Configuring Wireless Networks


Although wired network cards are pretty easy to configure, wireless cards usually pose some problems. For example, many wireless cards only include Windows drivers, not Linux. Without drivers, there is no way to use the hardware. Fortunately, ndiswrapper enables you to use some Windows drivers under Ubuntu!

Assuming you have a working wireless network card, configuring new wireless network configurations is not always automatic. Also, WEP, WAP, and other wireless security protocols can be hard to configure.

Looking for Drivers

Wireless network drivers can come from many different sources. Some network interface cards (NICs) are identified during the Ubuntu installation and immediately installed. These include the Intel ipw2100 and ipw2200, Cisco Aironet cards, and NICs based on the Prism chipsets (for example, Prism 2, 2.5, and 3). If you go to System image from book Administration image from book Networking and see your wireless card listed, then it is already supported and ready for configuration. You can just jump to the "Hacking with Wireless Tools" section.

Note 

While some manufacturers provide wireless network drivers for Ubuntu (for example, Intel), other drivers have been reverse-engineered. For example, the Broadcom drivers were built by people in the open source community and not by Broadcom.

If the wireless NIC is not supported by the base installation, consider using apt-cache to search for an appropriate Ubuntu driver. (See Chapter 4 for using apt-cache.) You may need to search based on the wireless card's chipset and not the NIC's model number or manufacturer. For example, the Madwifi driver in the linux-restricted-modules package (apt-cache search linux-restricted-modules) provides support for Atheros-based adapters. Atheros-based wireless adapters are found in many laptops as well as NICs by 3Com, D-Link, Netgear, and many other manufacturers.

Warning 

Be sure to install the correct linux-restricted-modules package for your kernel. Use sudo aptget install linux-restricted-modules-‘uname -r‘. Since this comes from the restricted repository, the drivers are not necessarily free or open source.

If all else fails and you cannot find a native Linux driver for your wireless card (and purchasing a natively supported wireless NIC is not a viable option), then you can try using ndiswrapper to use the Microsoft Windows driver under Ubuntu.

Using ndiswrapper

Chapter 6 discusses some different emulators that work under Ubuntu. Using these emulators, you can install an entire operating system in a virtual environment. However, everything in the virtual environment stays in the virtual environment. In contrast, the Network Driver Interface Specification wrapper (ndiswrapper) program enables you to install some network drivers for Microsoft Windows in your actual Linux environment. The wrapper provides enough emulation to support Windows device drivers.

Warning 

Using ndiswrapper may hang your computer! Save all critical files and close all unnecessary processes before attempting to install any drivers using this tool.

Installing a Driver

Before installing a Windows driver under Linux, you need a few things.

  • Install ndiswrapper-This can be installed using sudo apt-get install ndis- wrapper-utils. This will give you the ndiswrapper program as well as a loadable kernel module.

  • Get the Windows driver-The ndiswrapper tool works only with Microsoft Windows XP drivers. If you have drivers for Windows 95, 98, or ME (or some other version), then it won't work unless it also says that the driver will work with Windows XP. If you don't have the Windows XP driver, then you can stop here because it won't work.

  • Unpacked INF files-Most Windows drivers come bundled in a self-extracting archive. You'll need to extract the files before you can use them. Try using unzip to expand a self-extracting zip file, cabextract for Windows Cabinet files, or unshield for unpacking Install Shield files. You can install these tools using:

     sudo apt-get install unzip cabextract unshield 
  • You will know that you have extracted the right files if you see an INF file and some device drivers (likely SYS files). You can check for them using:

     find . -type f -name '*.inf' -o -name '*.INF' 

After you have gathered the necessary programs and files, you can install the drivers.

  1. If the device is an external USB device, then disconnect it before installing the drivers. Some drivers may hang the operating system if the device is installed before the drivers.

  2. Find the INF files needed to install the program. In my case, there are two files needed, although other network devices may only need one INF file.

     $ find . -name '*.inf' -o -name '*.INF' ./athfmwdl.inf ./net5523.inf 
  3. Use ndiswrapper to install the files. For my USB network adapter, there were two drivers that needed to be installed, and they needed to be installed in a specific order (see "Debugging Driver Problems").

     sudo ndiswrapper -i ./net5523.inf sudo ndiswrapper -i ./athfmwdl.inf 
  4. Load the kernel module.

     sudo modprobe ndiswrapper 
  5. If the device needs to be plugged in (for example, a USB network adaptor), then plug it in now.

    Warning 

    If the system is going to lock up and hang, it will do it here. If it hangs, then go to the next section, "Debugging Driver Problems."

  6. If you made it this far, then it didn't hang (that's great!). Use ifconfig -a to list all network devices. You should see a device called wlan0-this is the default name given to ndiswrapper devices. You can then configure it using System image from book Administration image from book Networking.

  7. To automatically start ndiswrapper on boot, add the kernel module to /etc/modules.

     sudo bash -c 'echo "ndiswrapper" >> /etc/modules' 

A graphical alternative to using the command line ndiswrapper is ndisgtk.

 sudo apt-get install ndisgtk sudo ndisgtk 

This tool offers a front end to ndiswrapper and makes it a little easier to install devices (see Figure 11-2). You can also click the Configure Network button to quickly open the Network Settings applet.

image from book
Figure 11-2: The ndisgtk interface

Debugging Driver Problems

Installing a driver with ndiswrapper is fairly straightforward, although there are a few places where things can go very bad. If the drivers are going to hang the computer, then it will likely happen when the kernel module is loaded or when the device is plugged in. However, drivers may also cause your system to hang when the devices are unloaded or detached, or when resuming after being suspended (like on a laptop).

If the drivers are not working for you, then you can try the following:

  • Unload the drivers-If the drivers hang your system, then you should probably unload them.

    • Reboot the system (usually with the front panel's reset button since the computer probably hangs).

    • When Ubuntu begins to come up, press Alt+F1 so you can see all of the init steps as they happen.

    • When you see the text "Configuring network interfaces," press Ctrl+C. This will skip the network configuration. As long as the network does not configure, the NDIS drivers will not load and the system will not hang. If you don't stop it here, then the system will hang again.

    • Allow the rest of the initialization stages to come up.

    • Log into the system.

    • Use ndiswrapper -l to list each of the loaded drivers.

    • Use ndiswrapper -e to erase (remove) the offending driver. For example, you can use:

       $ ndiswrapper -l Installed ndis drivers: athfmwdl                driver present net5523         driver present, hardware present $ sudo ndiswrapper -e net5523 
  1. Reboot the system (sudo reboot) and allow it to come up completely.

Tip 

For some USB network devices, simply unplugging the device and rebooting the system enables you to boot without hanging. In this case, you only need to remove the devices (ndiswrapper -e) and do not need to reboot the system a second time.

  • Check the drivers-In some cases, there may be newer or more stable Windows XP drivers available. Also, drivers from compatible network devices may work better than official ones from the manufacturer.

  • Check official forums-The ndiswrapper tool is very well supported and there are hundreds of network interfaces that are documented as being compatible, incompatible, or requiring additional steps. Visit http://ndiswrapper.sourceforge.net/mediawiki/ for tips and hints for specific cards. In many cases, this forum also provides links to the actual Windows drivers, ensuring that you are installing the right one.

  • Check for compatible devices-Many manufacturers may use the same chipsets in different cards. Using lsusb or lspci -n, identify your four-byte unique identifier for your network adapter. It should look something like "0123:89ab" (although the exact hex numbers will be different). Check the official forums for the identifier and see if any other devices use the same drivers. For example, the EnGenius EUB-862 uses the same chipset as the Airlink101 (both use the USB identifier "0cf3:0001"). Although the Windows drivers that came with the EUB-862 consistently hung my system, the drivers for the Airlink101 worked well.

Hacking with Wireless Tools

Ubuntu includes many different tools for configuring the network. The most important ones are iwconfig and iwlist. Using these, you can configure and reconfigure most wireless options.

The iwconfig command is used to configure wireless devices. When used by itself, it lists every network device and, if it is a wireless device, the current configuration. For example:

 $ iwconfig lo        no wireless extensions. eth0      no wireless extensions. sit0      no wireless extensions. wlan0     IEEE 802.11b  ESSID:"My SSID"           Mode:Managed  Frequency:2.437 GHz  Access Point: Not-Associated           Bit Rate:108 Mb/s           Power Management min timeout:0us  mode:All packets received           Link Quality:0  Signal level:0  Noise level:0           Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0           Tx excessive retries:0  Invalid misc:0   Missed beacon:0 

Using the iwlist command, you can scan for available access points (APs), as demonstrated in Listing 11-2.

Listing 11-2: Example iwlist Scan

image from book
     $ sudo iwlist wlan0 scan     wlan0     Scan completed :               Cell 01 - Address: 00:18:39:CC:F8:C7                         ESSID:"logo1"                         Protocol:IEEE 802.11g                         Mode:Managed                         Frequency:2.412 GHz (Channel 1)              Quality:0/100  Signal level:-87 dBm  Noise level:-256 dBm              Encryption key:on              Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s                        24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s                        12 Mb/s; 48 Mb/s              Extra:bcn_int=100              Extra:atim=0              Extra:wpa_ie=3d180050f21101020050f21201002050f20211002050f20     Cell 02 - Address: 00:14:BF:9B:CA:D3              ESSID:"My SSID"              Protocol:IEEE 802.11g              Mode:Managed              Frequency:2.437 GHz (Channel 6)              Quality:0/100  Signal level:-36 dBm  Noise level:-256 dBm              Encryption key:on              Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s                        24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s                        12 Mb/s; 48 Mb/s              Extra:bcn_int=1000              Extra:atim=0     Cell 03 - Address: 00:18:39:2C:2B:51              ESSID:"linksys"              Protocol:IEEE 802.11g              Mode:Managed              Frequency:2.437 GHz (Channel 6)              Quality:0/100  Signal level:-85 dBm  Noise level:-256 dBm              Encryption key:off              Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s                        24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s                        12 Mb/s; 48 Mb/s              Extra:bcn_int=100              Extra:atim=0 
image from book

Tip 

When used as a regular user, iwscan wlan0 scan will only display previous results. These may expire after a few minutes. However, if you run the command as root, it will initiate a new scan.

The example in Listing 11-2 shows a scan from iwlist. In the example, there are three APs that are within range of the Ubuntu system. You can combine the results from iwlist with iwconfig and connect to a specific AP. For example:

 sudo iwconfig essid "My SSID"           # connect to an AP using the SSID sudo iwconfig essid "My SSID" channel 6 # connect to SSID on a specific channel 

Enabling Wireless Security with WEP

The Wired Equivalent Privacy (WEP) protocol is a common method for encrypting wireless connections. The iwconfig program allows you to specify the physical connection. It also allows you to provide a WEP key for connecting to an AP. This can be specified on the command line as a series of hex digits or as a string. Table 11-2 shows some of the common key formats.

Table 11-2: Example iwconfig Key Formats
Open table as spreadsheet

Example

Description

iwconfig wlan0 key 0123456789

Specify a 10-digit (hexadecimal) key for 64-bit WEP.

iwconfig wlan0 key 0123-4567-89ab-cdef-0123-4567-89

Specify a 26-digit (hexadecimal) key for 104-bit WEP. Hyphens are optional.

iwconfig wlan0 key ‘s:Secret Key’

An ASCII string can be used as the key if it is prefaced by an "s:". Be sure to quote the string if it has spaces.

Note 

Although it has some security weaknesses, WEP is universally available and certainly better than using no security.

The key value for iwconfig can also be placed in the /etc/networking/interfaces file. In addition, you can specify multiple keys-if one key does not work, then it will try the next one. Multiple keys can be really useful if your home and office use the same SSID but different keys. (Or if your office has meeting rooms, each with the same SSID but different keys.) For example, to specify three keys and set the default to be #2, you could have lines similar to these in your /etc/networking/interfaces file:

 auto wlan0 iface wlan0 inet dhcp wireless-essid My SSID wireless-key1 0123456789abcdef0123456789 wireless-key2 abcdef0123 wireless-key3 s:Top Secret wireless-defaultkey 2 

Enabling Wireless Security with WPA

Although WEP is certainly better than no security, there are other ways to secure wireless networks. Wi-Fi Protected Access (WPA) is steadily growing in popularity and offers stronger options for privacy and authentication.

  1. To configure WPA, you will need to generate a WPA configuration file. This is done using wpa_passphrase. You will need to provide your SSID and a passphrase, and it will generate a configuration file.

    Tip 

    Specifying the passphrase on the command line (as done in this example) is usually not very secure-particularly if multiple people have access to the computer. If you don't specify the passphrase, you will be prompted for it. (Prompting is much better since the passphrase won't be stored in your shell's history.)

     wpa_passphrase "My SSID" "Secret Password" > tempfile sudo cp tempfile /etc/wpa_supplicant.conf 

    The contents of /etc/wpa_supplicant.conf lists your network's name and the associated WPA key. Although they should be autodetected, some drivers may need to you to add proto and key_mgmt fields. Listing 11-3 shows a sample /etc/wpa_ supplicant.conf file (bold indicates optional fields).

    Listing 11-3: Sample /etc/wpa_supplicant.conf File

    image from book
     network={         ss         #psk="Secret Password"         psk=aa380927bc23c6a736a69fa2b395b442bade145973b3a39c25cee0c9d55b0711         proto=WPA         key_mgmt=WPA-PSK } 
    image from book

    Tip 

    For security on multi-user systems, you should consider removing the #psk line that contains the decoded key and changing the file permissions so it is only accessible by root: sudo chmod 600 /etc/wpa_supplicant.conf ; sudo chown root:root /etc/wpa_supplicant.conf.

  2. After creating the /etc/wpa_supplicant.conf file, you should test it to make sure it works. In this example, the wireless interface is wlan0 and it uses the generic wireless LAN extensions (-D wext). Other possible control extensions are listed in man wpa_ supplicant and include ndiswrapper, ndis, madwifi (for Atheros adapters), and wired for wired Ethernet cards with WPA support.

     sudo wpa_supplicant -D wext -i wlan0 -c/etc/wpa_supplicant.conf 

  3. To make the changes take effect every time the network interface is used, pre-up and post-down scripts can be added to /etc/networking/interfaces. These scripts will start and stop WPA support. For example:

     auto wlan0 iface wlan0 inet dhcp pre-up wpa_supplicant -B -w -D wext -i wlan0 -c/etc/wpa_supplicant.conf post-down killall -q wpa_supplicant 

Note 

The -B option to wpa_supplicant means to run the command in the background. The "-w" option means to wait for the interface to be added in case the wlan0 interface is not immediately available (or created) when the script starts.



Hacking Ubuntu
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: 047010872X
EAN: 2147483647
Year: 2004
Pages: 124
Authors: Neal Krawetz

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net