Archive for July, 2006

Setup WiFi – And WPA – Carefully

July 23, 2006

Setting up a WiFi LAN is a great experience. The convenience of surfing the web from your back yard, or sharing files between your main computer and your music server, without running wires here and there, is exhilarating. But there is stress involved.

When you connect a computer to a WiFi LAN, with WPA (and WPA-PSK is absolutely the minimum security measure that you should – no must – take), you are testing a number of things, simultaneously.

  • The WiFi router.
  • Your computer.
  • Your WPA setup.

Now if you do this carefully, and with a small amount of preparation, the whole project can take an hour – or less. Plan it wrong, or make a mistake, and you could be days figuring out the problems. Use a layered strategy – similar to layered testing.

  1. Get each computer connected, by Ethernet, to each other.
  2. Setup, and copy, a key set to each computer.
  3. Get each computer connected, by WiFi, with no security.
  4. Setup WPA on the router, and on each WiFi client.

The different WiFi router vendors have different ideas what type of key their WPA security should work with. Steve Gibson’s GRC “Perfect Passwords” Generator will give you a choice of 3.

  • 64 random hexadecimal characters (0-9 and A-F) (not case sensitive):

    1DBE12287EC82B22233C74B356BAC5E4EDC1447168B5F5A9C985C154220E0568

  • 63 random printable ASCII characters (case sensitive):

    Hb+r#^S-T/1!JTP0_~SB 4&rQ7|s”q)7S`teMB`]x_uGATQQ-{B:=%W/_”)$w6h

  • 63 random alpha-numeric characters (a-z, A-Z, 0-9):

    0btNigYpFmG5MGDBahRnw203t6jQlCYCNcuvCYgGAZVCFSLSwp7deBMj9Iy7Vfr

All I do is to go to the web page (where it generates a new key set each time – try it), copy the six lines (as in the above list) to a Notepad file, and save the file. Then, with all computers connected by Ethernet (step 1 above), copy the file to each computer. Depending upon the router, one key may work properly, while another won’t. Having 3 possibilities, in an identical set on each computer, means repeatedly copying and pasting, without having to worry about getting the computer back online, by other means, to simply copy another file.

After you copy the key set to each computer, start up the WiFi radio, and the WiFi clients. Start with WiFi in open (unencrypted) mode. Make sure that the router works, and you have a working signal, by testing without setting up security.

After you can connect the computer without security, and all network functions work, add WPA-PSK security.

  • Configure the router – copy the appropriate portion of 64 random hexadecimal characters into the router management program.
  • Copy the identical portion of 64 random hexadecimal characters into the client computer WiFi client manager setup wizard.
  • Test the WiFi client. If it works, fine. If not, repeat these steps, trying the 63 random printable ASCII characters, and finally the 63 random alpha-numeric characters.

This is 3 times as complex as it needs to be, and after you’ve done this a few times, you’ll be able to simplify these procedures. But for the first couple times you do this, the careful planning, and the lowered stress level, will make it easier to not make mistakes. By not making mistakes, you’re more likely for this to work. And making it work is the reason for my writing this in the first place.

Advertisements

Advanced Windows Networking Using Internet Protocol

July 7, 2006

Windows Networking, the subsystem that lets you share files and printers between computers running the various versions of Windows, uses Internet Protocol to attach to the physical networking components, in it’s default state. It will use alternate network transports, for those with special needs.

Starting with Windows 98, and in every version of Windows since then, Windows Networking has used NetBIOS Over TCP (NetBT) as an interface between Internet Protocol and the various applications. Windows 2000 and XP, however, will run Windows Networking without the involvement of NetBT. This is known as direct hosting of SMB (Server Message Blocks).

To remain compatible with the older versions of Windows, a Windows Networking client, under Windows 2000 or Windows XP, can uset either direct hosted SMBs or NetBT. If direct hosted SMBs are available, on a given server, a Windows Networking client will bypass NetBT and use direct hosted SMBs, when communicating with that server.

This dual compatibility, allowing Windows 2000 / XP clients to communicate with computers running other editions of Windows, is not without cost. Trying for two communications channels, when establishing a connection with any server, increases program complexity and network traffic. In some cases, it may increase latency.

If your LAN

  • Has a domain.
  • Has computers running only Windows 2000, Windows 2002 (aka Windows XP), and Windows 2003 (aka Server 2003).
  • Uses DNS, properly setup, for name resolution.

then you may wish to disable NetBT, and use direct hosted SMBs.

In TCP/IP Properties, Advanced, WINS, select Disable NetBIOS Over TCP/IP. Alternately, if you have the Default NetBIOS setting selected (instead of “Disable” or “Enable”) on your client computers, and you have a DHCP server (not a NAT router with DHCP), you can disable NetBT from a DHCP server setting.

If you use direct hosted SMBs, whether alternately or exclusively, be aware of the security implications.

  • NetBT uses TCP and UDP ports 137 – 139.
  • Direct hosted SMBs use TCP port 445.

Be sure to adjust the settings on the firewall, appropriately.

Sharing Files With The XBox 360

July 1, 2006

The XBox 360 is a gaming computer, and more. As a computer, it’s perfectly capable of sharing files, music, movies, what have you, with any computer on the LAN.

Since the XBox 360 is built on the Windows Media Center Edition platform, it can’t join a domain. You’ll do better having your computers in a workgroup.

You’ll need either Windows Media Connect or Windows Media Center Extender. You may find additional information in: