You can use the Comfast CF-912AC adapter as a Wifi adapter on the nanopi
Assuming there is a DHCP server running on your network, SSH to the IP indicated on the screen
Log in to the wlanpi
I normally run as root so I do not have to always elevate
_ _ ____ _ _ _ ____ | \ | | _ \(_) | \ | | ___ ___ |___ \ | \| | |_) | | | \| |/ _ \/ _ \ __) | | |\ | __/| | | |\ | __/ (_) | / __/ |_| \_|_| |_| |_| \_|\___|\___/ |_____| Welcome to Debian Stretch with Armbian Linux 4.19.66-sunxi64 System load: 0.24 0.12 0.09 Up time: 39 min Memory usage: 20 % of 993MB IP: 192.168.16.113 CPU temp: 38°C Usage of /: 21% of 15G [ Menu-driven system configuration (beta): sudo apt update && sudo apt install armbian-config ] Last login: Thu Oct 31 17:22:28 2019 from 192.168.16.101 wlanpi@wlanpi:~$ sudo su wlanpi
I prefer to navigate to the webserver downloads folder so that I can easily pull the file from the device
Determine how the adapter is named in your device
root@wlanpi:/var/www/html/downloads# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 10000 link/ether 02:01:5b:1b:4c:86 brd ff:ff:ff:ff:ff:ff inet 192.168.16.113/24 brd 192.168.16.255 scope global eth0 valid_lft forever preferred_lft forever 3: usb0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 7e:60:c2:c2:98:66 brd ff:ff:ff:ff:ff:ff inet 192.168.42.1/27 brd 192.168.42.31 scope global usb0 valid_lft forever preferred_lft forever 4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ieee802.11/radiotap 40:a5:ef:4f:11:f6 brd ff:ff:ff:ff:ff:ff root@wlanpi:/var/www/html/downloads#
The adapter shows up as wlan0 in this example
Determine which channel you would like to capture
Select the channel of the wlan0 interface by entering the following command based upon the channel
iwconfig wlan0 channel 60
Now we can use tcpdump to capture on this channel
tcpdump -i wlan0 -w wlan0-60.pcap
Open a browser and navigate to the ip of the wlanpi
Click on Downloads
Open your pcap file
To remove the files off the wlanpi, use the rm command. Be careful with this command
root@wlanpi:/var/www/html/downloads# ls iPerf SSH_client Wireshark wlan0-1.pcap wlan01.pcap wlan0-36.pcap wlan0-60.pcap wlan06.pcap wlan0.pcap root@wlanpi:/var/www/html/downloads# rm wlan0-1.pcap wlan01.pcap wlan0-36.pcap wlan0-60.pcap wlan06.pcap wlan0.pcap root@wlanpi:/var/www/html/downloads# ls iPerf SSH_client Wireshark root@wlanpi:/var/www/html/downloads#
Disabled Kismet from running at startup, can now be launched from the front panel menu or from shell by typing kismet
Adding Drivers for Proxim 8494
The wlanpi needs to download the drivers using the following command
apt-get install firmware-linux-free
Insert your Atheros AR9170 devices (carl9170) device into the wlanpi
Run this command to determine if wlan0 interface is present
root@wlanpi:/home/wlanpi# iwconfig lo no wireless extensions. eth0 no wireless extensions. usb0 no wireless extensions. wlan0 IEEE 802.11 Mode:Monitor Frequency:2.412 GHz Tx-Power=30 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off
I put together a short tutorial explaining how to use ARP to find out about network subnetting.
Open wireless networks have been a hackers dream for years. When the packets are not encrypted at the MAC layer, information can be captured in public spaces for any number of questionable purposes. Rasika has posted a great article on his website explaining how it works.
Enhanced Open – Part 1
Wifi Viking assembles a WLAN Pi. This little server is a very powerful WLAN troubleshooting device.
Project website is available @ http://www.wlanpi.com/
Things I have already done…
I ordered mine from https://www.friendlyarm.com/index.php?route=product/product&product_id=189
Paid for DHL delivery. Was quite fast.
Pull everything out of the box.
Connect the power supply to AC power plug and the other end to DC plug on the back of the firewall.
Plug the 0/WAN port into your internet connection. Plug the 1/LAN port into your computer. You will configure your network adapter with a DHCP configuration.
Power up the firewall by turning the switch on. Located on the back.
When the firewall boots up, your computer should obtain a DHCP address.
Subnet Mask: 255.255.255.0
Once this is complete, you will be able to manage the firebox by entering the following URL into your browser…
Default credentials are…
Click Log In to access the web GUI.
Create a new configuration. Accept the License Agreement. Click Next.
The WAN interface might automatically connect with a DHCP address. If this is how your network will be configured, press Next. I will assign a static public IP in this case.
Enter the Static IP information. Click Next.
Enter the DNS information. Click Next.
Configure the trusted interface. Click Next.
Enter your status and admin credentials so that the device is not accessible with defaults. Click Next.
We will not worry about the remote management. Click Next.
Configure the Device Name, Device Location and Contact Person. Decide if you want to provide feedback and check the box accordingly. Click Next.
Select the Time Zone. Click Next.
Select some of the more advanced control features. Click Next.
Review your settings. Click Next.
The firewall will apply the new settings. You will be given a new IP address in the new subnet.
Ubiquiti switching – I am deploying the non-POE lite version on a current project. This appears to be an enterprise-grade switch at a SOHO price point. Steel case, DC power option and standard console cable. Specs are comparable to long-established equipment providers.
To access console terminal, connect console rollover cable to console port on the rear of the switch.
Data bits 8
Stop Bits 1
Flow Control NONE
You will need a USB to Serial adapter for most modern computers. Use Device Manager to determine COM port.
I received the following scrambled output while using an HL-340 USB to Serial Adapter…
I used my Trendnet adapter and it worked.
(UBNT EdgeSwitch) >en
(UBNT EdgeSwitch) #terminal length 0
(UBNT EdgeSwitch) #show run
Show Interface Information
(UBNT EdgeSwitch) #show interfaces status all
Generate the crypto key for SSH.
(UBNT EdgeSwitch) (Config)#crypto key generate rsa
(UBNT EdgeSwitch) (Config)#crypto key generate dsa
Make sure they are both present. Disable Version 1.
Here are some CLI commands for setting up SSH.
ip ssh server enable
ip ssh protocol 2
(UBNT EdgeSwitch) (Config)#show ip ssh
Administrative Mode: …………………….. Enabled
SSH Port: ………………………………. 22
Protocol Levels: ………………………… Version 2
SSH Sessions Currently Active: ……………. 1
Max SSH Sessions Allowed: ………………… 2
SSH Timeout: ……………………………. 5
Keys Present: …………………………… DSA RSA
Key Generation In Progress: ………………. None
CLI Write Memory To Save Config
(UBNT EdgeSwitch) #write memory confirm
Config file ‘startup-config’ created successfully .
The Edgeswitch comes with a default management IP address of 192.168.1.2
There is a cool tool for chrome that allows layer2 Ubiquiti device discovery. Ubiquiti Device Discovery Tool
Once installed you can access it from chrome by copying this into the URL… chrome://apps
You will need to set your network inteface IPV4 settings to 192.168.1.X (not 2) to reach the switch. (Or your can also use DHCP.) I like to know what switch I am working on by using the default IP directly connected.)
Make sure you can ping the switch.
Now you can access the management webpage from a browser by opening 192.168.1.2
Enter the username and password ubnt/ubnt and accept the terms if moved to do so.
GUI VLAN Setup
Add the new VLANs. I start by entering VLAN 3. Click Add.
Change the name once the VLAN is added. Click Submit. Repeat for the other VLANs.
Assign Untagged, Excluded or Tagged ports by toggling between U, E and T by clicking on the letter on the VLAN row. Make sure to leave your current management port untagged VLAN 1.
In this example, I am using port 23 and 24 for untagged VLAN 3 and tagged VLAN 4 backhaul traffic. Fiber ports 25 and 26 are tagged for potential future backhaul.
Setup Rapid Spanning Tree
I prefer to use Rapid Spanning Tree. The switch comes by default set to Multiple Spanning Tree. There is no need to run MST given our topology. Effectively MST will run like RSTP but what is the point? Just run RSTP to begin with.
Switching > Spanning Tree > Switch
Select IEEE 802.1w. Click submit.
GUI Management IP Setup
Finding the IP address in the legacy interface can be a challenge. The bread crumb to reach the interface configuration is…
System > Connectivity > IPv4
Enter the management IP address information. Select the Management VLAN ID. In this case we will use VLAN 3 for management.
WHEN YOU CLICK SUBMIT YOU WILL NEED TO CHANGE YOUR COMPUTER IP ADDRESS TO MATCH THE NEW SUBNET. YOU WILL ALSO NEED TO MOVE TO A PORT ON THE MANAGEMENT VLAN SETUP ABOVE.
Once you change your IP to the correct subnet. You will be able to log in on the new address.
Go back to the VLAN menu and program the original VLAN 1 management port to the VLAN it will used for.
Determine what the latest firmware revision is available on the site.
We will use ES-eswh.v1.8.2-lite.5192445.stk
Navigate to Basic>Firmware Upgrade
Navigate to the folder containing the firmware file and click Open.
Once the Transfer is complete, click close.
Click on the Restart Switch tab. Basic > Restart Switch
Make sure that you have saved the configuration before reloading the switch.
Through CLI you can issue the following…
(UBNT EdgeSwitch) #show version
System Description……………………….. EdgeSwitch 24-Port Lite, 1.8.2-lite, Linux 3.6.5-1b505fb7, 22.214.171.12457129
Machine Type…………………………….. EdgeSwitch 24-Port Lite
Machine Model……………………………. ES-24-Lite
Serial Number……………………………. 18E8294A815A
Burned In MAC Address…………………….. 18:E8:29:4A:81:5A
Software Version…………………………. 1.8.2-lite
Make sure all your switches are running the same firmware.
Setting Up Time Servers
I tried using the default time servers. They did not work for me. I have always had trouble with name servers on switches. DNS resolution can be problematic even on the old school brands. I ended up loading resolved IP addresses for the servers and was able to get it working right away.
sntp unicast client poll-retry 10
sntp client port 123
no sntp server “1.ubnt.pool.ntp.org”
no sntp server “2.ubnt.pool.ntp.org”
sntp server “126.96.36.199”
sntp server “188.8.131.52”
sntp server “184.108.40.206”
sntp server “220.127.116.11”
clock summer-time recurring USA offset 60
clock timezone -8 minutes 0 zone “PDT”
LLDP is configured by the port on Ubiquiti switches.
To send all traffic…
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
To prune LLDP traffic on port both directions…
no lldp transmit
no lldp receive
To listen for LLDP packets and not transmit…
no lldp transmit
Some helpful LLDP commands…
(UBNT EdgeSwitch) #show lldp remote-device all
LLDP Remote Device Summary
Interface RemID Chassis ID Port ID System Name
——— ——- ——————– —————— ——————
0/24 3 18:E8:29:4A:81:5A 24 OtherSW
(UBNT EdgeSwitch) #show lldp remote-device detail 0/24
LLDP Remote Device Detail
Local Interface: 0/24
Remote Identifier: 3
Chassis ID Subtype: MAC Address
Chassis ID: 18:E8:29:4A:81:5A
Port ID Subtype: Local
Port ID: 24
System Name: OtherSW
System Description: EdgeSwitch 24-Port Lite, 1.8.2-lite, Linux 3.6.5-1b505fb7, 18.104.22.16857129
Port Description: Uplink
System Capabilities Supported: bridge, router
System Capabilities Enabled: bridge
Time to Live: 114 seconds