If they aren't bridged, they're probably routed. Then, if each segment has a unique IP address space, it should just work. But if each segment has the same IP address space, the main problem won't be IP conflicts but rather IP routing issues. The IP stack will treat it as Layer 2 but it needs to be treated as Layer 3. I assume that's the "other problems" mentioned above.
I think the Nanobridge M2 EIRP is 23 dBm transmit + 3dBi with just the naked feedhorn antenna, which would be well below the legal gain limit of 36dBm for point-to-point WiFi transmission.
I think it's 36dBm EIRP as the limit, so, with the additional 15dBm with the reflector dish, I suspect Ubuiquiti will throttle the output so that you won't get the total possible 23dBm + 18dBi = 41 dBm.
Ubiquiti would get in trouble if they didn't automagically limit you to the 36dBm legal limit - so - I agree with you that they probably lower the gain secretly, without telling you.
Plus, everything is + or - 2dB anyway, so, it could be as low as
21dBm + 16dBi = 37dBm which is just about at the legal limit of
4 Watts anyway, without any throttling by the vendor.
Ummm, not exactly. +36 dBm (4 watts) EIRP is the limit with an omni directional antenna. For point to point, the FCC allows more tx power. For point to point, for every 1 dB of directional antenna gain over +6 dBi, the transmit power need only be reduced 1/3 dB. Rather than do the math, I just remember that for a 24 dBi antenna, the maximum tx power is 24 dBm (0.25 watts) with an EIRP of: 24 dBm + 24 dBi = 48 dBm (63 watts).
Could you talk a little more about how this is problematic? For example, do you only run into problems when administering two or more units, and if so, isn't there an easy way to differentiate one unit from another so you always know which unit you're accessing? I haven't played with any ubnt equipment but I'm very impressed by what I've read.
The issue is more that when a mobile device jumps from one access point to another (with the same SSID), it'll attempt to re-use it's existing IP and ARP the default gateway. If the default gateway has the expected MAC address it's assumed to be the same network and the device can proceed as though nothing changed.
If the APR test succeeds, the total network interruption time is that of one ARP lookup, which is probably on the order of 100ms-200ms, which is barely noticed by the user. Small networks will be even faster, obviously.
If the ARP fails, or returns a different MAC address, the device will silently drop it's IP and start a new DHCP request. This is fine, but it will cause a momentary interruption in traffic from the user's perspective, possibly lasting long enough to generate application level errors. In this case, using a different SSID is better because a smart device may track past DHCP allocations and use the quick-start process described above when returning to a SSID it recognizes, within it's original DHCP lifespan.
Most linux OSs have a gui so as to avoid the iws type commands. KDE for sure. I haven't run gnome in a long time.
We've been through this before on the forum, and it is monitor mode. I already forgot the difference with promiscuous mode.
If you are going to connect to the access point, there is no need to be stealthy. Well presuming you aren't hacking.
The deal with Kismet is you fire it up and let it log for a long time. Some people turn off their routers routinely. Or they turn off their router if leaving town for a while. Site surveys in theory should be something you do in 5 minutes, though in 5 minutes you can often spot a lot of problems.
Obviously the kismet logging is more useful when mobile, especially with the GPS daemon running.
Once you have run kismet, netstumbler will seem kind of silly. To my recollection, netstumbler doesn't even see wifi probing, unless it has been modified. The probe is a way of alerting you that there are wifi clients within range, even if not connected to an access point. The vast majority of the public just leaves wifi enabled all the time, so as soon as they turn on a notebook or phone, they start to look for previous access points. I've been tempted to set up my notebook to look like a starbucks SSID, park by a busy but not too fast road (or any urban highway during rush hour) and see how many phones will try to connect to me. I'm sure this had been done already.
I suspect there is a DoD version of Kismet just to find illegal wifi on base. Supposedly no DoD network can have wifi, though there are exceptions. Some bases have an wifi scheme where aircraft mechanics can request parts via wifi. And of course the BX/PX can have wifi. But that
5.8GHz wifi is just too close to UAV frequencies. If you search of WIPS versus WISP, you can see the detection toys. (Wireless intrusion protection system)
Most devices that you put on the main these days have offline switchers. They just square up the voltage on the mains (which could be PG&E or your inverter). But the flat pulses out of the inverter stress components more than the clean sine wave. So you might fry the power supply. You will find people who swear this isn't a problem, and you will find people that have fried gear with a cheap inverter. It is a matter of running into a device that can't take the strain. [Not everybody gets a breaded rat in their KFC, but it does happen.]
If you have a old isolation transformer, which were common in the days of analog TV, you can run the cheap ass inverter into the isolation transformer. It will buzz a bit, and the output is just less ugly, not really a sine wave.
I finally got to the point where I bought a good pure sine inverter so if I need to use an expensive instrument in the field, I have suitable power. The so called 12V market is kind of limited in selection.
There are inverter generators that are pretty quiet. Yahama and Honda make them. They have true sine inverters on them. I really wish some forward thinking SUV and/or truck manufacturer would just put one in the engine compartment. Kind of like a APU in a tractor-trailer rig.
Nagios is the one that comes on most linux distributions. The number of plugins is extensive, and more entertaining are the functions. For instance, some can detect if one of your employees has plugged in a game server. Back in the day, putting Doom on the company network was standard procedure in the valley.
Of course...pykismetkml...a name at the tip of my tongue!
On usb, the gpsd daemon is pretty good. It was kind of ugly in the serial port days.
Lots of interesting SSIDs out there. FBISURVEILLANCEVAN all sorts of names with virus in them names not to be used in polite company star trek themes galore, but Klingon based names are the most popular and of course CLICKHEREMOM
I gave a demo of Kismet at 4th street Peets in Berkeley. You would be amazed at how fast people put away a computer when you say "I see a Macbook just signed on." You can also sniff the wifi on the AC Transit buses.
Wireless security could be an oxymoron. I work at putting out a crappy signal. Put the router as low as possible. Adjust the timing to make long distance reception difficult. While we don't have basements around here, there is no shortage of pimple faced kids with all summer to hack you.
I've wondered if there's any access point out there that can handle a larger number of SSIDs mapped to a single VLAN (along with 1-2 others that are mapped to their own VLAN)?
Ideally I'd have one secured internal, one mixed internal-guest, and one honeypot with a bunch of SSIDs on it, all the public ones I can think of.
Unfortunately the gear I can find only handles 4-8 SSIDs, which isn't quite enough for all the defaults I can think of plus whatever others I discover (linksys, dlink, Free Public Wifi, default, Apple Store, shawopen, guest, plus whatever Tim Hortons and McDonalds use)
Why? For giggles :) But I'll be nice and provide a bit of free connectivity on these SSIDs.
Driftnet sounds like a winner. You'd probably have to use it at a coffee house near a college or high school to actually catch anything. I've sent the occasion hot chick in the coffee shop photo to a friend, but I'm on BIS, which makes me sniff proof.
BTW, rather than using things like puppy linux, which kind of dead ends, Suse made JEOS. It is also on Opensuse, the free Suse. JEOS stands for "just enough operating system." I've used it on Arm. Since Redhat ended up being the defacto server platform, Suse ended up in cash registers and other embedded products. As a money machine, Redhat looks unbeatable. Suse is about a quarter the size.
Is 16 radios, 2 bands, and about 1000 users enough? VLAN support can be per user, which allows for some load balancing (useful for sports events, auditoriums, events, etc). You can put priority users on a fast VLAN, and dump visitors on a slow VLAN. However, normally there's each SSID is mapped to a separate VLAN. I think (not sure) that each VLAN will support either 2 or 4 SSID's, but I'm too lazy to dig for the specifics.
You don't want to know the price. (Old price list):
Yep, that's exactly what it does.
Sigh. I've created a monster.
I think that is called the start of a "man in the middle" exploit. Has some my evil intentions and diabolical schemes rubbed off on you?
You mean like a standard? Fat chance. I have to monitor a few security cameras at mountain top radio sites. I haven't seen anything that looks like a usable standard. To screw things up, quite a few security camera servers use some kind of Microsoft API that requires installing an Active X control and Internet Exploder to view. Retch. Of the more sane protocols, Motion JPG and AVI seem to be the most popular among the security cameras. For HDTV, there's various mutations of MPEG-4. For every video CODEC, there's a camera server vendor that will try to stream it.
As an added bonus, most video CODEC's are rate adaptive in that they will adjust their frame rate or compression level to accomodate variations in channel bandwidth. What that really means is that no matter what the available bandwidth, the video server will try to take it all.