A. Preparation

Before you begin assembling the network, follow the steps below:

  1. To start a shell running "as administrator": 1. click on the Windows orb at the bottom left. 2. type cmd (but not enter) in the search box at the bottom of the resulting pop-up window. 3. right-click on command prompt icon and select Run as administrator.
    Start a Windows Command Prompt shell as administrator. Do this by right-clicking the command prompt icon and selecting Run as administrator. All the network configuration commands (starting with the very next item!) should be given in this shell, because they require superuser priveleges.
    Suggestion: Launching two or three cmd processes (i.e. keeping multiple shell windows open) will make this lab easier.
  2. Issue the following command (in an administrator shell!), which will clear your old network settings (which you got via dhcp):
    ipconfig /release
  3. click on icon for wireless connections (i.e. the "bars" icon) at the bottom right of your screen. Click on usna-wap and click on the disconnect button.
  4. You can turn the Windows firewall off with the GUI with the following: From the Windows Start Menu, navigate to the "Windows Firewall" control panel (Start->Control Panel->System and Security->Windows Firewall) and click on the "Turn Windows Firewall on or off" option from the left panel. From this new menu, turn off the firewall for all three network locations and click OK.
    Issue the following command (in an administrator shell!), which will turn off the Windows Firewall:
    netsh advfirewall set allprofiles state off
  5. Issue the following command (in an administrator shell!) which will clear your ARP cache:
    arp -d
 ↑ Worksheet questions 

B. Build a Wireless Network

4 computers connected to a single switch. In this first part of the lab, you will create a wireless 802.11 network to communicate with your classmates. As discussed in class, the most basic wireless network consists of a base station and host stations. Step 1 of creating a wired network was to connect each host to your switch (with cables of course). So right off the bat things are different with wireless. The problem we have is this: there are 5 base stations in the room, each of which has the default SSID "dlink". In order to connect to your group's base station, you need to give it its own unique SSID — i.e. its own name. However, in order to give the base station its own SSID, you need to connect to it. We seem to have a chicken-egg kind of problem! The solution is to connect one of your group's laptops to the base station with an ethernet cable, and to configure the base station's SSID that way. Then you can remove the cable and all connect wirelessly!
Note: Before you start the steps below, you need to reset the base station, i.e. erase any prior configuration changes and restore it to its factory settings. You do this by using a pen to press and hold the reset button on the back of the Base Station immediately after plugging the base station in. You should hold the reset button down for at least five seconds.
Step B.0: Setting the Base Station's SSID [Done by group leader!]
One member of your group must connect his laptop to your group's Base Station with an ethernet cable so that you can configure the SSID. That one person must set the IP address and subnet mask for his "Local Area Connection" (as opposed to "Wireless Network Connection") to 192.168.0.51 and 255.255.255.0 with the command (Important: must be run in an administrator shell)
netsh interface ipv4 set address name="Local Area Connection" source=static address=192.168.0.51 mask=255.255.255.0
The Base Station's configuration is controlled through a webpage — which means that the Base Station actually runs a basic webserver whose sole purpose is to host the configuration settings webpages.
You can connect with http or with https. Does it matter which you use at this point?
So ... Connect to your Base Station's administration webpage by entering the address 192.168.0.50 in your browser's URL bar. You will be greeted with a login page, the username is admin and there is no password.

Choose Basic Settings and then Wireless from the left-hand-side of the webpage. There is a field for SSID, which by default is set to dlink. That means that, right now, all 30 of the SI110 Base Stations are sitting there broadcasting their names as dlink. That's why we have to change things! Make up a unique name without spaces or puncuation characters! and change its SSID to that name. Make sure it's unique, and make sure you remember it! Save this change by first clicking the Save button, then clicking on the Configuration tab and then clicking on the words Save and Activate in the little pop-up that results. The system will tell you to wait 60 seconds. Now, disconnect the ethernet cable.

 ↑ Worksheet B.0 

Step B.1: Setting each group member's IP Address and Subnet Mask
Normally, hosts on a wireless network get their IP addresses and subnet masks via DHCP. However, we're not in a position to setup a DHCP server for this lab, so we will set these manually (as we did in the wired networks lab). You must coordinate with your group members when setting your IP addresses to prevent having two hosts with the same IP address. Use the table and form below to assign IP addresses for your group.

Enter the following information to generate a command to copy and paste into your Windows shell.

IP Address:   
Subnet Mask:
Group Number   Assigned IP Addresses   Subnet Mask
Group 1   85.170.15.1   - 85.170.15.4   255.255.255.224
Group 2   85.170.15.33  - 85.170.15.36   255.255.255.224
Group 3   85.170.15.65  - 85.170.15.68   255.255.255.224
Group 4   85.170.15.97  - 85.170.15.100   255.255.255.224
Group 5   85.170.15.129 - 85.170.15.132   255.255.255.224
This command must be entered into a shell that is running "as administrator"! See step A.1 for details.
 
 ↑ Worksheet B.1 

Step B.2: Connecting to the Base Station & Testing connectivity
Now that you have set your Base Station's SSID and set your own IP Addresses, it is time to actually connect to the Base Station and test your connection to the other memebers of your group.
  1. click on icon for wireless connections (i.e. the "bars" icon) at the bottom right of your screen.
    Click on the SSID you gave your Base Station.
    Click the Connect button.
    Note: you might get an error message after 10 or 20 seconds, but if you dismiss it and click again on the wireless connections icon, you should see that it lists you as "connected".
  2. Verify your IP address and subnet mask are correct by executing the ipconfig command in the Windows shell.
    Note: If they're not set correctly, execute the netsh command above.
  3. Ping the other members of your group to verify you are all connected.
  4. Carry on a netcat (nc) chat with another member of your group, to further test you network.
    Recall: The server runs nc -l -p 15123 while the client connects to the server with nc IPADDRESS 15123 . Of course you can use whatever port number you like.

Congratulations! at this point you have a functioning (but isolated!) wireless network.
 ↑ Worksheet B.2 

Group/Port Mapping
9876
1 2 3 4
5      
5432

C. Connect the Network to Other Networks

Launch the XIRRUS WiFi Inspector program, and find your base station. You should be able to read off interesting information about it, like its BSSID and the channel (frequency band) it's using.  ← Worksheet C.0 
Now look at the many, many base stations broadcasting. There are the other four networks from your classroom, plus USNA-WAP, and probably base stations from nearby classrooms where other sections are going through this lab. At this point, you could join a different network if you wanted (don't, we don't have time!). That would allow you to communicate with a different network, but then you would no longer be able to communicate with the other hosts on your group's network!

As you are hopefully aware by now, communication between hosts on different networks requires routers. If you connect the Base Station to a router port, that router will act like a host on your network, even though it's not using WiFi like the others. That this works is a nice benefit of Ethernet and WiFi both using MAC addresses for Link Layer addressing!

  1. Connect your Base Station to the router using the table to the right to determine where to plug into the router.  ← Worksheet C.1 
  2. Find the IP address of a member of another group, and ping it. What error message did you get? Why didn't the ping work?  ← Worksheet C.2 
  3. When a host sends a packet to a host on another network, that packet must go to the host's gateway router. So, set your host's Default Gateway address based on your group number. The complete table is below:
    Copy and paste the following command (minus the comments in green) into the administrator command prompt.
    Group Number   Assigned IP Addresses   Subnet Mask   Default Gateway
    Group 1   85.170.15.1   - 85.170.15.4   255.255.255.224   85.170.15.30
    Group 2   85.170.15.33  - 85.170.15.36   255.255.255.224   85.170.15.62
    Group 3   85.170.15.65  - 85.170.15.68   255.255.255.224   85.170.15.94
    Group 4   85.170.15.97  - 85.170.15.100   255.255.255.224   85.170.15.126
    Group 5   85.170.15.129 - 85.170.15.132   255.255.255.224   85.170.15.158
    This command must be entered into a shell that is running "as administrator"! See step A.1 for details.
    route add 0.0.0.0 mask 0.0.0.0 <GatewayIP>  
    adds a default gateway address for all foreign networks. The 0.0.0.0 mask 0.0.0.0 is a fancy way of saying all networks other than my own
    This command will set your Gateway Router.  ← Worksheet C.3 
  4. Test connectivity to other networks by pinging a host on another network.
  5. Traceroute (use the "-d" option, like this: tracert -d) a host on another network to verify that your packets really are sent via the gateway router.  ← Worksheet C.4 
  6. Do a netcat (nc) chat with a classmate on a different network.
  7. Extra fun: Connect with your phone
    After you've done the broadcast thing, if you've got some time to kill you might like to try this: If you have a smart phone, you can connect to the access point, set the IP and subnet mask (and gateway), and then you're like any other host. I'm giving iPhone directions, but you could do the same with a Droid.
    1. Choose Settings, then Wi-Fi, click on the little pointer-thingy to the right of your Base Stations ESSID, and fill in IP Address, Subnet Mask and [Gateway] Router. Use an IP Address that is the next available number after the four in your group's range.
    2. Have one of your classmates ping the IP Address you just used ... it ought to work! If he checks in his ARP table (arp -av) he should see your IP and MAC address. You can verify that he's really got your phone's MAC: check Settings, General, About and look for "Wi-Fi Address".
    3. For real fun, you can have a classmate pretend to be a web-server and pull up his "page" with your phone's browser. Here's how:
      1. friend does nc -l -p 80
      2. you enter his IP in your phone's browser address bar
      3. freind should see your browser's HTTP request pop up, and respond by pasting in the following code (and then hitting enter a couple of times):
        HTTP/1.1 200 OK
        Content-Length: 56
        Content-Type: text/html
        
        <html>
        <body>
        This is a real webserver!
        </body>
        </html>
    Give the command arp -a and examine the results. You should see an IP address which looks like it might be on your network and that maps to the physical address ff-ff-ff-ff-ff-ff. This IP address is the broadcast address, and any packet with it as the destination IP gets sent to all hosts on the network. With the help of UDP, we'll try using the broadcast address. Choose one member of your group to be the sender. The rest are receivers. All the receivers should give the following command:
    nc -u -l -p 20202
    In other words, receivers are listening on UDP port 20202. The sender then gives the command
    nc -u BROADCAST-IP 20202
    ... where BROADCAST-IP is the broadcast IP address for your network, which you read off of the ARP table. The sender then types a message and hits enter. All other group members (receivers) should receive that same message simultaneously.  ← Worksheet C.5 

D. Instructor Demo I

STOP AND WAIT FOR INSTRUCTOR DEMO!!

When all groups are connected - or enough are connected - your instructor is going to go through a little demo with you. Pay attention and answer the associated question on the lab worksheet.

 ↑ Worksheet Section D  

E. Securing your wireless network

All group members: disconnect from your wireless network by clicking on the "bars icon" at the bottom right, and clicking on your ESSID, and clicking on the disconnect button.

Group leader only: Reconnect via ethernet cable to your Base Station. Point your browser at 192.168.0.50 and login to the Base Station's administration page with username admin and no password.

  1. Task: Change Administrator password!
    click on the Maintainance tab and choose Administration Settings from the resulting popup
    Check the Login Settings box
    Enter in your new password in the New Password and Confirm Password boxes.
    click the save button
     ← Worksheet E.1  

  2. xkcd.com/416/
    Task: Turn on WEP
    Click Basic Settings and choose Wireless from the menu on the far right
    Under Key Settings check Enable
    Under Key type choose ASCII
    Makeup a 5 character key (a "password" for your network) & enter it in the Network Key and Confirm Key text boxes.
    Click the save button
    Click on the Configuration tab and then click on the words Save and Activate
     ← Worksheet E.2  
  3. Reconnect your Base Station to the router.

All group members: reconnect to your wireless network. You will be prompted to enter your WEP key (and you can't join the network if you don't have it!). Do not check the "hide characters" box when you enter the key! Verify that you are really on the network by pinging the members of your group, and by pinging an outside group member.
 ↑ Worksheet E.3  

F. Instructor Demo II

STOP AND WAIT FOR INSTRUCTOR DEMO!!
When all groups have WEP enabled - your instructor is going to go through a little demo with you. Pay attention and answer the associated question on the lab worksheet.
 ↑ Worksheet Section F  

G. Postlab Restoration

Setting up a new network requires configuration changes to every host added to the network, as you saw today. Before you reconnect to the USNA network, you must undo the changes you made in lab.
  1. Group Leader: pull up your Base Station's configuration manager and reset its SSID to dlink, turn off WEP, and reset its admin password to be no password. Save configurations as described above. When it is done, take a pen and use it to press and hold for five seconds the reset button on the back of the Base Station.  ← Worksheet G.1  
  2. You can turn the Windows firewall off with the GUI with the following: From the Windows Start Menu, navigate to the "Windows Firewall" control panel (Start->Control Panel->System and Security->Windows Firewall) and click on the "Turn Windows Firewall on or off" option from the left panel. From this new menu, turn on the firewall for all three network locations and click OK.
    Important: Issue the following command (in an administrator shell!), which will turn off the Windows Firewall back on
    netsh advfirewall set allprofiles state on
     ← Worksheet G.2  
  3. Next copy and paste the following commands into the Windows shell (which tells the system to revert back to dhcp for both the wired and wireless interfaces):
    This command must be entered into a shell that is running "as administrator"! See step A.1 for details.
    netsh interface ipv4 set address name="Local Area Connection" source=dhcp
    netsh interface ipv4 set address name="Wireless Network Connection" source=dhcp
     ← Worksheet G.3