193,214
sharingfiles.Seefilesharing sharingInternetconnections accesspointsasgateways,22 AmericaOnlineconnections, 192–193,214 DHCPclients,189 liabilityconsiderations,288–289 long-rangeInternetconnections, 396–401 MACaddresscloning,190,456 Macintoshsystems,238–240, 240–241 overview,437–438 PPPoE,189–190 security(Seesecurityofnetworks) singlevs.multipleIPaddresses, 213,400–401 softwareaccesspoints,237–238 WEPencryptionconsiderations, 241 WindowsXPsystems,241–243 wirelessgatewayfeatures,189–190 sharingprinters.Seeprinter sharing Shiekh,Dr.A.,427 shieldedtwistedpairwiring,446 shoppinglist,planningwireless networks,173 “shouldersurfers,”390–391 SierraWirelessAirCard555, 375–377 signalloss.Seealsosignalquality; signalstrength inantennacable,416,421–422 fromconnectors,417,421 distancebetweenantennas, 423–424 effectofweather,423,425 free-spacesignalloss,422–424 minimizingantennacablelength, 431–432 pigtails,416,422 signalquality.Seealsointerference; signalloss;signalstrength interferencein2.4GHzsignals, 274 spreadspectrumtransmission,6–7 troubleshootingintermittent signals,274 signalreflection,18 signalstrength.Seealsosignalloss; signalquality
accesspoints,planninglocations, 174 amplifiers,418–419 antennagain,calculating(Seegain, calculating) dB,dBi,dBmratings,408–409 inaccessibleroomsand,168,169 increasing,162–163 planningaccesspointlocations,174 poweroutput/antennagain,allowablecombinations,428–429 receivesensitivity,radiotransceivers,424–425 satellite-basedwirelessnetworking, 56 stumblingtools,174,387–388 toolsforfindingnetworks,174 transmitpower,radiotransceivers, 420–421 troubleshooting,162–163 troubleshootingblockedreception, 275–276 troubleshootingnetworkconnectivity,162–163 signingfiles.Seepublic-keycryptography silversatinwiring,445 simultaneoususers,gateway supportfor,192 SIPphone,234 sitechecks,400 SkyStationInternational,55 SLIMP3,229–230 SMAconnectors,417 smallofficenetworks datasecurity,localusers,262–263 datasecurity,roamingusers, 263–267 TKIPencryptionkeys,262–263 VPNs(virtualprivatenetworks), 263–267 WPAencryption,262–263 SmartIDWFS-1Wi-Fidetector, 227 SMTP,468 SMTPAUTH,311,381–382 sniffingnetworktraffic,306–308 snooping,protectionfrom.See securityofnetworks snow,effectonsignalstrength, 423,425 “TheSocialLifeofPaper,”438
software,internal(firmware),190, 277,281 softwareaccesspoints InternetSharing(OSX),configuring,240–241 IPNetRouter,240,460 limitationsof,238 overview,21,237–238 simulatingwithadhocnetworking (WindowsXP),241–243 SoftwareBaseStation,configuring, 238–240 troubleshootingwired-to-wireless connections,279 SoftwareBaseStation,configuring,238–240 softwareVPNservers,264–265. SeealsoVPNs(virtualprivate networks) solidobjects 2.4GHzand5GHzbands,5 concretewalls,275–276 infrarednetworks,4–5 physicsof,5 troubleshootingblockedreception, 275–276 UWB(UltraWideband)transmissions,52 Sonyproducts,229,231–232, 371–375 SoundBlasterWirelessMusic,231 SouthKorea,42 Speakeasy,347 specifications,9 SpectraLink,234 spectrum,electromagnetic.See electromagneticspectrum speedsofnetworks.Seealso throughput 2.5Gnetworks,40–41 3Gnetworks,39–40 802.15standards,36 802.11astandard,14 802.11bstandard,12 802.11gstandard,15,16 802.11nstandard,45 Bluetooth,35 cellulardatanetworks,38–39,371, 376–377 determiningstandard(s)needed, 178–179
Index wirelessgateways,selecting, 178–179 SpeedStreamPowerlineWireless AccessPoint,452 spreadspectrumtransmission,6–7 SprintPCS 2.5Gnetworkplans,41 cellulardatanetworkplans,40,372 hotspotnetworks,41 resellingWi-Fiaccess,349 Wi-Ficlientconfigurationsoftware,368 spur-of-the-momentnetworks.See adhocnetworks Sputnik,347 SSHCommunicationsSecurity, 317 SSH(SecureShell) Anonymizer.com,317 availablesoftware,317 email,SSHtunneling,382 encryptionprocess,316–317 overview,315–316 SCP(SecureCopy),319 SecureFTP,317 terminalSSH,318–319 SSIDs,175–176,216 SSL(SecureSocketsLayer) availablesoftware,322 emailprogramsupport,381 enabling,321 overview,320–321 public-keycryptography,319–320 SecureFTP,320,322 St.Louis,Missouri,Wi-Fiaccess in,340 StairwaysSoftware,278 standards.Seealsonamesofspecific standards compatibility(Seecompatibility amongstandards) historyofwirelessnetworking standards,9–10 IEEE(Seeentriesbeginningwith “802”) innetworkingworld,9 valueofinnetworking,436 Wi-Ficertification,10 starnetworks,440–442 StarBandCommunications,56, 399
Starbucks,352–353 staticIPaddresses,401 stillcameras,Wi-Fi-enabled, 220–221 streamingmedia,36,221–223 STSN,345 stumblerprogramsandtools findingBluetoothdevices,306 findingnetworkswhiletraveling, 387–388 handheldWi-Fidetectors,227, 388 Macintoshstumblers,304–305 planningaccesspointlocations,174 PocketPCstumblers,305 Unixstumblers,305 Wi-Fisense,228 Windowsstumblers,303 Stunnel,322 subnetmask,471,472,476,477 Sullivan,Jim,339 support.Seetechnicalsupport SurfandSip,345 SustainableSoftworks,240,278, 329,460 switchinghubs,458 systemfailures.Seetroubleshooting SystemInformationprogram,487 systemprofiles,486–487 systemsecurity.Seeattacks;securityofcomputersystems
T
T-Mobile,40,41,343,372 T-MobileHotSpot,41,343,345, 370 TCP/IP,463–464 tcpdumputility,306 TechSuperpowers,340 technicalsupport.Seealsotroubleshooting;troubleshooting process AirPorttroubleshootingguide, 156,272 expertfriends,484–485 locatingexperthelp,485–486 reportingproblems,486–488 telephonewiring,449–450, 450–451 telephones,wireless,233–235
525
526
TheWirelessNetworkingStarterKit televisiontransmitters,wireless, 231–232 TeliaSonera,42 TemporalKeyIntegrityProtocol (TKIP).SeeTKIP. TenzingCommunications,355 terminalSSH,318–319 termination,busnetworks,442 tests,introubleshootingprocess, 481–483 ThickNet,444 ThinNet,445 throughput 10Base-2Ethernet,445 10Base-5Ethernet,444 100Base-TEthernet,446 1000Base-TEthernet,448 2.5Gnetworks,40–41 3Gnetworks,39–40 802.15standards,36 802.11astandard,10,14 802.11bstandard,10 802.11gstandard,10,15,16,17 802.11nstandard,45 1000Base-TEthernet,448 Bluetooth,35 cellulardatanetworks,38–39,371, 376–377 descriptionof,441 HomePlugnetworks,451 HomePNAnetworks,450 hubtypesand,457–458 LocalTalknetworks,449 WDSbridges,249 ThursbySystems,143,192,226 T68icellphone,371–373,373–375 TidBITS,286,xxi TimbuktuPro,383 TitaniumPowerBookG4s,29,163 TKIP(TemporalKeyIntegrity Protocol),45,262–263,301 TNCconnectors,417 tokenringnetworks,442–443 TompkinsCountyPublicLibrary, 336,338 Tools4ever,405 topographicalmaps,403 topologies,network busnetworks,442 meshnetworks,443–444 ringnetworks,442–443
starnetworks,440–441 TopoZone.com,402 Toshiba1K-Wb11aWi-Fivideo camera,223 Tourrilhes,Jean,100,102 tradeshows,wirelessnetworksat, 341 traffic,listeningto.Seealsosecurity ofdata EtherPEG,306 ettercaputility,308 liabilityconsiderations,288, 289–292 localtrafficprotection,262–263 ntoputility,307 rovingtrafficprotection,263–267 tcpdumputility,306 traffic,securityof.Seesecurityof data transceiverpower,Wi-FiPC cards,25 transceivers poweroutput/antennagain,allowablecombinations,428–429 receivesensitivity,424–425 transmitpower,420–421 transferringfiles,17,36,130–132. Seealsofilesharing;FTP transmitamplifiers,418 transmitpower,radiotransceivers, 420–421 transparencyofnetworks.See security traveling accessaccounts,commercial networks,379 airportwirelessnetworks,350–351 backingupdata,384 commercialwirelessnetworks, 341–355 communitynetworkdirectory,336 connectingtowirelessnetworks, 388–389 emailcomplications,380–382 files,ensuringaccessto,382–384 findingnetworks(Seefindingwirelessnetworks) freewirelessnetworks,336–341 3GphonesinEuropeandAsia,40 hotspotdirectories,339 Internetaccessontheroad, 387–389
laptopsecurity,390–391 legalchannelusageindifferent countries,13 loginaccesswhiletraveling,389 networksetupwhiletraveling,388 personalfirewallsoftware,329 securityconsiderations,327 tipsforworkingwhiletraveling, 389–390 troubleshootingroamingnetwork access,163 VPNs,385 wirelessaggregators,346–349 wirelessISPs(WISPs),342–346, 398–399 triggers,186 Tripwire,292 TroposNetworks,51 troubleshooting.Seealsotroubleshootingprocess 802.11bnetworks,156 accesspoints,needforfrequent resets,277,279 AirPorttroubleshootingguide, 156,272 blockedreception,273,275–276 BoingoWirelessconnections,363 clientsoftware,156–162 connectivity,156–162,276–277, 278,279,280–281 customsettings,re-entering,280 firewallsettings,281 firmwareproblems,190,277,281 howto(Seetroubleshooting process) insolvableproblems,488 interference,274 intermittentsignal,274 long-rangeconnections,405 long-rangenetworks,404–406 networkadapters,156–157,160, 162 overview,271–272,479,488 pingtest,278 portsadjacenttouplinkports,447 process(Seetroubleshooting process) roamingnetworkaccess,163 signalstrength,162–163,272–274 usingConnectivityDoctor, ConfigFreesoftware,85–87
WDS(WirelessDistribution System),282 wired-to-wirelessconnections,279 wirelessnetworkproblems,overview,271–272 WirelessNetworkTroubleshooting Webpage,156 troubleshootingprocess.Seealso troubleshooting answeringquestions,482–483 askingquestions,481–482 describingpartsofmalfunctioning system,480–481 errormessages,480 experthelp,locating,483–486,488 identifyingproblems,479–480 intermittentproblems,480 reportingproblems,486–488 reproducibleproblems,480 systemprofiles,486–487 unsolvableproblems,488 visibleindicators,480 TroyWindConnectBluetooth WirelessPrinterAdapter,224 tunnels SSH(SecureShell),315–319 SSL(SecureSocketsLayer), 319–322 VPNs(virtualprivatenetworks), 107,112–114,188,322–324,362, 385 turningcomponentsonandoff.See powercycling turnkeyhotspotservices,347 twistedpairwiring,445,446 two-hopnetworks,404
U
UltraWideband(UWB),52–54 UltraWidebandWorkingGroup, 52 unauthorizednetworkaccess.See securityofnetworks universities,wirelessnetworksat, 163,338–339 Unix-likesystems configurationinterfacesforwireless gateways,181–182 stumblerprograms,305 Wi-Fidrivers,99–100
Index unlicensedspectrum,4 unshieldedtwistedpairwiring,446 uplinkports,447 urbannetworks,likelihoodof snooping,287 URLs 21stCenturyAirships,55 802.11bDriverforOSX (IOXperts),96 activePDFComposer,154 addingantennastoAirPortBase Stations,34,256 AdvancedTechnologiesGroup,55 AegisServer,270 Aerosol,303 AeroVironment,54 AirBoard,Sony,231–232 AirpanelSmartDisplays,ViewSonic,232 AirpathWireless,344 AirPortBaseStation,attaching antennasto,34,256 AirPortExtremeAdminUtilityfor Windows,204 AirSnort,308 AlohaNetworks,56 amplifiers,418 AngelTechnologies,54 Anonymizer.com,317 antennaradiationpatterns,409 AppleAirPortWeblog,xx Applefilesharinginformation,152 Appleprintersharinginformation, 152 AppleStores,Wi-Fiaccess,340 ApSniff,303 AsantéFR1004ALgateway,225 Australiantokenringnetwork,443 Axis5800+Mobileprintserver, 225 Axis5810PrintPlug,224 Barnes&Noble,354 BayAreaWirelessUsersGroup, 427 BeefStewcanantennas,414 Belkin,28 BluetoothSpecialInterestGroup, 37 Boingoclientsoftware,358 BoingoWireless,346–348 Borders,354
BrickHouse,329 BroadbandWirelessExchange Magazine,398 BuffaloTechnology,USBwireless adapter,31 canantennas,414 CasioXF-800Wi-Ficolortelevision,232 cd3o,231 Centrinolaptops,81 CiscoSystems,25,234 CometaNetworks,344 communitynetworkdirectory,336 communitynetworkingsites,407 connectors,antennacables,417 ConnexionbyBoeing,355 CreativeTechnology,231 D-Linkgateways,185 D-LinkWi-Fivideocameras,222 DanaStreetRoastingCompany, 340 DantzDevelopment,329,439 Dave,143,192,226 dBmtowattsconversionchart, 409,428 Direcway,56,399 Dr.Bott,34 dstumbler,305 dynamicDNSinformation, 184–185 electromagneticradiation,health concerns,408 ElectronicFrontierFoundation,7 EnforaWirelessLANPortfolio,31 EnGeniuscard,25,162 EpsonBluetoothPrintAdapter, 224 Ethernet,BobMetcalfe’ssketch, 444 EtherPEG,306 ettercaputility,308 EZGoalHotspots,339 F-Secure,317 FatPort,344 FCCPart15Regulations,427 Flickenger,Rob,414 free-spacesignallosscalculator, 423 FreeWorldDialup,234 FreeS/WAN,265 Fresnelzone,431
527
528
TheWirelessNetworkingStarterKit “frottle,”443 FSV-PGX1fileserver,Sony,229 gaincalculators,420,425 Gimp-Print,192 Gladwell,Malcolm,438 GlooLabs,230 GlubTech,322 Go-VideoNetworkedDVDplayer, 231 Google,340 GPG(GNUPrivacyGuard),312 GrandstreamNetworks,234 GRICCommunications,349 hardwareabstractionlayerfor Atheroschips,101 healthconcerns,electromagnetic radiation,408 HerkimerCoffee,340 Hewlett-PackardWi-Fidrivers, 100 home-builtantennas,414 HomePlug,452 HomePNA,451 HomePod,230 hotspotdirectories,337 Hotspot-Locations,339 HotSpotList.com,339 HughesNetworkSystems,56 HyperLinkTechnologies,34,175, 179,257,418,419 IBackup,383 IBM802.11bWirelessPrint Adapter,224 IntegoNetBarrierX3,329 IntelPro/Wireless2100Network Connectioncard,81 Interarchy,278,317 IOXperts,29,96 IPaddressesforauthentication (article),297 iPass,348 IPNetMonitor,278 IPNetRouter,240,460 IPNetSentry,329 Ipswitch,405 IQinVisionIQeye3Wi-Fivideo camera,223 iStumbler,305 Java-basedAirPortExtremeBase Stationconfigurationprogram, 204
Jiwire,339,xxii KensingtonTechnologyGroup, 391 KensingtonWi-FiFinder,227 keyservers,314 KisMAC,304 Kismet,305 Leffler,Sam,101 lightningsuppressors,419 Linksys,30,32,222–223 Linux-WLANproject,102 LocustWorld,51 3MNotebookPrivacyFilter,391 .Mac,383 MacOSXServer10.3(Panther), VPNsoftware,265 MacStumbler,160,276,304 MacWireless,175 MacWireless802.11bPCIcard,28 MartianTechnology,228–229 MaxumDevelopment,405 McAffee’sVirusScan,328 McDonaldsWi-Fiaccess,353 McQuitty,Thomas,28 MeetinghouseAegisServer,270 MeshNetworks,51 Metcalfe,Bob,444 Ministumbler,305 MobileCommandSystems,226 MonitorMagic,405 MyDocsOnline,383 Nalley’sBigChunkBeefStewcan antennas,414 Netatalk,144 NetBarrierX3,329 NetDriveWireless,MartianTechnology,228–229 NetGate,25,162 NetNearU,344 Netopia,329 NetStumbler,160,276 Netstumbler,303 networkmonitoringsoftware,405 NewArchitectmagazine,297 NewburyOpen.net,340 NikonD2HPro,220–221 Nomadprinter,MobileCommand Systems,226 NortonAntiVirus,328 ntoputility,307 NYCwireless,336
O2Connect,340 OmniGraffle,168 OpenDirectoryProject,398 open-sourcePCcarddriver, OSX,29 Orinoco,76 PageSentry,405 Part15Regulations,whitepaper, 427 PDFcreationutilities,154 PDFFactory,154 PersonalTelco,336 PGPCorporation,312 Pozar,Tim,whitepaperonPart15 Regulations,427 PrintToPDF,154 privacyarticle,TidBITS,286 ProntoNetworks,344 PulverInnovations,234 QuickerTek,163 receivesensitivity,common networkingdevices,424 Reisert,Joseph,409 Retrospect,439 RicohCaplioProG3,221 RoamAD,51 Samba,144 SamsungML2152WWi-Fienabledprinter,226 SanDisk,30 SanswireTechnologies,55 SanyoElectricDSC-SX560prototype,221 Schlotzsky’sDeli,353–354 SecureFTP101article,322 securitystatusreport,300 Sentman,James,405 SharePoints,151 SIPphone,234 SkyStationInternational,55 SLIMP3,229–230 SmartIDWFS-1Wi-Fidetector, 227 “TheSocialLifeofPaper,”438 SonyAirBoard,231–232 SonyFSV-PGX1fileserver,229 SoundBlasterWirelessMusic,231 Speakeasy,347 SpectraLink,234 SpeedStreamPowerlineWireless AccessPoint,452
SprintPCSclientsoftware,368 Sputnik,347 SSHCommunicationsSecurity, 317 StairwaysSoftware,278 StarBandCommunications,56, 399 Starbuckswirelessnetworks, 352–353 STSN,345 Stunnel,322 SurfandSip,345 SustainableSoftworks,240,278, 329 Symantec,328 T-MobileHotSpot,345 tcpdumputility,306 TechSuperpowers,340 TenzingCommunications,355 thisbook’sWebsite,xx ThursbySystems,143,192,226 TidBITS,286,xxi TimbuktuPro,383 Tools4ever,405 TopoZone.com,402 Toshiba1K-Wb11aWi-Fivideo camera,223 Tourrilhes,Jean,100,102 transceiverpower,whitepaper,25 Tripwire,292 TroposNetworks,51 TroyWindConnectBluetooth WirelessPrinterAdapter,224 UltraWidebandWorkingGroup, 52 USBadaptersforMacintosh systems,28 ViewSonicAirpanelSmart Displays,232 Visio,168 VoceraCommunicationsBadge, 235 Vonage,234 VPNserviceproviderlist,266 Walker,James,154 warchalking,307 Wayport,345 WhatsUpGold,405 WhistleBlower,405 Wi-FiAlliance,11 Wi-FiFinder,Kensington,227
Index Wi-FiFreeSpotDirectory,339 Wi-FiNetworkingNews,xx,xxii Wi-FiNetworkingNewssite,xx WiFiConsultingVPNservice,266 WiFinder,339 WiFisense,228 WiMaxForum,47 WindowsServer2003,270 WindowsServer2003,VPN support,264 WinSCP,317 Wireless-BGameAdapter, 235–236 Wireless-BMediaAdapter,230 Wireless-GGameAdapter, 235–236 Wireless-GVPNBroadband Router,266 WirelessNetworkTroubleshooting Webpage,156 WirelessNodeDatabaseProject, 339 WirelessSecurityCorporation,270 WirelessDriver,96 WISPdirectories,398 WorkingGrouponWireless BroadbandAcessStandards, 46–47 WPAencryptionpatch,Windows XP,61 WPG-11WirelessPresentation Gateway,Linksys,233 WPG-12WirelessPresentation Player,Linksys,233 Xdrive,383 YDIWireless,257,419 ZEROCONFprotocol,464–465 ZoneAlarmPro,329 USBadapters,24,28,31,454 USBprinters,154,224 USBRAMdrives,backingup data,384 USBwirelessnetworkadapters,60 UTPwiring,446 UWB(UltraWideband),52–54
V
VerizonWireless 2.5Gnetworkplans,41
CDMAcellulardatanetwork, 375–377 cellulardatanetworkplans,40,372 hotspotnetworks,41–42 SierraWirelessAirCard555, 375–377 wirelessnetworks,349,370 videocameras,Wi-Fi-enabled, 221–223 ViewSonicAirpanelSmart Displays,232 virtualprivatenetworks.SeeVPNs viruses.Seealsosecurityofdata anti-virussoftware,327–328 macroviruses,328 systemsecurityconsiderations,293, 326–327 VirusScan,McAffee’s,328 visibleindicators,troubleshooting process,480 Visio,168 VoceraCommunicationsBadge, 235 VoiceoverIP(VoIP),43,234 VoiceoverWirelessIP(VoWIP), 234 Vonage,234 VPNs(virtualprivatenetworks) asalternativetoWPAencryption, 264 BoingoWirelessVPNconnection, 266,362 built-inVPNsoftware,264–265 FreeS/WANVPNsoftware,265 LinksysWireless-GVPNBroadbandRouter,266–267 MacOSXServer10.3(Panther) support,265 NATand,323 overview,322 PalmOS,VPNsettings,107 sendingemail,382 softwareVPNservers,264–265 subscriptionVPNservices, 265–266 travelissues,385 VPNserviceproviders,266 WiFiConsultingVPNservice,266 WindowsMobile2003,VPN settings,112–114 WindowsServer2003support,264 wirelessgatewaysupport,188
529
530
TheWirelessNetworkingStarterKit wirelessISPwithbuilt-inVPN, 322 vulnerabilities.Seesecurity
W
Walker,James,154 walls,troubleshootingblocked reception,275–276 WANports,180,185–186 WAP11,needforfrequentresets, 277 WarGames(movie),307 “war”prefix,307 warchalking,307,388 wattstodBmconversionchart, 409,428 Wayport,41,42,345,351 WDS(WirelessDistribution System) configuring,249–252 futureofmeshnetworking,50 limitationsto,248–249 masteraccesspoints,249 overview,22,191,248–249 relayaccesspoints,249 remoteaccesspoints,249 troubleshooting,282 weather,effectonsignalstrength, 423,425 Web-basedemailinterfaces, 380–381 Webbrowsers,tipsforworking whiletraveling,390 Webmail,380–381 Webservers,186 Websiteaddresses.SeeURLs WebDAV,remotefileaccess,383 well-knownports,466 WEPauthenticationandencryption.SeealsoWPAauthenticationandencryption 802.11istandard,45,300,301–302 appropriateuseof,300 Broadcomclients,67 dataintegritycheck,299 enabling,298–299 extractingWEPkeys,308 hexadecimalencryptionkeys,298 in802.1Xauthenticationprotocol, 269
initializationvectorweaknesses, 299 Internetconnections,sharing,241 Linksysclients,75 Macintoshclients,92 Orinococlients,76 otherwirelessclients,78,79 sharedsecrets,298,299 troubleshootingnetworkconnectivity,160–161,276 upgradingtoWPA,302 vulnerabilities,297–300 WindowsXPclients,53–54 wirelessgatewaysupport,187 WEPkeys.SeeWEPauthenticationandencryption WET11,Linksys,28,32,252–253 WET54G,Linksys,252–253 WFS-1Wi-Fidetector,Smart ID,227 WhatsUpGold,405 WhistleBlower,405 Whitaker,Charles,325 whitepapers Part15Regulations,427 transceiverpower,25 Wi-Fiadapters.Seewireless networkadapters Wi-FiAlliance,11 Wi-Ficertification adhocmode,17 certificationprocess,11 compatibilityamongstandards,10 overview,11 Wi-Fidetectors findingnetworkswhiletraveling, 388 handhelddetectors,227,388 WiFisense,228 Wi-FiFinder,Kensington,227 Wi-FiFreeSpotDirectory,339 Wi-FiNetworkingNews,xx,xxii Wi-FiNetworkingNewssite,xx, xxii Wi-FiProtectedAccess.SeeWPA authenticationandencryption Wi-FiSetupapplication,104–107 Wi-Fi–to–Ethernetbridges,247, 252–253 WiFiConsulting,266 WiFinder,339
WiFisense,228 WiMaxForum,47 WiMax(WirelessInteroperability forMicrowaveAccess),46–47 WindConnectBluetoothWireless PrinterAdapter,Troy,224 Windows2000 networkadaptersettings,configuring,470,473–474 sharingnetworkconnections, 242–243 WindowsMobile2003handhelds 802.1Xnetworkauthentication, 112 addingnetworks,111 advancednetworkconnections, 112–114 intermediatenetworkconnections, 109–111 removingnetworks,111 simplenetworkconnections,109 VPNsettings,112–114 WindowsServer2003,264,270 Windowssystems.Seealso WindowsXP adhocnetworks,138 BoingoWirelessclientsoftware, 358–363 CDMAcellulardatanetwork connections,375–377 connectingtoBaseStations withoutAirPortcards,215 IPaddresses,determining,278 iPassclientsoftware,364–366 networksettings,configuring, 470–474 PCcards,deactivating,157 pingtest,278 “SafeModewithNetworking,”158 securitypatches,326 sharingprinters,154,438–439 SierraWirelessAirCard555 configuration,375–377 SprintPCSclientsoftware,368 stumblerprograms,303 SystemInformationprogram,487 troubleshooting(Seetroubleshooting;troubleshooting process) VPNsoftware,built-in,264 vulnerabilitytoattacks,326
wirelessnetworkadapters, installing,59–60 WindowsXP.SeealsoWindows systems accessingsharedfiles,145–146 adhocnetworks,138–139 advancedWindowsconnections, 66–67 AvailableNetworkslist,66 Bluetoothdevices,pairing,117–121 Bluetoothfileexchange,130 Bluetoothmouseissues,132–133 BluetoothPalmHotSync, 126–127,129 clientsoftwareconfiguration, 60–67 ConfigFreesoftware,Centrino laptops,81–87 firewall,enabling,330 intermediateWindowsconnections,62–66 Internetconnections,sharing, 241–243 LinksysBEFW11S4,initial configuration,196 manualnetworkconfiguration, 473–474 networkadaptersettings,configuring,470,473–474 PreferredNetworkslist,66 sharingfiles,144–145 simplenetworkconnection,61–62 WirelessZeroConfiguration service,restarting,158 WPAencryptionpatch,61,64 WinSCP,317 wiredconnections innetworkdiagrams,169,172 onwirelessgateways,180 WiredEquivalentPrivacy.See WEPauthenticationand encryption wirednetworks connectingtowirelessnetworks (Seebridges) Ethernet(SeeEthernetnetworks) troubleshootingwired-to-wireless connections,279 Wi-Fi–to–Ethernetbridges,247, 252–253 wired/wirelessbridging,21 wired/wirelessbridging,21
Index wirelessaccesspoints.Seeaccess points Wireless-BGameAdapter, 235–236 Wireless-BInternetVideo Camera,222–223 Wireless-BMediaAdapter,230 Wireless-Bsoftware,client configuration,70–71 wirelessbridges.Seebridges wirelessclientsoftware configuring(Seeconfiguring connectionstowireless networks) troubleshootingconnectivity, 156–162 wirelessconnections,innetwork diagrams,169,172 WirelessDistributionSystem.See WDS(WirelessDistribution System) “wirelessEthernet,”444 Wireless-GGameAdapter, 235–236 Wireless-Gsoftware,71–76 Wireless-GVPNBroadband Router,266–267 wirelessgatewayfeatures.Seealso wirelessgatewaysetup 802.11a,802.11b,or802.11g support,178–179 AmericaOnlineconnections, sharing,192–193,214 antennasandantennajacks,34, 179–180,256 compatibilityconsiderations, 178–179 configurationinterfaces,181–182 costconsiderations,193 DHCPclient,189 DHCPClientIDs,189 DHCPserver,182–183 dynamicDNSsupport,184–185 Ethernetports,180 filteringtraffic,185–186 firewallsupport,185–186 hubs,180–181 Internetconnections,sharing, 189–190,192–193 Internetsharing,22 LANEthernetports,180 MACaddresscloning,190
modems,built-in,181 NATsupport,183–184,330–331 networkauthenticationprotocols, 188 networkservices,182–185 numberofcomputerssupported, 192 overview,177 portforwarding,186 PPPoEtechnology,189–190,462 printersharing,191 proprietarynetworkprotocol support,184 securityfeatures,185–188 simultaneoususers,number supported,192 speedofnetwork,selecting, 178–179 switches,180–181 VPNsupport,188 vs.accesspoints,177,178 WANports,180 WEPencryptionsupport,187 Wi-Fiflavorssupported,178–179 wiredconnections,180 WirelessDistributionSystem,191 WPAencryptionsupport,187 wirelessgatewaysetup.Seealso wirelessgatewayfeatures AirPortExtremeBaseStation, 204–215 authenticationsettings,199–200, 202–203,215 commongatewaysettings,215–218 DHCPsettings,201,213–214 dynamicDNSsetup,204 high-speedperformanceoptions, 203 initialconnectionsetup,196 ISPconnections,212 LinksysBEFW11S4,195–201 LinksysWRT54G,201–204 securenetworksetups,199–200, 202–203,208–209 simplenetworksetups,197–199, 205–208 wirelessgateways.Seealsoaccess points;bridges;network adapters AirPortExtremeBaseStation(See AirPortExtremeBaseStation)
531
532
TheWirelessNetworkingStarterKit features(Seewirelessgateway features) firewallsupport,329,331 innetworkdiagrams,169 withprintservercapabilities,225 setup(Seewirelessgatewaysetup) troubleshootingInternetconnections,281 troubleshootingneedforfrequent resets,277,279 WirelessDistributionSystem(See WDS(WirelessDistribution System)) WirelessHacks,175,414 wirelesshardware.Seehardware WirelessInteroperabilityfor MicrowaveAccess(WiMax), 46–47 wirelessISPs.SeeWISPs wirelesslocalareanetworks (WLANs).Seewireless networksandnetworking WirelessMAN(WirelessMetropolitanAreaNetworking) standards,46–47 wirelessnetworkadapters AirPortcards,24 AirPortExtremecards,24 Atheroschipsets,101 Bluetoothoptions,37–38 built-inadaptercards,24 built-inantennas,257 chip-setmanufacturers,100–102 CompactFlashcards,24,30 connectingwithwirelessnetworks, 26 driversforUnix/Linux/BSD systems,99–102 Ethernetadapters,24,31–32 externalwirelesscards,31–32 findingopennetworks,303–306 internalwirelesscards,23–31 Intersilchipsanddrivers,100 manualnetworkconfiguration, 469–478 meshnetworkingcapabilities,51 MiniPCIcards,24,27 multiple-standardadapters,42 Orinoco,76–78,100–101 overview,23,24 PCcards,24,25,454 PCIcards,24,26–27
preferredadaptersforvarious systems(table),24 Prismseries,100 SecureDigitalIO(SDIO)cards, 24,30–31 stumblerprograms,303–306, 387–388 troubleshootingInternetconnections,281 troubleshootingnetworkconnectivity,162 forUnix/Linux/BSDsystems, 100–102 USBadapters,24,31 Windowsnetworkadapters, installing,59–60 wirelesshardwareoverview,20 WirelessNetworkConnection icon,SystemTray,61 WirelessNetworkTroubleshooting Webpage,156 wirelessnetworksandnetworking 2.4GHzband,5 5GHzband,5 adhocnetworks(Seeadhoc networks) airbornewirelessbroadband,54–56 basicprinciples,3 bridgingbetweennetworks(See bridges) computersecurity(Seesecurityof computersystems) connectingtowirednetworks(See bridges) datasecurity(Seesecurityofdata) datatransmissionmethods,6–7 failures(Seetroubleshooting; troubleshootingprocess) finding(Seefindingwireless networks) history,xviii–ixx,9–10 hotspotnetworks,41–42 IEEEstandards(Seeentries beginningwith“802”) infrarednetworks,4–5 long-range(Seelong-rangewirelessnetworks) meshnetworks,49–51,443–444 networksecurity(Seesecurityof networks)
problemsolving(Seetroubleshooting;troubleshooting process) satellite-basedwirelessnetworking, 56 security(Seesecurity) smalloffices(Seesmalloffice networks) systemsecurity(Seesecurityof computersystems) troubleshooting(Seetroubleshooting;troubleshooting process) ultrawideband,52–54 unlicensedspectrum,4 WirelessNetworkTroubleshooting Webpage,156 WirelessNodeDatabaseProject, 339 WirelessPersonalAreaNetwork (WPAN)WorkingGroup,36 wirelessrepeaters.Seerepeaters WirelessSecurityCorporation, 270 wirelessstandards.Seestandards wireless/wirelessbridging,22 WirelessZeroConfiguration service,restarting,158 WirelessDriver,96 WISPs.Seealsoaggregators airbornewirelessbroadband,54–56 AirpathWireless,344 becomingaWISP,399 BoingoWireless,322,343, 346–348,352,358–363 CometaNetworks,344 costofWi-Fiaccess,343 customsoftwarepackages,357–358 directoriesofWISPs,398 extendinghigh-speedInternet access,396–401 FatPort,344 finding,398–399 hotspotservices,creating,347 iPass,348,363–368 locating,398–399 long-rangewirelessInternet connections,396–401 NetNearU,344 O2Connect,340 OSS(operationssupportsystems), 347
overview,342–343 ProntoNetworks,344 satellite-basedInternetaccess,399 sitechecks,400 STSN,345 SurfandSip,345 T-MobileHotSpot,343,345,370 Wayport,345 WLANs(wirelesslocalarea networks).Seewirelessnetworks andnetworking WorkingGrouponWireless BroadbandAcessStandards, 46–47 worms,293,326,327–328 WPAauthenticationandencryption.SeealsoWEPauthenticationandencryption 802.11istandard,45 availabilityinnetworkingequipment,301–302
Index improvementsoverWEP,301 in802.1Xauthenticationprotocol, 269 patchforWindowsXP,61,64 protectinglocaltraffic,262–263 troubleshootingnetworkconnectivity,160–161,276 upgradestoWEPhardware,302 wirelessgatewaysupport,187 WPAN(WirelessPersonalArea Network)WorkingGroup,36 WPG-11WirelessPresentation Gateway,233 WPG-12WirelessPresentation Player,233 WyndhamHotelsandResorts,352
X
X10videocameras,223 Xdrive,383
XP.SeeWindowsXP XTNDXMIToption,POP protocol,382
Y
yagiantennas,412 YDIWireless,257,419
Z
ZEROCONFprotocol,464–465 Zigbee,36 zombies,293,326 ZoneAlarmPro,329
533