The OpenAP Project - WINLABsachin/tutorials/The OpenAP Project2.doc  · Web viewThe steps for doing so in MS – DOS are shown in the Tips and Troubleshooting page.) . Most of these

The OpenAP Project

-Dipankar Deb Roy @ WinLab

Contents:1. Introduction

2. Hardware and Software Requirements and Installation Procedures

3. Getting Started

4. Locating a remote client

5. Sniffing

6. Ethereal - a sniffing utility

7. Making your own sniffer programs with libpcap

8. Sniffing and OpenAP

9. Glossary

10. Tips, Troubleshooting and FAQ’s

1

Introduction

This documentation assumes you have no prior knowledge of OpenAP or its related applications and uses. If you are reading this documentation online, I would advise you to open an another window and keep chapter 9 (Glossary) open or even better print it out as a ready reference. Every underlined word in this document is defined and explained in the glossary. So with that bit of knowledge lets get started.

What exactly is OpenAP?OpenAP is an Linux based 802.11b ( Wi-Fi ) access point providing full wireless services, including multipoint to multipoint wireless bridging (802.1d), while at the same time distributing fully standard 802.11b connections to end users. This definition is taken from the official OpenAP site (http://opensource.instant802.com).Our aim in WINLAB however is not only to create a Linux based Wi-Fi access point but to use it for wireless sniffing and monitoring networks and also to work on the parallel project (Kartik’s Cerfcube/Sensor project). We create our sniffing utilities by utilizing Libpcap. However we did try out Ethereal/Tethereal and several other utilities. For a complete novice – The access points we use (described later) come with their own in-built software. Basically we remove it with a procedure called ‘Flashing’ and install Linux in it and also our custom made sniffing utilities using a library called “Libpcap”.

Any Guidelines or resources I have at my disposal?I shall try and keep and updated version of all the OpenAP sources and required tools and Linux kernels. They can be accessed at http://www.winlab.rutgers.edu /~droy. You can of course get and use the same tools from the official OpenAP site, however there are many hurdles to the that path.

Installation procedures The steps below describe how to flash an already created sram image on to the access point. Theoretically the following procedure will work. A personal note here – It is said that this project or any open source project is not for the faint of heart. Hence you should be ready to face all the weird errors OpenAP gives you. My Tips Troubleshooting and FAQ’s chapter should however resolve most problems you have.

Hardware Requirements The following hardware/equipment are required for implementing the project.

An access point based on the Eumitcom WL11000SA-N board.

2

This is the OpenAP hardware platform. Eumitcom WL11000SA-N boards US Robotics (USR 2450) (We tested this at Winlab) SMC EZconnect (2652W) (Not Tested) Addtron (AWS-100) (Not Tested)There may be others based on the Eumitcom board that should work as well, but the three above are known to work with OpenAP. This particular platform has the following specifications: Ethernet Controller -- NE2000 Processor -- AMD ELAN SC400 Flash -- 1 Megabyte RAM -- 4 Megabytes

3

A linearly mapped memory card

(Sram card)This card is used to program the flash chip on the WL11000 board. We use a MagicRAM Industrial SRAM Memory card. The linearly mapped memory card must be 2 megabytes large and readable at 3.3V. You may use a larger memory card, but the OpenAP build process only supports a 2-megabyte image for the card flash by default. From our experience, SRAM memory cards are better supported under Linux than Flash memory cards.

A null modem cable.

(null modem)The null modem cable is used to attach the RS-232 serial interface on the back of the access point, to a computer. On the computer, you may run a terminal program to access the Unix bash shell on the access point.

A software terminal program A terminal program such as Linux Minicom or windows HyperTerminal is used to access the Unix bash shell on the access point, via the null modem cable. Steps/Tutorial on both Minicom and HyperTerminal are described later.

4

The installation instruction :

The following instructions should work ideally. For bugs, problems and fixtures see the troubleshooting pages. These instructions can also be found in the OpenAP site.

If you intend to flash an already compiled sram image on to the board jump to the section to download an image and then flashing the access point.

Laying the groundwork -Getting the sources

Again the following steps are only ideal. So don’t worry if you don’t get it the first time or the ninth time. Go the troubleshooting page. These steps are pretty much detailed and designed for complete novices who have no idea about Linux. So advanced users bear with me.

1. Locate a Linux machine, for which you have “root” access. At Winlab, I used a Red Hat 7.3 Intel machine.

2. Linux has several GUI’s (graphical user interface). I would recommend KDE, as opposed to GNOME. If you just booted in to text mode, at the command prompt >startx

This will start KDE.

3. Open a Shell (on the bottom toolbar, locate a icon which looks like a sea shell).

4. Open Konquerer (KDE’s web browser) or Netscape and go to the site http://www.winlab.rutgers.edu/~droy/OpenAP

5. Download the OpenAP source (openap-0.9.5.tar.gz), in to the src/usr directory. Unzip and untar the sources. >cd /usr/src

>gunzip openap-0.9.5.tar.gz >tar –xvf openap-0.9.5.tar >cd openap-0.9.5

6. Download the Linux kernel 2.4.17 (linux-2.4.17.tar.gz) from the site

mentioned above or the official Linux kernel website (http://www.kernel.org), in the openap-0.9.5 folder. Developers constantly keep updating the software, so to get the updated version of OpenAP source , it is advisable to download the sources, kernel or various files in OpenAP from the CVS. https://savannah.gnu.org/projects/openap/. Instructions on how to download from CVS are given in the link ‘CVS repository’.

5

7. Unzip and untar into the openap-0.9.5 folder>cd /usr/src/openap-0.9.5

>gunzip linux-2.4.17.tar.gz > tar –xvf linux-2.4.17.tar > cd linux

8. Patch the kernel. > cd /usr/src/openap-0.9.5/

> patch -p0 < ./misc/openap-linux-2.4.17.patch

Now you are ready to compile your own sram image. If however you would want to use an already compiled sram image, you can skip the next few steps and just download it from Winlab site or OpenAP site or from several other sites mentioned in the email forum of the OpenAP site.

Generate the sram image

The OpenAP site describes the steps to compilation steps as : make tools make install make bootstrap make sram

I will explain these in detail. Skip the steps if you are familiar with Linux.

The step “make tools” does just that, i.e. make the required tools. However this step doesn’t usually work. Basically it installs the tools in the ‘uclibc’ and ‘misc’ folders.

>cd /usr/src/openap-0.9.5>make tools

If it reports an error as “Are you root”, do this step before the steps just above >su>(type the super user password )

If it still reports errors, go to the troubleshooting page for a list of common errors and/or to manually make the various tools in different folders.

Next step:>make install

The above step will only work if you have the required tools set up.

6

>make bootstrapThis step will create the Image_Final folder with various tools in it and also the flash and flash.md5 (.md5 files are used as checksums). Important point to be noted here- if you have various other tools or utilities to be added to the sram image, do so by compiling the programs using the /usr/i386-linux-uclibc/bin/gcc (assuming they are C programs). They will not run if any other compiler is used.

>make sramThis step creates the sram image, which is used to flash the Eumitcom board.

You might and chances are you will run into a lot of errors and headache during the compilation, look in the Troubleshooting page for help.

Flashing the Access point

Now we come to the point where we flash the newly generated sram image (or of course, the image downloaded) on to the Eumitcom board. These steps are pretty much straightforward and you probably will not have any trouble.

On a personal note, I will suggest you check the sram card . After spending days trying to figure out why my tried and tested procedure didn’t seem to work at all, I finally checked the sram card (just write something in to the sram card and read from it and rename the read info, the file written and read should not have any differences. The steps for doing so in MS – DOS are shown in the Tips and Troubleshooting page.) .Most of these steps were taken from the OpenAP site.

Get your access point

Take off the cover and unscrew the antenna. I will leave this to the mechanical skills of the reader.

7

Loosen the wireless card

(Picture taken from opensource.instant802.com)A metal bracket holds down the wireless card. In order to force the bracket off of

the board, pinch the plastic ties with a pair of pliers.

Remove the wireless card

(Picture taken from opensource.instant802.com)

8

Insert the flash card

(Picture taken from opensource.instant802.com)

Locate "the jumper"

(Picture taken from opensource.instant802.com)

You will find the jumper between the LED’s, the processor, and the flash chip. “On board power up, shorting the JP2 jumper will force the board to boot via a

9

linearly mapped memory card found in the pcmcia socket, instead of the flash chip”(Ref: http://opensource.instant802.com).

Tip: This process of flashing the board to install the sources should be ideally done once. After the first time, the board can be reflashed across the network. ( see Tips for more information).

Short "the jumper"Short the jumper with something metal (a staple).

Plug in the access pointPlug in the access point and watch for the coupled green and yellow LED’s (led4 and led5) to flash back and forth. As soon as you see this happen, stop shorting the JP2 jumper.

Wait and watch for the flashing to end

Once the access point has finished flashing, it will reboot. On reboot, so long as the jumper JP2 is not shorted, the board will boot from the flash chip. You will know this by waiting and watching the coupled green and yellow LED’s, which will flash alternately and more quickly, once the process is complete.

Reassemble your new and improved access point

10

Tips Troubleshooting and FAQ’s

Nothing shows up when I boot up the AP

This is probably because of an incompatible timing problem. You have to try out other baud rates on the HyperTermnal/Minicom. Although OpenAP specifies it as 9600bps, try out 4800 bps and 128000 bps. Else to detune the sram yourself, try the following:Download the file, alios.bin from either http://www.winlab.rutgers.edu/~droy or from http://www.zillabit.com/earl/openap .(I have to thank Travis and Earl (from the email forum at http://opensource.instant 802.com) for the file.) in to the openap-0.1.1 folder.After you have made the sram image.>dd if=alios.bin of=sram bs=1 seek=2081280This should detune the image to be viewable at 9600bps.

How do I reflash across a network ?

After you have a stable image on the sram card, you should always attempt to reflash across the network. Get the new image (as in both the flash and flash.md5 files) you want to reflash and save it on to a publicly accessible folder. Methodology:When the OpenAP is up and running….>cd bin>reflash http://www.XXX.XXXreplace XXX.XXX with the site you stored the flash and flash.md5 in.

How do I connect to a remote client

To be able to connect to a remote client, in this case a laptop with a Cisco Wireless PCMCIA card, you have to do the following steps. Firstly download the ‘setup’ program either from the site (http://www.winlab.rutgers.edu/~droy) or from the CVS. You have to add the file in the Image_static folder and then reflash the board (you can either do that across the network or by going through the tiresome way using the paperclip). After you have reflashed the board , run the setup program >cd bin>./setupConfigure the options. The program has the following options :

========================================================================= OpenAP configuration =========================================================================

--------------------------------------------------------------------------Wireless Setup

11

--------------------------------------------------------------------------

Access point identifier [one] >Network name (SSID) [NAME] >Channel [1] >

--------------------------------------------------------------------------Your wireless settings:--------------------------------------------------------------------------

Access point identifier : two Network name : NAME2 Channel : 1 --------------------------------------------------------------------------Are these settings correct? (y/n) [n] >y

--------------------------------------------------------------------------TCP/IP Setup--------------------------------------------------------------------------

Use DHCP for automated configuration? (y/n) [n] >IP address [192.168.0.254] >Network mask [255.255.255.0] >Broadcast address [192.168.0.255] >Default gateway [192.168.0.3] >DNS address [192.168.0.3] >Domain name [dot.dot.edu] >

--------------------------------------------------------------------------Your TCP/IP settings:--------------------------------------------------------------------------

IP Address : 192.168.0.254 Netmask : 255.255.255.0 Broadcast address : 192.168.0.255 Default gateway : 192.168.0.3 DNS address : 192.168.0.3 Domain name : dot.dot.edu

--------------------------------------------------------------------------Are these settings correct? (y/n) [n] >yWriting setup...Commiting configuration...0+1 records in0+1 records outdone

You need to reboot the AP to make the changes effective

As per the instructions reboot the AP. >reboot

Now go to your client. We used a WIN2000 laptop with Cisco wireless PCMCIA card.Procedure:

12

You have to change the SSID (service set identifier). It is located in the client in the following location: >cd /proc/aironet/eth1/SSIDTo change that you have to do so in the script /etc/rc.d/init.d/network. Add this after ‘touch’ statement : echo “myssid” > /proc/aironet/eth1/SSIDReboot the client and it will recognize your new AP.

How to use HyperTerminal ?

Click Start, Programs, Accessories, Communications, Hyperterminal You will come to the following screen

Type in any name for the session. For ex. OpenAP. You will encounter the next screen

13

Choose the correct port and click ok.

Change the settings as follows. Change the baud rate to your requirements.

And you are on your way!How to Minicom?

Start Minicom from the console.

14

Do CTRL +A and Z Change the settings as required i.e. change the Serial Device and baud rate but

leave the rest as in the picture.

Save and Exit. Change the Modem and dialing parameter as follows. There should not be any extra characters.

15

I am getting the following error

The path /root/openap-0.1.1/linux/include/asm' doesn't exist.make[1]: *** [headers] Error 1make[1]: Leaving directory `/root/openap-0.1.1/uclibc'make: *** [tools] Error 2

Solution :>cd uclibc>vi Config(Scroll down to # What arch do you want to compile for.... )Make sure there is no '#' vbefore TARGET_ARCH=i386 Next Scroll down to #KERNEL_SOURCE=/usr/src/linuxChange the path to the linux kernel you had downloaded earlier.Next check the HAS_MMU =true

How do I make tools manually

Make tools etc manually only if make tools and make install did not work.>cd uclibc edit the config file >vi Config(Scroll down to# What arch do you want to compile for.... )Make sure there is no '#' vbefore TARGET_ARCH=i386Next Scroll down to #KERNEL_SOURCE=/usr/src/linuxChange the path to the linux kernel you had downloaded earlier.NextCheck the HAS_MMU =true> make >cd ..> cd misc>make>cd ..>cd wireless_tools>vi Makefile(scroll down to Targets to build )Change the line (PROGS= iwconfig # iwlist iwpriv iwspy iwgetid)to (PROGS= iwconfig iwpriv iwspy #iwgetid iwlist) Basically we are commenting out the programs we do not want, if you wish you can uncomment iwgetid and iwlist too.Save and exit>make>cd ..Similarly go to every folder and type make If you want you can make install and make bootstrap now.

16

SniffingThe main intention of this project at WINLAB is not just to make a Linux based 802.11b compliant access point but mainly also to add sniffing utilities to it. We went about adding this functionality by “going the libpcap way”.Sniffing theory can be described with this simple picture.

Basically is Jack was trying to send Raj a message, the usual way would of course be sending it to a router or default gateway which is connected to the internet and passes the message on to Raj’s Machine. Basically the sniffing utility captures the data packet before it reaches the router. Ethernet is based on the shared principle. Every packet on the Ethernet has a MAC address (of the machine to be sent to) associated with it and every client on the network has individual addresses. Every client can ‘see’ every packet on the shared medium but ignores all packets not addressed to it. The sniffing utility makes the client go on to the ‘promiscuous’ mode, which makes it possible for it to capture every packet on the shared medium. Ethereal uses the same principle.The best site I found describes sniffing theory in detail is Mr. Robert Graham’s site- http://www.robertgraham.com/pubs/sniffing-faq.html. Initially we used attempted to install and run Ethereal to get a clear idea about sniffing utilities. Below I have added a few screenshots of Ethereal. Most of it is self-explanatory. So lets get started.

Download the Ethereal source or the rpm’s from http://www.ethereal.com. The source has the wiretap library, which is commonly used with libpcap (which is downloaded from http://www.tcpdump.org).

Start Ethereal from the command prompt. >ethereal &

17

Jack

Sniffing Utility

InternetRouter Raj

Click on Capture.

You can change the capture interface. Then click OK.

18

Ethereal will start capturing packets on all available interfaces. You have to click stop to prevent further capturing and view the results.

19