Difference between revisions of "Wireless Networking"


From Knoppix Documentation Wiki
Jump to: navigation, search
(General Information On Wireless Card Setup Under Knoppix)
(added note about wifi firmware issue)
Line 41: Line 41:
  
 
Linux support for wifi equipment at this time seems to be much better for PCMCIA (PC) cards and for PCI cards than for USB devices. USB adds an extra level of complexity, and USB isn't really well suited for networking, even though this equipment is widely available. Users would be well advised to select types of network interfaces other than USB. Also, the support there is tends to be better for older 802.11b equipment than 802.11g and newer equipment, but 802.11g support is reported to be improving.
 
Linux support for wifi equipment at this time seems to be much better for PCMCIA (PC) cards and for PCI cards than for USB devices. USB adds an extra level of complexity, and USB isn't really well suited for networking, even though this equipment is widely available. Users would be well advised to select types of network interfaces other than USB. Also, the support there is tends to be better for older 802.11b equipment than 802.11g and newer equipment, but 802.11g support is reported to be improving.
 +
 +
Still, there is another major setback for Linux wifi drivers, and even some newer wired nics as well as likely other hardware: manufacturers are starting to include firmware not on the card but in the driver to be downloaded to the card at boot time. The good part of this is that the firmware can be easily updated. There are many bad parts though, the key one here being that the official drivers are only released for Windows and the manufacturers will often not allow the copyrighted firmware to be included in a Linux 3rd party driver. So now developers have a new major hurdel to overcome, not only figure out without documentation how to interact with the NIC, but also how to write firmware for undocumented hardware and perhaps an unknown instruction set. There have been several articles on this recently, you can find one of them at http://www.thejemreport.com/mambo/content/view/293/ . The bottom line is that hardware that takes this approach and doesn't support Linux on it's own is unlikely to be supported by the developer community in the future. Don't buy the wrong stuff and then complain about this or say negative things about Linux because you bought propritary Windows-only hardware. Support vendors who support Linux.
  
 
==== Wireless Networking Security Issues ====
 
==== Wireless Networking Security Issues ====

Revision as of 22:26, 12 January 2007

Wireless Networking Overview

Wireless networking (or Wi-Fi) allows you to network computers and related equipment (print servers, cameras, and other devices that connect by Ethernet) without the need to run wires between equipment.

Advantages:

  • greater flexibility in equipment location
  • no need to run network cable throughout your building
  • ease of moving equipment
  • easy and clean to add new users (such as at a Wi-Fi enabled "Hot Spot" coffee shop or airport terminal)

Disadvantages:

  • extra cost
  • slower speed than wired connections
  • connections are usually not as reliable
  • interference from other equipment including cordless phones and microwave ovens
  • security issues
  • extra complexity setting up the wireless network
  • extra power usage in a notebook (usually significantly reducing battery life per charge)
  • manufacturers usually not releasing open source drivers for Linux or even specs for the wireless chips that would allow developers to write free, high-quality drivers

There are many versions of Wi-Fi equipment available. Common versions are 802.11b, a standard that runs at 11 Mb/s and 802.11g, which runs at 54 Mb/s. 802.11g equipment can also work with 802.11b, although when you mix them the entire network often slows to the 802.11b speed. Both 802.11b and 802.11g equipment works on the unlicensed 2.4 GHz band, a band that is frequently used by cordless phones, and is close in frequency to the frequency of microwave ovens. There is another standard, 802.11a, that uses a different (higher) frequency band. 802.11a equipment is not usually found in the home consumer market. There are also many newer proposed standards, with many manufacturers offering faster next-generation equipment even before these standards are finalized. There are also other wireless technologies used for other things, such as Bluetooth and wireless mice and keyboards, which are beyond the scope of this Wiki article.

The range of Wi-Fi connections varies greatly with the equipment used and the location, but is typically 50 to 100 feet. It is greater outdoors, usually less in a building with many walls or transmitting through floors. Even minor changes in transmitter and/or receiver location can significantly affect reception. Frequently users in apartment complexes will find that they can receive signals from other Wi-Fi users, or that their own signals can be received by others. It may be necessary to try different channels with the Wi-Fi equipment to avoid interference.

Wi-Fi equipment uses the same band but not the exact same channels in different countries. If you travel with wireless equipment you may still be able to connect to Wi-Fi equipment when outside your country. You should check that your equipment is not operating on channels that are reserved or otherwise illegal to use in that country.

802.11b tends to be less expensive than 802.11g. It is slower, but at 11 Mb/s it is still faster than most users' Internet connection. If you plan on using wireless networking mainly for Internet access this may be a non-issue. Older 802.11b equipment is also usually much better supported in Linux than 802.11g, when it is supported at all.

To set up a wireless network you need a wireless network interface adapter (NIC) for each computer that will not have a wired Ethernet connection. You should expect to also need a wireless router that the wireless computers will all connect to and that will connect to your Internet modem. There are devices called "access points" that can be attached to an existing network that includes one or more routers, but an access point without a router is not enough. The Internet modem must support an Ethernet connection to attach to a router. You can not attach an Internet modem with a cheap USB-only connection to a router. Home routers, even wireless routers, have dropped in price recently and are now very affordable.

Linux Wireless Network Issues

Unfortunately, most Wireless card makers and even the chip makers who make many of the integrated circuits used in the wireless adapters are not releasing programming information for how their cards and chips work. Many manufacturers are also only releasing software drivers for their products for the Windows operating systems. That has caused problems and delays in Linux's support of wifi devices. If the software developers who do networking support for Linux had good programming spefications for these devices we would not only have good drivers for them, but would likely also have software that can use them for other interesting and unique applications, since there seems to be a lot of software control of these programable radio devices.

Some software drivers have been released for some devices. Occasionally a manufacturer may even claim the driver is "open source", but the source code is not available and the driver that is available is released only as a pre-compiled module. Often these drivers are unreasonably large and their size would prevent many of them from being incorporated into the Knoppix CD.

With the above said, Knoppix is improving in it's ability to detect and support wireless devices. If the device you own does not work with the ciurrent Knoppix release, be sure to check it as future releases come out.

For cards where there has only been a Windows driver released, another approach that has been tried is to use special translation software that will allow software drivers written for Windows to run in the Linux operating system. This translation software is named ndiswrapper. With ndiswrapper you can attempt to load a driver written for Windows and run your card under Linux. Recent versions of Knoppix do include ndiswrapper, but they do not include the Windows drivers, so you will need the Windows driver for your device to try to use this approach. Some users have had good results with ndiswrapper, other times the Windows driver will not work with it. There is a list of cards and drivers that are reported to work with ndiswrapper at http://ndiswrapper.sourceforge.net/mediawiki/index.php/List

Linux support for wifi equipment at this time seems to be much better for PCMCIA (PC) cards and for PCI cards than for USB devices. USB adds an extra level of complexity, and USB isn't really well suited for networking, even though this equipment is widely available. Users would be well advised to select types of network interfaces other than USB. Also, the support there is tends to be better for older 802.11b equipment than 802.11g and newer equipment, but 802.11g support is reported to be improving.

Still, there is another major setback for Linux wifi drivers, and even some newer wired nics as well as likely other hardware: manufacturers are starting to include firmware not on the card but in the driver to be downloaded to the card at boot time. The good part of this is that the firmware can be easily updated. There are many bad parts though, the key one here being that the official drivers are only released for Windows and the manufacturers will often not allow the copyrighted firmware to be included in a Linux 3rd party driver. So now developers have a new major hurdel to overcome, not only figure out without documentation how to interact with the NIC, but also how to write firmware for undocumented hardware and perhaps an unknown instruction set. There have been several articles on this recently, you can find one of them at http://www.thejemreport.com/mambo/content/view/293/ . The bottom line is that hardware that takes this approach and doesn't support Linux on it's own is unlikely to be supported by the developer community in the future. Don't buy the wrong stuff and then complain about this or say negative things about Linux because you bought propritary Windows-only hardware. Support vendors who support Linux.

Wireless Networking Security Issues

When running a wireless network, you should be aware that your system is more vulnerable to attack than with a wireless network, and that information that you send may be seen by others. Other computers on the wireless network, even computers on wired connections, may be attacked by someone coming in on the local wireless network, and these attacks are not prevented by incoming attack blocking in your router. Also users often have local firewall rules set up to treat attackers who show up as local addresses as "trusted". Attackers to your local network may send spam from your connection, may search your system for banking and other financial information, or may plant viruses and back doors to give them remote control of your system later.

This article is only an overview and readers are encouraged to read their equipment manuals, and use Google and other Internet resources to read further on the concepts mentioned here if they are not already well aquainted with them.

WEP and WPA

A common and important security concern is to encrypt the network. With encryption enabled, others cannot connect to your network unless they have the same security key set in their equipment. And they can not look at packets that you transmit and easily see private information in them, such as passwords or bank information. The first standard for wireless encryption was called WEP, which stands for Wired Equivalent Privacy. WEP is still in wide use today and is the only encryption available on some 802.11b equipment. Unfortunately, due to some design flaws, WEP can be easily cracked. While some estimates claim that it my take capturing data for up to 24 hours before a hacker has enough data to crack WEP, there have been many demonstrations where it has been cracked in even far less time. WEP should be considered a "better than nothing" approach, but not much better. WPA (Wifi Protected Access) and WPA2 are now considered better encryption systems. They gain their improved security by automatically changing the keys used as wifi packets are exchanged. Still, no Wifi system should be considered completely secure and users should always pay extra attention to network security and take extra precautions when using wifi. Don't set your software firewalls to make all local IP addresses trusted, for example. And be alert to extra network activity. Some users even run an application on one computer on the local network that watches for new connections and alert the owner when any new network activity is seen.

MAC address control

Many wireless routers have a feature that limits wireless access (or all access) by the hardware MAC address built into the network cards. While this may help improve security to a small extent, be aware that any determined hacker can send you packets with a MAC address that you trust in them. And understand that if a hacker can watch your packets and pick out passwords, banking info or other private information from them, they do not even need to send anything into your network to compromise your wireless system.

SSID

Routers often have a feature that allows then to not broadcast the SSID or network ID that distinguished one network from another. This has led some poorly informed people to advise others to turn off SSID broadcasts to "make their networks more secure". This does not secure your network in any way, the SSID is still sent in all packets on the network and can be quickly determined. Turning off SSID broadcast can actually have a negative effect on your network.

Router passwords

Most or all routers have a web interface and software setup feature. Access to this feature is controlled by a password. The default values for these passwords are well known by hackers (they are sometimes even blank) and you should always change the password to some secure password (don't use common passwords such as a pet's name). It is easy for a hacker to see what type of router you have and try to gain access by default passwords and other known exploits. If a hacker can gain access to your router they can do a lot of additional damage, including deleting logs that show any trace of their activity, or even locking the owner out of their own network.

Additional information

Unfortunately, many wireless routers are run in default unsecure modes. Hackers known as "wardrivers" can often drive around neighborhoods and find more than half of the routers in a neighborhood are wide open. And there are many cases of people accidentally connecting to the wrong network because both neighbors used default settings on their equipment. It is a very good idea to secure your network, both to discourage the casual wardriver (who will likely just move to an unsecured system) and to prevent accidental use by a neighbor that might get you into trouble with the RIAA or MPAA or your own ISP.

When first setting up a wireless connection in Knoppix it can be handy to disable WEP or WPA encryption if this is reasonablly safe to do so at your location. After you get networking working without encryption then enable encryption on both ends and get that working. But never leave the network encryption disabled for extended periods of time. And for improved safely, it may be wise to shut down or disconnect from the network all other computers on the network, wireless and wired, until encryption is re-enabled.

It should aso be apparent from the above discussion that if you access your e-mail from a wireless "hot spot" such as at a coffe shop or an airport terminal, that hackers can be watching and learn your account name and password. Making on-line purchases, doing on-link banking or other activity that exposes private account information is also extremely dangerous when using any wireless network.

General Information On Wireless Card Setup Under Knoppix

This is a stub for this section, to be added shortly NdisWrapper: This seems to be a way many people are useing windows drivers to run their wireless equipment. This is done to allow Linux to talk through a wrapper that emulates windows calls to the windows driver. It asks for the driver X.inf and maby X.sys Then 2 other things ...id and wep key.

If instructions of what to enter into these fileds and where to find it and what version of knoppix the GUI interface being used is found and maby a genaric BA shell interface for doing this.


The below sections are specific information on specific make and models of Wireless Networking Adapters and information we currently have on if they are supported in Knoppix or not. Please add your results with your card to the list, and please try to keep the list in alphabetical order. Please do not post questions about wireless adapters here, those should be submitted in the Networking Forum.

Belkin

Belkin 802.11b 11Mbps PCMCIA card F5D6020

This 802.11b pcmcia card (pc card) was detected by Knoppix 3.7 (maybe by prior versions too), but I could not get it to operate properly. Starting with Knoppix 3.8.1 it was detected and worked perfectly. ndiswrapper is not needed. My card is marked ver. 2101 on the box. If your card is not ver. 2101 it may or may not use a different chip set.

D-Link

Here is a link to a D-link page that claims to tell you which D-link cards have "open source" drivers and which do not.

http://support.dlink.com/faq/view.asp?prod_id=357&question=General%20Wireless

However, it is worth mentioning that in most or all of these cases the drivers are not really "open source", they are precompiled modules that the source code is not available for. And in some cases they are insanely bloated, the "driver" for my card is about 2 megs in size just for a driver! Note that not all of these cards are supported by Knoppix and it is extremely unlikely that even if the license permits it that a sepcific card driver will ever be included in Knoppix if it is several megs in size.

D-Link DWL-650

This is a very common and inexpensive 801.11b pcmcai card offered by D-link. Unfortunately, D-Link has actually released a number of different versions of this card that use completely different chipsets from different intigrated circuit manufacturers all under the same model number. The D-Link website can be used to identify which version you have, but the version number may not be marked on the outside of the box when you buy this card, so it may be a problem to find one that works under Knoppix.

There are reports that some versions of this card are detected and work under Knoppix. See this thread in the forums: http://www.knoppix.net/forum/viewtopic.php?t=19759&highlight=dwl650 However, I have two DWL-650 cards and so far they have not been detected by Knoppix.

D-Link DWL-G650

This section detais how to get this card working with WPA-PSK enabled. All you need to do is follow three easy steps.

1. Configure wpa_supplicant by creating a configuration file. The configuration file should like something like this

  network={
     ssid="qshot"
     scan_ssid=0
     proto=WPA
     key_mgmt=WPA-PSK
     psk=20d57f08127c079f599df23a13513c8708028b73d49860c9b3b7d00b3a8c1a96
  }

The psk variable value is obtained by running the command:

  wpa_passphrase <ssid> <passphrase>

2. Next start wpa_supplicant by invoking the following command:

  wpa_supplicant -D madwifi -c wpa_supplicant.conf -i ath0 

By runnning this command you are able to authenticate with your wireless router.

3. After you have authenticated the final step is to obtain an IP address via DHCP. The command to use is:

  pump -i ath0

At this point you can type ifconfig to verify your IP address assignment.

Orinoco Gold

This was one of the first and best supported wireless 802.11b pcmcia cards under Linux. It is still one of the best cards for compatability, not just with Linux, but with several networking programs that work under Linux like NETstumbler and airsnort. Unfortunately, it tends to be very overpriced and can usually not be found at major retailers, but must be obtained mail order, if available at all.

Linksys

Linksys WPC55AG

Here is a link to a forum discussion about this card: http://www.knoppix.net/forum/viewtopic.php?t=12351

Netgear

Netgear WG111

Configuring the WG111 to use WPA-PSK on a wireless network

This card works very well in Knoppix 3.9 using ndiswrapper, but is as of yet untested in other versions of Knoppix (to my knowledge).

  • Commands:

Assuming that the drivers are on the cd in /dev/cdrom, then

mount /dev/cdrom/ /mnt/cdrom/

Find ndiswrapper configuration under Knoppix->Network/Internet and select netwg111.inf from /mnt/cdrom. After that finishes, create the configuration file that you will need shortly using the following command:

wpa_passphrase MySSIDHere MyPassphraseHere > /home/knoppix/wpa_supplicant.conf 

Now, use your favorite text editor (if you don't have one, try Kate under the menu item Editors) and edit the /home/knoppix/wpa_supplicant.conf you just created (see sample below).

With that completed, run the following command. Warning: As it is, the command will monopolize your current command window with potentially useful debugging output, including your encryption key; add -B if you would rather run it in the background (useful when you know it works already), remove -K to hide your key.

sudo wpa_supplicant -ddKt -i wlan0 -c /home/knoppix/wpa_supplicant.conf -Dndiswrapper

The following grabs an IP address if you use DHCP from your router.

sudo pump -i wlan0

And finally, tell Knoppix where to go to find the internet.

sudo route add default gw <Gateway/Router IP address here> 
  • wpa_supplicant.conf

Note: the bold lines were added in the editing steps for my Linksys WRT54G Router to accept the card. See the Useful Links at the end for a full explanation of all options that can be put in here.

ctrl_interface=/home/knoppix/wpa_supplicant
eapol_version=1
ap_scan=1
network={
ssid="MySSIDHere"
scan_ssid=1
#psk="MyPassphraseHere"
psk=hex representation of the passphrase
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
group=TKIP
}
  • Useful Links:

Wireless card success story (where I located the pump command)

Example wpa_supplicant.conf with full explanations and various configurations

-bobeltomate

Netgear WG311 v2 PCI

See this article in the forum: http://www.knoppix.net/forum/viewtopic.php?p=90075#90075