The ISPs should limit themselves to what they are supposed to do, provide us with a connection to the internet. It is none of their business to decide what are we going to do with that connection. The problem actually arises from the fact that these ISPs have bitten off more than they can chew. The next time you see some ISP going hysterical with its claims of offering you a 384 kbps unlimited connection, be careful. They simply don’t have the necessary bandwidth to keep on adding customers by tons and yet provide them with the same download speeds. They expect all the customers to be (lets face it) lamers who would never go beyond a few mails, orkut scraps and a few movie review sites. The problem starts when you really start taxing your connection to the hilt. Anyways, thats what you are supposed to do. You are getting a 384 kbps connection, so you would be ofcourse downloading at that speed for whatever time you want. You are not going to get 500+ speeds on a 384 kbps connection anyways.

So here is the scenario. A user is downloading within the limits of his connection (as advertised by you, my dear ISP) yet you can’t handle that much traffic.

A very common excuse by the ISPs that we would often come across is that file-sharing applications constitute close to 90% of the network traffic. Let us examine this point. Where lies the problem if it constitutes some x% of the traffic? The users are downloading at the rates you have supplied them with, they aren’t crossing the limit. It simply means that you don’t have the capacity to handle such a volume of data flow and hence resort to such dirty tactics.

Coming back to the modern file-sharing protocols, they are the true applications of distributed computing in the public realm that benefit the common user instead of being restricted to University research projects. We don’t need to be re-introduced to the virtues of distributed and decentralized computing, do we? Its no use denying the fact that P2P protocols are the next level in the way the internet will be used. Lets face it. Change is inevitable. It started off with dial-in BBS boards and plain text webpages. Are we still clinging on to those technologies?

Now moving on to the technique that Comcast uses to “shape the traffic”.

Comcast’s technology kicks in, though not consistently, when one BitTorrent user attempts to share a complete file with another user.

Each PC gets a message invisible to the user that looks like it comes from the other computer, telling it to stop communicating. But neither message originated from the other computer — it comes from Comcast. If it were a telephone conversation, it would be like the operator breaking into the conversation, telling each talker in the voice of the other: “Sorry, I have to hang up. Good bye.”

Isn’t this the same MITM (Man In The Middle) attack for which hackers are despised?

An analogy on Wi-Fi networks (‘coz thats what I’m comfortable with ).

Suppose a certain network is an ‘Open Network’ but uses a captive portal to authenticate users. So now I probe the network in promiscuous mode and find out an authenticated client associated to an AP. I deauth that machine and spoof its MAC address, and then the possibilities are endless…..

What I wanted to point out was, had I been caught in the above act, there is no doubt I would be behind bars. So what about these corporations?

Agreed that traffic shapers are very much needed for maintaining the QoS of the network, but the University authorities have simply pulled off a cheap trick by misusing the powers of these tools.

In my next post, I’ll be posting some iperf results as evidence to my claims.

If any experts are reading this, is it a flaw in the IOS RADIUS itself or something is wrong with its implementation on our network?

I have an atheros chipset wireless card on my lappy, and the madwifi-ng drivers for Edgy don’t include the madwifi-tools package. So had to download and install it from debian’s testing branch. This package includes the wlanconfig tool. Without this, the aircrack-ng suite is as good as defunct.

Now comes the real part. Firing up the suite. First of all, you need to put your card into ‘monitor mode’ . Under this mode, you will be able to monitor all the traffic in your wireless network. Somewhat like the promiscuous mode.

Now, when you enter the following command, you will get something like the following output:

# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wifi0     no wireless extensions.

ath0      IEEE 802.11g  ESSID:"Tata Indicom Wi-Fi"
Mode:Managed  Frequency:2.462 GHz  Access Point: 00:17:5A:B7:B8:20
Bit Rate:11 Mb/s   Tx-Power:8 dBm   Sensitivity=0/3
Retry:off   RTS thr:off   Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=19/94  Signal level=-76 dBm  Noise level=-95 dBm
Rx invalid nwid:28018  Rx invalid crypt:0  Rx invalid frag:0
Tx excessive retries:0  Invalid misc:0   Missed beacon:0

sit0      no wireless extensions.

Now lets be clear about something. The interface wifi0 is actually the base device, indicative of the network card you are using. Suppose you have two cards supported by the madwifi driver. Then these two will show up as wifi0 and wifi1. Now for each base device, you can use wlanconfig to create VAPs (Virtual Access Points) running under different modes. Now going back to the output above, if you want to use ath0 for monitoring purposes, which is already under use, use airmon-ng to first stop the VAP.

#airmon-ng stop ath0

Interface       Chipset         Driver

wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0) (VAP destroyed)

Now if you want to use another VAP like say ath1, use wlanconfig to create it in station mode and then stop it by issuing the above command.

# wlanconfig ath1 create wlandev wifi0 wlanmode sta

Now, after stopping the device you need to put the card in monitor mode

#airmon-ng start wifi0

Interface       Chipset         Driver

wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0) (monitor mode enabled)

Now comes the role of airodump-ng for sniffing out networks. Start it

#airodump-ng ath0

So, airodump-ng now starts hopping channels and lists all the access points it can receive beacons from. You will see an output like this:

Next comes the part of zeroing in one certain AP and capturing data packets from it, writing all of it to disk and use it for cracking the WEP key.

To be contd in the 2nd part (‘coz this gets updated as soon as I myself learn it!)

Recommended readings:
1. The MadWifi wiki page
2. The aircrack-ng documentation
3. And ofcourse the man pages!

If you are stuck at any point or screw something up, just visit the #madwifi channel on freenode network. The guys there are ever willing to help you out!