What is an access point and how is it different from a range extender?

What is a wireless access point and how it works?

An access point expands the range of, and user connections to, an existing wireless network. It wirelessly connects devices to the LAN (local area network) through a high-speed Ethernet cable. The access point receives wired Ethernet data which is converted into a wireless signal that is sent onto wireless devices. Full Duplex Ethernet connections allow data to simultaneously flow in Receive and Transmit directions.

A wireless router generally provides sufficient WiFi coverage throughout an “average” sized house. A router used in conjunction with your access point extends the wireless signal’s range/coverage. This router-access point combination helps eliminate “dead zone” areas that have sporadic, weak, or no signal and/or coverage.

A wireless access point is not the same as a wireless router. It does not have a firewall or the ability to protect your LAN from Internet threats.

Last update on 2020-11-13 / Affiliate links / Images from Amazon Product Advertising API

How to Configure a Wireless Access Point

Use your wireless access point configuration settings to switch it (or your router) to repeater mode so the range of your wireless home or business network signal is increased.

1. Connect your Ethernet cable to your computer’s, laptop’s, etc. networking port.

2. Connect the other end of the Ethernet cable to one of the access point’s LAN ports.

3. Open your Web browser and type in the IP address of the access point. “Enter” to open the configuration page.

4. On the configuration page you’ll see configuration options that relate to the wireless access point’s functions. Click the «Wireless» tab. Click the «Repeater» tab on the «Mode» menu.

5. You may “Enable/Disable” your wireless access point functions or modify your other settings:

• “SSID” (Service Set Identifier) identifies the network. Access points have common defaults. Changing the default SSID only protects from first-grade hackers. Leave the default SSID at and apply better security measures.

• “Allow broadcast SSID to associate?” Disable this for greater security. Disabling prevents the access point’s periodic SSID broadcast that invites wireless devices within range to join your network.

• Set your “Channel” so your access point and all wireless network computer(s) are on the same channel.

• “WEP — Mandatory or Disable” allows you to use wired equivalent privacy security protocol.

6. Click «Save Settings» to complete your access point’s wireless repeater configuration.

Особенности атаки человек-посередине на мошеннической точке доступа

Вы можете анализировать и модифицировать данные с помощью Bettercap, MITMf, Net-Creds, любых других инструментов, с которыми вы привыкли работать.

Особенности заключаются в том, что не нужно делать ARP спуфинг (мы сидим на шлюзе!), не нужно делать обнаружение или фильтр клиентов – мы рады всем.

Допустим я хочу просматривать трафик с Bettercap, как мы помним, мой беспроводной интерфейс называется wlan0, тогда моя команда имеет вид:

sudo bettercap -X -I wlan0 -S NONE --proxy --no-discovery

Здесь:

  • -S NONE означает не делать ARP спуфинг
  • —no-discovery означает не выполнять обнаружение клиентов
  • -I wlan0 – выбор интерфейса
  • -X – начать сниффинг
  • —proxy – Включить HTTP прокси и перенаправлять все HTTP запросы на него

Аналогично с другими инструментами. Кроме поиска паролей, можно вставлять HTML и JavaScript код, делать DNS-спуфинг, заражать бэкдорами исполнимые файлы и выполнять множество других атак.                                  

Advantages / Disadvantages of Wireless AP

A basic advantage of wireless access points is their ability to allow you to connect to the network without the need for cables. They can be installed wherever there is an Ethernet cable. They:

  • allow you/your devices greater mobility,
  • increase signal range and coverage, reducing dead zones, and
  • allow homes and businesses to scale their network supported connections.

The downside is the reduced security. Access points do not have firewall utilities. Your bandwidth may also decrease as you add more connections and devices.

Last update on 2020-11-13 / Affiliate links / Images from Amazon Product Advertising API

AP Technologies

MESH Technology – can connect home devices, businesses, or entire cities! Mesh technology provides a seamless Internet connection over wireless (mesh network) connection nodes. Devices or workstations (nodes) that are directly connected to each other exhibit full mesh topology. Partial mesh topology occurs when some nodes are directly connected to each other while others are only connected to those with which they exchange the most data.

MIMO (Multiple Input Multiple Output) Antenna Technology – helps reduce the obstructive effects of scattered signals that increase errors and decrease wireless Internet and other digital communications’ data speed. Negative multipath wave transmission may be minimized by situating two (or more) antennas and several signal transmissions (one per antenna) at the both the source and end.

PoE (Power over Ethernet) – is efficient low-power long cabling technology that can transmit up to 100 meters. PoE minimizes electrical hazard risks due to its low power.

Last update on 2020-11-13 / Affiliate links / Images from Amazon Product Advertising API

Примечания

sudo iptables -F && sudo iptables -t nat -F

Также правила маршрутизации сбрасываются при перезагрузке компьютера.

Если при запуске Bettercap стала появляться ошибка

  It looks like there's another process listening on 192.168.12.1:5300, please chose a different port.

То с помощью опции —dns-port выберите другой порт:

sudo bettercap -X -I wlan0 -S NONE --proxy --no-discovery --dns-port 153

Также можно отказаться от передачи DNS запросов через Tor. Даже если DNS запросы будут идти с нашего IP, ничего страшного я в этом не вижу.

  • Если вы сами можете подключиться к своей ТД, но больше никто к ней не подключается сутками напролёт, то причина может быть в том, что в пределах досягаемости нет людей, которым нужен бесплатный Wi-Fi. Возможно, вы неудачно выбрали название ТД. Чтобы увеличить охват людей, нужно иметь как можно более мощную Wi-Fi карту. я делал простое сравнение между хорошим роутером и Alfa AWUS052NH.
  • Если вы хотите настроить автоматический запуск ТД при загрузке системы, либо вы хотите задать пароль к ТД или использовать другие настройки, ещё больше примеров вы найдёте в этой заметке.

ВНИМАНИЕ: в данной статье не раскрыты полностью вопросы безопасности. Необходимо учитывать риски возможности любого постороннего лица подключаться к вашей локальной сети, а также использовать ваше Интернет-подключение

Мы настроили перенаправление через Tor только веб-трафика, весь остальной трафик продолжает идти с вашего IP. 

Например, если кому-то понадобиться установить истинный IP вашей ТД, то для этого достаточно подключиться к ней и отправить «внедиапазонный» (в данном случае такими являются любые запросы, кроме веб-трафика) на подконтрольный сервер – это сразу же раскроет ваш истинный IP. Одним из решений является блокировка всего трафика, который не идёт через Tor.

Также нужно помнить, что те, кто вас ищут, точно знают, что вы находитесь где-то в пределах 300 метров, а используя визуализацию мощности сигнала можно определить расположение искомой ТД с точностью до квартиры…

FAQ

Is a wireless access point a router? Does it need to be connected to a router? Wireless access points are not routers but may be incorporated into a wireless router. Others are standalone units connected via Ethernet to a router so other devices can access the connection.

Is a wireless access point secure? No. It does not have firewall functions that protect your local network.

What is a wireless access point controller? Controller-based access points are for larger operations. They provide centralized management, upgraded WPA2 encryption, configuration, and policy setting, firmware updates, and bandwidth and load balancing control.

Can these devices have the same SSID? One SSID can be used by multiple broadcasting access points. Multiple SSIDs can also be used by one access point.

Can a wireless access point connect to a switch? A device’s SSID access point connection signal passes to the network switch and onto a VLAN network that has specific security standards for accepting guest devices.

Why can’t I connect to a wireless access point? You need a router.

How to find wireless access point IP address? Default IP addresses are listed on your access point’s box or sticker.

How to secure a wireless access point? Encryption is the best wireless security access points have. WPA and WPA2 encryption and strong password are the most secure. RADIUS hot spot authentication is supported by some access points.

What is bridge mode? Bridge mode allows you to connect multiple devices. Set up 2 WiFi routers: 1 as a router and 1 as a bridge (in bridge mode).

What is the best overall wireless access point? From those reviewed: The scalable TP-LINK N300 access point is designed to expand your wireless home, business, or commercial (café, hotel or airport) Internet experience. It also offers 5x the range and 15x the dynamic speed of wireless g.

What is the best for home? From those reviewed: The universal, easy to set up and use Securifi Almond is compatible with existing routers, PC/Macs, Apple and Android smart devices, Xbox, and Amazon Alexa.

What is the best for a business’ office? From those reviewed: The NETGEAR AC1200 (WAC 104) is a “no frills”, cost-effective, fast, reliable, and low-maintenance wireless WiFi AP.

What is the best for 50 users? 500 users? 1000 users? From those reviewed: Ubiquiti Networks’ AC Lite is an ultra-compact, reduced footprint, indoor, industrial AP design that offers unlimited, single- controller, scalable WiFi enterprise management.

What is the best for CCTV? From those reviewed: The Ubiquiti AC Pro AP is weatherproof for indoor or outdoor wireless network installation and works with hardware that complies with IEEE 802.3af PoE or 802.3at PoE+ standards.

What is the best for school? From those reviewed: The TP-LINK AC1750 AP offers enterprise class chipsets that support longer range and run times, performance, and scalability. It is an easy installation designed to work with MS Windows XP, Vista, Windows 7, 8, or 10. It has one Gigabit PoE-supported Ethernet RJ-45 port.

What is the best wireless access point for gaming? From those reviewed: The TP-LINK N300 AP is designed to connect numerous Ethernet-enabled devices for VoIP, gaming, and video streaming.

What is the best for a hotel? From those reviewed: The TP-LINK AC1750 AP offers enterprise class chipsets that support longer range and run times, performance, and scalability. Free TP-Link Auranet Controller software allows you to monitor/manage EAPs from a single location.

Conclusion

A wireless access point is designed to expand the range and user connections to existing wireless network. It wirelessly connects devices to local area network via a high-speed Ethernet connection. Its goal is to successfully resolve slow, dropped, or non-existent Wi-Fi connections.

Technological advancements are constantly being made to overcome obstructed signal effects and encryption and security. IEEE standard amendments modify access control to ensure power efficiency and improved operation. Other improvements include improvements in antennas for better coverage, wireless band frequencies, product compatibility, and connectivity.

Wireless Product Overview

Ruijie Networks set up an independent wireless product department in 2002 as a mark to step into the WLAN market starting from 2000. In 2007, Ruijie established the comprehensive wireless product lines. In 2015, Ruijie officially founded the Wireless Product Division. 16 years of technical development and business evolution proved Ruijie’s persistence in independent R&D and the eagerness to keep forging ahead with innovation. Powered by a team size of hundreds of personnel and 117 patents with hundreds currently under the process of application, Ruijie manages to achieve completely independent research and development over the products from AP to AC, from software to hardware and from management to application.

Grounded in industrial scenarios and deeply engaged with users’ most concerned problems, Ruijie strives to be the industry-leading scenario-oriented Wi-Fi solution provider with great capacities in depriving the business world of any network problems, and earns the top place in the market share powered by the unsurpassed and robust products. Ruijie crafts the best Wi-Fi deployment across the scenarios of high education, general education, medical services, government, transportation, commerce and hotels, and thrives to bring smart living to the general Wi-Fi users in this interconnected world. The patented technology of X-Sense Smart Antenna, the i-Share Solution dedicated for high-density and complex application scenarios, and Zero-roaming Mobile Medical Solution propel the industry with great mobility and top innovation. Therefore, Ruijie prospers to be a user-centric and innovation-driven Wi-Fi solution provider.

With a considerable customer base of wireless network market, Ruijie becomes a great market force across sectors of education, transportation, medical services and finance according to the 2015 report released by the market research authority International Data Corporation. In 2015, Ruijie was awarded with “Best Market Performance in WLAN” from “Communications World Weekly”, the award of “The Most Recommended Product of 2015” by Zhongguangcun and “Innovative Award of Wireless Network Solution” by ZDNet, prospering to be the new benchmark of China wireless enterprise network market.

The acknowledgment gained from the industry and the customers serve as a great momentum for us to strive forward and keep innovative. We thrive to eliminate any bottleneck to business performance to create a superior user experience in the future.

More +

All Products  >

Indoor Access Point Series
RG-AP880-I
RG-AP840-I
RG-AP820-L(V2)
RG-AP730-L
RG-AP720-L
RG-AP720-I
RG-AP710
RG-AP210-L
Wall-Mount Access Point Series
RG-AP180
RG-AP130(W2)V2
RG-AP110-L
Outdoor Access Point Series
RG-AP680(CD)
RG-AP630(CD)
RG-AP630(IODA)
RG-AP630 (IDA2)
Wireless Controller Series
RG-WS6816
RG-WS6108
RG-WS6008
RG-M18000-WS-ED
Accesory
RG-E-130(GE)
RG-E-120(GE)
Thermal Camera
RG-WX-TC01
RG-WX-TB01

More-

Канальный уровень Wi-Fi

Точку доступа Wi-Fi можно поднять с помощью пакета , который также поддерживает WPA2.

/etc/hostapd/hostapd.conf
ssid=YourWiFiName
wpa_passphrase=Somepassphrase
interface=wlan0
bridge=br0
auth_algs=3
channel=7
driver=nl80211
hw_mode=g
logger_stdout=-1
logger_stdout_level=2
max_num_sta=5
rsn_pairwise=CCMP
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

Для автозапуска hostapd в качестве службы запустите .

Важно: Беспроводные каналы разрешённые для точки доступа отличаются в зависимости от вашего расположения. Если прошивка вашего беспроводного устройства позволяет, вы можете настроить свой регион чтобы использовать разрешённые каналы

Не выбирайте другой регион, так как это может стать запрещённым распространением сетевого трафика, затрагивающим функциональность вашего устройства и других в зоне покрытия! Для установки региона смотрите .

Примечание: Если ваша сетевая карта имеет чипсет RTL8192CU, установите AUR и в замените на .

Требования

$ iw list
Wiphy phy1
...
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * AP/VLAN
		 * WDS
		 * monitor
		 * mesh point
...

Беспроводной клиент и программная точка доступа на одном Wi-Fi устройстве

Создание программной AP не зависит от конкретного типа устройства (Ethernet, Wi-Fi, …). Многие беспроводные устройства даже могут быть одновременно использованы как точки доступа и как беспроводные «клиенты». Используя эту возможность вы можете создавать программые AP действующие как «беспроводной ретранслятор» для существующей сети, используя единственное Wi-Fi устройство. Эта возможность указана в следующей секции вывода :

$ iw list
Wiphy phy1
...
        valid interface combinations:
                 * #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
                   total <= 2048, #channels <= 1, STA/AP BI must match
...

Ограничение означает, что ваша программная AP должна работать на том же канале, что и ваше Wi-Fi клиентскоее соединение; смотрите свойство в ниже.

Если вы собираетесь использовать этот способ, возможно потому что Ethernet-соединение недоступно, вам необходимо создать два отдельных виртуальных интерфейса. Виртуальные интерфейсы для физического устройства могут быть созданы так: сначала, «виртуальные интерфейсы» создаются непосредственно для самого сетевого соединения () и для программной AP/hostapd «беспроводного ретранслятора»:

# iw dev wlan0 interface add wlan0_sta type station  
# iw dev wlan0 interface add wlan0_ap  type __ap     

Далее, интерфейсам присваиваются различные MAC адреса (используем произвольные отличающиеся адреса):

# ip link set dev wlan0_sta address 12:34:56:78:ab:cd
# ip link set dev wlan0_ap  address 12:34:56:78:ab:ce

Tools

linux-wifi-hotspot

The AUR package provides a script that can create either a bridged or a NATed access point for internet sharing. It combines hostapd, dnsmasq and iptables for the good functioning of the access point. Includes both command line and gui. The basic syntax to create a NATed virtual network is the following:

# create_ap wlan0 eth0 MyAccessPoint MyPassPhrase

Alternatively, the template configuration provided in can be adapted to ones need and the script run with:

# create_ap --config /etc/create_ap.conf

To use the GUI, run in terminal:

# wihotspot

enable/start the to run the script at boot time with the configuration specified in .

Note: In bridge mode, create_ap may conflict at boot time with the current network configuration. In this case, do not configure the IP address of the ethernet interface, neither DHCP nor a statip IP address, in order to facilitate the binding to the bridge.

Configuration

Setting up an access point consists of two main parts:

  1. Setting up the Wi-Fi link layer, so that wireless clients can associate to your computer’s software access point and exchange IP packets with it.
  2. Setting up the network configuration on your computer, so that it properly relays IP packets between its own internet connection and the wireless clients.

Wi-Fi link layer

The actual Wi-Fi link is established via the package, which has WPA2 support.

/etc/hostapd/hostapd.conf
interface=wlan0_ap
bridge=br0

# SSID to be used in IEEE 802.11 management frames
ssid=YourWiFiName
# Driver interface type (hostap/wired/none/nl80211/bsd)
driver=nl80211
# Country code (ISO/IEC 3166-1)
country_code=US

# Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz)
hw_mode=g
# Channel number
channel=7
# Maximum number of stations allowed
max_num_sta=5

# Bit field: bit0 = WPA, bit1 = WPA2
wpa=2
# Bit field: 1=wpa, 2=wep, 3=both
auth_algs=1

# Set of accepted cipher suites; disabling insecure TKIP
wpa_pairwise=CCMP
# Set of accepted key management algorithms
wpa_key_mgmt=WPA-PSK
wpa_passphrase=Somepassphrase

# hostapd event logger configuration
logger_stdout=-1
logger_stdout_level=2

# Uncomment and modify the following section if your device supports 802.11n
## Enable 802.11n support
#ieee80211n=1
## QoS support
#wmm_enabled=1
## Use "iw list" to show device capabilities and modify ht_capab accordingly
#ht_capab=

Tip: You can set up the SSID with UTF-8 characters, so international characters will show properly. The option to enable it is . Some clients may have problems with recognizing the correct encoding (e.g. wpa_supplicant or Windows 7).

When starting hostapd, make sure the wireless network interface is brought up first, otherwise it will fail with the message «could not configure driver mode». Also make sure that the interface is not managed by a network manager.

For automatically starting hostapd, enable the .

Warning: The wireless channels allowed for access point operation differ according to geography. Depending on the wireless firmware, you may have to set the region correctly to use legal channels. Do not choose another region, as you may be illegally disturbing network traffic, affecting wireless functionality of your own device and others within its reach! To set the region see .

Note: If you have a card based on RTL8192CU chipset, install AUR and replace with in the file.

Network configuration

There are two basic ways for implementing this:

  1. bridge: creates a network bridge on your computer, wireless clients will appear to access the same network interface and the same subnet that is used by your computer.
  2. NAT: with IP forwarding/masquerading and DHCP service, wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted. This is similar to a normal Wi-Fi router which is connected to the internet.

The bridge approach is simpler, but it requires that any service that is needed by the wireless clients, in particular DHCP, is available on the computer’s external interface. This means it will not work if the external modem which assigns IP addresses, supplies the same one to different clients.

The NAT approach is more versatile, as it clearly separates Wi-Fi clients from your computer and it is completely transparent to the outside world. It will work with any kind of network connection, and (if needed) traffic policies can be introduced using the usual iptables approach.

It is possible to combine these two approaches: for example having a bridge that contains both an ethernet device and the wireless device with a static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device connected to the WAN.

Bridge setup

You need to create a network bridge and add your network interface (e.g. ) to it. You should not add the wireless device (e.g. ) to the bridge; hostapd will add it on its own.

See Network bridge.

Tip: You may wish to reuse an existing bridge, if you have one (e.g. used by a virtual machine).

NAT setup

See for configuration details.

In that article, the device connected to the LAN is . That device would be in this case your wireless device (e.g. ).

Why Access Points Are Better for Businesses

While range extenders are great for home Wi-Fi networks, they’re not efficient for modern businesses. This is because they can only support a limited number of devices at one time, usually no more than 20. While range extenders do increase the coverage of a Wi-Fi router, they do not increase its available bandwidth. Depending on the number of devices you have connected simultaneously, a range extender could end up weighing down your connection.

Access points, on the other hand, can handle over 60 simultaneous connections each. By installing access points throughout the office, users can roam freely from room to room without experiencing network interruptions. As they move through the building, their devices shift seamlessly from one access point to the next without dropping the connection—they won’t even realize they’re switching between networks.

Создание открытой точки доступа

Нам понадобится программа create_ap.

Установка в Kali Linux:

sudo apt-get install haveged hostapd git util-linux procps iproute2 iw dnsmasq iptables bettercap
git clone https://github.com/oblique/create_ap
cd create_ap
sudo make install
cd .. && rm -rf create_ap

Установка в BlackArch:

sudo pacman -S create_ap haveged hostapd util-linux procps iproute2 iw dnsmasq iptables --needed

Для создания точки доступа нам понадобиться Wi-Fi карта и подключение к Интернету – любым образом по проводу или через вторую Wi-Fi карту. Для работы в виртуальной машине достаточно одной внешней Wi-Fi карты, если компьютер получает доступ ещё каким-либо образом. Если беспроводная карта в полной мере поддерживает режим AP, то достаточно только её, поскольку она может одновременно и быть клиентом для подключения к Интернету, и служить точкой доступа.

Я всегда выгружаю NetworkManager при любой работе с Wi-Fi сетями, поскольку эта программа постоянно теребит Wi-Fi интерфейсы, даже если не использует их. Это позволяет мне избежать множества проблем. Поэтому я делаю так:

sudo systemctl stop NetworkManager

В зависимости от настроек сетей, после этого у вас может пропасть Интернет-подключение, а Wi-Fi сети придётся настраивать вручную (см. «»). Вам не обязательно выгружать NetworkManager, но если у вас не получаются описанные здесь примеры, то начните с выгрузки NetworkManager.

Для запуска беспроводной точки доступа с create_ap достаточно знать только имена интерфейсов. Вы можете посмотреть их командой:

ip a

Имена моих интерфейсов wlan0 и eth0.

Теперь просто запустите create_ap:

sudo create_ap <wifi-интерфейс> <интерфейс-с-интернетом> <имя-точки-доступа>

Если вы не знаете, какой из ваших интерфейсов является беспроводным, то запустите команду

sudo iw dev

Эта команда выведет названия только беспроводных интерфейсов.

Я хочу создать ТД с именем «sasha». Тогда моя команда:

sudo create_ap wlan0 eth0 sasha

Если появилась строка

wlan0: AP-ENABLED

значит всё прошло успешно. Попробуйте к ней подключиться. Будут появляться записи вроде:

wlan0: STA 8c:77:16:45:1d:c3 IEEE 802.11: authenticated
wlan0: STA 8c:77:16:45:1d:c3 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 8c:77:16:45:1d:c3
wlan0: STA 8c:77:16:45:1d:c3 RADIUS: starting accounting session 586DFBD5-00000000
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: associated (aid 2)
wlan0: AP-STA-CONNECTED c8:6f:1d:05:00:5a
wlan0: STA c8:6f:1d:05:00:5a RADIUS: starting accounting session 586DFBD5-00000001
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: AP-STA-DISCONNECTED c8:6f:1d:05:00:5a
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: disassociated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: associated (aid 2)
wlan0: AP-STA-CONNECTED c8:6f:1d:05:00:5a
wlan0: STA c8:6f:1d:05:00:5a RADIUS: starting accounting session 586DFBD5-00000002
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: associated (aid 2)
wlan0: STA c8:6f:1d:05:00:5a RADIUS: starting accounting session 586DFBD5-00000002
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: did not acknowledge authentication response
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: associated (aid 2)
wlan0: STA c8:6f:1d:05:00:5a RADIUS: starting accounting session 586DFBD5-00000002
wlan0: AP-STA-DISCONNECTED c8:6f:1d:05:00:5a
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: disassociated due to inactivity
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: authenticated
wlan0: STA c8:6f:1d:05:00:5a IEEE 802.11: associated (aid 2)
wlan0: AP-STA-CONNECTED c8:6f:1d:05:00:5a
wlan0: STA c8:6f:1d:05:00:5a RADIUS: starting accounting session 586DFBD5-00000003

Они говорят о подключении и отключении клиентов.

А теперь можете выполнять любые атаки человек-посередине!

Requirements

$ iw list
Wiphy phy1
...
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * AP/VLAN
		 * WDS
		 * monitor
		 * mesh point
...

Wireless client and software AP with a single Wi-Fi device

Creating a software AP is independent from your own network connection (Ethernet, wireless, …). Many wireless devices even support simultaneous operation both as AP and as wireless «client» at the same time. Using that capability you can create a software AP acting as a «wireless repeater» for an existing network, using a single wireless device. The capability is listed in the following section in the output of :

$ iw list
Wiphy phy1
...
        valid interface combinations:
                 * #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
                   total <= 2048, #channels <= 1, STA/AP BI must match
...

The constraint means that your software AP must operate on the same channel as your Wi-Fi client connection; see the setting in below.

If you want to use the capability/feature, perhaps because an Ethernet connection is not available, you need to create two separate virtual interfaces for using it.
Virtual interfaces for a physical device can be created as follows:
The virtual interfaces with unique MAC address are created for the network connection () itself and for the software AP/hostapd «wireless repeater»:

# iw dev wlan0 interface add wlan0_sta type managed addr 12:34:56:78:ab:cd  
# iw dev wlan0 interface add wlan0_ap  type managed addr 12:34:56:78:ab:ce

Random MAC address can be generated using macchanger.

Применение WDS

На скорость соединения по «воздуху» влияет удалённость Wi-Fi-устройства от источника сигнала, наличие помех из-за разных предметов, включая стены, поэтому применение сразу нескольких WAP, которые находятся в одной сети, позволяет избежать возможных проблем, поскольку всё помещение будет представлять собой одну зону. Особенно это актуально для больших по площади помещений, квартир, а также домов с толстыми стенами из бетона.

Поскольку режим моста позволяет связать несколько сетей, работающих в разных домах, то таким образом можно использовать мост для связи не просто с соседним домом, но даже с довольно удалёнными складами, а также офисами или, например, организовать наблюдение за домом, или дачей. Разумеется, что чем длиннее будет создаваемый канал (линк), тем он обойдётся дороже, но цель будет оправдывать средства.

WDS режим беспроводного моста Wireless Bridge для больших расстояний

Режим беспроводного моста — это ещё одна функция WAP, которая предполагает более сложную конфигурацию всех элементов сети, но если делать всё внимательно и по порядку, то никаких проблем не возникнет.

Характерной особенностью этого режима WDS является то, что передача данных по «воздуху» устанавливается только между самим оборудованием. К нему всё подсоединяется через кабель. Он позволяет потом с лёгкостью подсоединять всевозможные домашние приборы через Ethernet, затем управлять ими, находясь на приличном расстоянии. Нежелательно, чтобы наиболее возможное количество задействованных аппаратов превышало 30 элементов, иначе скорость соединения значительно снизится. Если требуется подключить большее количество клиентских приборов, то можно подумать о применении нескольких инфраструктур Wireless Distribution System.

WDS режим репитера (повторителя) для расширенных возможностей

Режим репитера позволяет присоединять к WAP не только другую точку, но и самые разные беспроводные приборы (адаптеры).

Wireless Access Point Types/Features

Single Band / Dual Band / Tri Band

The (single, dual, or tri) wireless band frequency is how your data is transmitted. Commonly used band frequencies are 2.4 Ghz and 5 Ghz.

A standard single access point/router uses a 2.4 Ghz band. It can accommodate an estimated max of 30 different devices within an approximated 103 meter area. However, single band is increasingly vulnerable to interferences from Bluetooth devices, cell phones, WiFi hotspots and other electronics. Single band is fast becoming a thing of the past.

Dual band uses both 2.4 Ghz and 5 Ghz bands. The 5 Ghz allows faster and more consistent connections. Separate networks (i.e.: gaming and video) effectively operate simultaneously without interference.

Wireless tri-band uses one 2.4 Ghz band and two 5 Ghz bands, which means less interference, more bandwidth, more device support, and the ability to dedicate certain devices to a particular band. For now, it is the future standard.

Last update on 2020-11-13 / Affiliate links / Images from Amazon Product Advertising API

Internal / External Antennas

The efficacy of your access point signal depends on the type of antenna and your device’s power output. Internal antennas are better-suited for indoor installations. Most external antennas are built for commercial, industrial, taxing environments.

Access points come equipped with built-in antennas or RF (radio frequency) ports that allow you to connect external antennas that widen and improve your coverage.

Directional antennas are recommended for point-to-point communications. External Omnidirectional antennas provide wider (360 deg.) indoor/outdoor point-to-multi-point wireless signal coverage (Indoor: access points, Smart devices; Outdoor: cell towers, campuses). They are centrally-located external antennas that provide connectivity for home or business WiFi devices.

Last update on 2020-11-13 / Affiliate links / Images from Amazon Product Advertising API

IEEE Standard

The IEEE Standard is the inter-access point protocol that supports wireless access point communications (roaming) between access points. The IEEE standard amendment modifies the IEEE 802.11 physical (PHY) and medium access control (MAC) layers to ensure power efficiency of at least one type of 20 Gps max. throughput operation is maintained/improved.

Controller-Based v. Stand-Alone Access Points

Stand-alone access points are good cost effective solutions for small operations/business. Authentication is similar to controller-based access points, but stand-alone WEP encryption is weaker. Bandwidth and load balancing cannot be effectively controlled. They may be adapted to larger operations with the addition of centralized control wireless LAN management software.

Controller-based access points are more expensive than stand-alone access points, but they provide centralized management, upgraded WPA2 encryption, configuration, and policy setting, and firmware updates. Bandwidth and load balancing can be controlled.

Multiple Services (SSID)

A Service Set Identifier (SSID) can be used by multiple broadcasting access points. Multiple SSIDs can also be used by one access point. A device’s SSID connection signal passes to the network switch and onto a VLAN network that has specific security standards for accepting guest devices. There is a saturation point. Too many services flooding the WiFi can slow the system, however.

Last update on 2020-11-13 / Affiliate links / Images from Amazon Product Advertising API

Expert Opinion: Jacob Hess, Systems Engineer and Technical Instructor

Jacob Hess, Systems Engineer and Technical Instructor

Jacob Hess is a U.S. Air Force veteran and systems engineer. He is the co-founder of Nexgent, a platform founded to help train engineers for IT jobs. Jacob has designed lots of IT projects and trained hundreds of engineers for work in military forces.

Many of you likely know kind of what a wireless access point is. And if you do not, you have likely used one before. If we have a host that needs to access the network wirelessly? Then, we need a specific type of device called an access point or a wireless AP to provide that wireless network access to the LAN. We need this wireless AP to provide wireless access to our network. Whenever we install a wireless AP, we have in effect created a WLAN or a wireless local area network. What other information should we know about wireless networks? All wireless LANs fall under the standard 802.11. Surely, you have probably heard this term before and we have different flavors of 802.11. We have a, b, g, and ac now. These letters represent different forms of the 802.11 standard and they represent different speeds, different data rates, and things like that.

Оцените статью
Рейтинг автора
5
Материал подготовил
Андрей Измаилов
Наш эксперт
Написано статей
116
Добавить комментарий