• Home
  • WIFI Techtalk

The forgotten of Public Wi-Fi Internet Access


When talking about guest internet access like Wi-Fi hotspot, the services owner tend to require a fancy captive portal, logon page, pre-login page, guest page (or whatever you call it) to perform something ‘personally’ they intend to.

The most common requirement is advertisement. Not the common style, but most interactive and complicated way. They hope to feed Wi-Fi user for free with as much as information during the logon process. Force video streaming is a very good example that people used to implement. Users require waiting after the video then only allowing for accessing. However, do you think people will care or pay attention on your advertisement while their intention is to use internet only? Besides, this way seems not respect the customer. Customers consider pay for the services because they already paid for the primary product that you sold to them (like coffee and foods). Why continuous feed people with ‘junk’ information while people already paid for it? Furthermore, your customer role will turn into ‘product’ if you force feed them with your information.


After advertising, people would like to collect customer information before logon to their internet services. They desperately want to do so even they know there is no way to confirm customer will insert the genuine information. A fast food restaurant in Malaysia, they are asking private information like monthly income & telephone number. If you are user, do you bother to insert the genuine information? Not only that, the system will automatically log you out for some idle period and you might need to insert the data again the next time you login. The system unable to recognize you already filled in. For mobile user, you will have more trouble to fill up that information in not mobile friendly page. Luckily, Steve Jobs invented mobile device with simple finger zoom function. Else, you are definitely in deep trouble.


Some of the people want to show off a fancy introduction regarding their location and services provided before their guest login the user to internet access. This fancy portal will work fine with location less than 100 concurrent users. For location with huge amount of user (500 and above), to load this fancy portal it consume the processing power, memory and bandwidth of web server, internet gateway and connectivity devices. Means, you make compulsory for the users to load the page and purposely let them slow down your devices. Sound ridiculous right? Furthermore, more fancy the page means higher chance the code will have bug. With more things in a single portal, it will create confusion to users as well. You also will have issue with web browsers because different kind of web browser will execute your fancy coding differently.


Are you kind of people that will simply give ‘like’ in Facebook or any other social web? Some of the Wi-Fi login portal will request you to ‘like’ their page before let you proceed to their complimentary Wi-Fi internet services. This doesn’t work on users that treat high priority on their personal privacy. Not everyone likes to share their location or information publicly. Most of the time, user also avoid to do free publicity for services that we already paid like hotel.

Sometimes Wi-Fi service providers forgot the very first and important mission to achieve, to provide usable internet access to their customer as one of their complimentary services to support their primary business. For example, coffee house provide Wi-Fi as a convenient to customer to reply email and text while lay at sofa and drinking cappuccino.

Always remember, simple business identical Wi-Fi login portal with very clear instruction is very important to gain better guest experience toward your business. Not the force advertisement, information gathering, fancy portal and social media style login. Besides, it must be mobile device friendly page as well. Again, the objective is to provide usable Wi-Fi internet access to your target group and secure your primary business!



So Call WiFi Heatmap?


What I going to show you next definitely is beyond a WiFi heatmap. WiFi signal is something that we cannot see and feel. In fact, our life becoming more and more depend on something we cannot see and feel. Do you ever wonder how actually the WiFi look like? Sound ridiculous? Yes, it is ridiculous!

A student Luis Hernan from UK invented some custom-made instrument can detect the WiFi signal strength and generate a series of photo to show you how exactly WiFi look. It continuously scan for RF signal and transforms the wave to some colour line. Blue is strongest signal and red is lowest. Different place and surrounding will generate different pattern of colour wave. The colour wave will disturb by mobile phone signal, gesture of human, and any moving item.

Believe it or not. Enjoy the WiFi art!


Wi-Fi Signal penetration


For the usual location, which location will give more challenge to Wi-Fi penetration? School? Office with full furnish? Factory with a lot of machinery? Warehouse with ton of item? Even library full of book???

The usual toughest location for Wi-Fi penetration is hotel environment. The usual location here means place that normally need Wi-Fi services but not unique location like Pentagon, White House or in Malaysia Prime Minister's Office (just a few random example only). The mentioned location will give challenge to Wi-Fi signal caused by unique building structure itself.

If you are professional Wi-Fi vendor in Malaysia, definitely you will face signal penetration issue with most of your hotel project. You will have issue like weak signal strength in certain room after deployment if the access point not placing in every single room. Hotel with 20 rooms you still afford to put 20 access point. But how about a hotel with 200 or 2000 rooms? Are you going to request your customer to buy 200 or 2000 units? If you doing so, for sure the quote will make your customer heart attack. But if you didn't, guest room signal penetration is weak (even death spot). Hotel normally is build with very good sound and fire proof system. This is definitely good for hotel guest but is totally not for Wi-Fi radio frequency. Wi-Fi signal is one type of RF, if you block the sound from penetration means you will block the Wi-Fi signal as well. As a result, access point located along the corridor not able to send the signal to the guest inside the hotel room.

Our AP mounted 25 feets from floor

Good mounting kit make your AP look good on top ceiling

Then people will start think put the AP inside the room. Few issues here if you put the AP inside the room. Hardware maintenance is an issue. Hotel management need to shut down the guest room during the maintenance. This will cause lost to the hotel. Thief is another issue. For IT elite guest, they will check out together the AP when they left hotel. If you hang at the ceiling, guest will feel threaten by unknown device on ceiling.

Our man hide an AP on top ceiling of a hotel

Want to have better solution for hotel WiFi system? Please talk to us. We will give you a complete total hospitality solution based on our current reference site. Email us today at alex@kiwespot.com


Step by step to crack Wi-Fi WEP encryption


For your information, WEP encryption is totally no safe at all! It can be crack within few minutes time with little effort only. WPA & WPA2 tend to have higher grade of security because you might need to match the sniff packet with the dictionary (database of all the password possibility). Perhaps, it is a 50GB text file or 100GB text file, who know? However, it seem like impossible to contains all the possibility of WPA & WPA2 password in a single text file.

So, I will demonstrate step by step on the WEP cracking process here. However, please ask permission from the owner first before doing anything silly on other people wireless network. Please take you own risk before you try the below step.

1. First of all get all the necessary tools for wireless crack. For me, I will use Backtrack 5 R3 as my based OS. Fyi, backtrack pre-loaded with all the software required by this lab. You can search for backtrack on google and download it before you start. I won't explain much on backtrack here. The software that need as follow,

Backtrack 5 R3 (the latest version for now)

2. You need to get a compatible wireless card or adapter to make this work. You may google "compatibility list of wireless adapter for aircrack". Then you will get the link. For here, I am using D-link 802.11b/g wireless adapter (DWA-110).

3. Launch the terminal in backtrack. Issue the command, iwconfig. If your wireless card detected then it will show you in the list. This is quite similar to windows ipconfig but this only show details for wireless interface in linux system.

Wireless interface detected as wlan0. So, the rest of work will use wlan0 as interface

4. Make sure you mode in Monitor mode. Most of the time the mode will in Managed mode. So, you need to change it as follow command.

To change from Managed mode to Monitor mode.

5. Start to scan the wireless network. Type :

airodump-ng wlan0

You will get the result as follow. Airodump-ng will help you to scan thru all the wireless network AP & host nearby your wireless card or adapter. You will see a list of SSID & wireless in the result.

There are 2 SSID and 1 client detected on the scan.

6. We going to crack password for SSID named FreeInternetAccess. There is a client connect to the SSID. Type the below command to collect wireless network packet.

airodump-ng --bssid 00:xx:xx:xx:21:30 -w /root/Desktop/test wlan0

--bssid, the SSID you going to collect wireless packet. -w /root/Desktop/free, you going to write the file to desktop and name it to test as pre-fix.

The command to sniff and collect wireless packet to a single file.

The screen you will get after issue the command.

7. For you to crack the WEP key, you need to collect at least 25k packets data. Normal user traffic is slow for us to hit that number of packets. So, we try to generate some wireless traffic using aireplay-ng. Type :

aireplay-ng --arpreplay -b 00:xx:xx:xx:21:30 -h C0:xx:xx:xx:37:47 wlan0

During the traffic generation, you will get something like this.

8. Stop the packet collection (by press ctrl+c) once reach 25k of it.

Under the data show 25k of packets.

9. Check your desktop. You will see few files already there because we save it to desktop.

The few files created from airodump-ng.

10. Lastly use aircrack-ng to crack the .cap file. Please take note that the number of 01 will automatically add on to the original pre-fix of file name. For this case, the file name will be free-01.cap Type :

aircrack-ng free-01.cap

The key for this wireless SSID is C5:EE:B4:0F:A4

11. Done.

Alex Tan

Please take note again, this tutorial is strictly for educational purpose only. Use it on your own risk.


802.11ac in Malaysia for year of 2014


802.11ac

802.11ac is a new Wi-Fi standard announced in the year of 2013.It is a standard which can offer you so called Gigabits high speed Wi-Fi networks. For the very first time the Wi-Fi speed is more than the normal traditional wired Gigabits port.

As a result, all the latest mobile devices are manufactured without the wired port. It's not only apply to mobile tablet but laptop as well. The approach of ultrabook to eliminate the port was quite surprising for me. This trend is being bought up by Apple for sure. The very first mobile laptop without wired port - Apple Macbook Air. If you require a wired port, there is an optional USB convertor for you. Since when the essential legendary wired connector become an OPTIONAL item?

Thunder port to Gigabits port convertor

If you ask me whether the wired port will be extinct?

Alex Tan

Director Kiwespot Solution

Definitely not for now. The high speed Wi-Fi is only serve best for the end clients. It isn't meant for mission critical operation. As you know, data travel across the free air is not safe at all and delivery process is unexpected. Besides, the air is a shared medium means you definitely won't have dedicated speed like wired. There are still plenty of issues when the data travel thru the air as a medium.

Back to the 802.11ac story, how will it progress in Malaysia for year of 2014. As expected the new technology is still very pricy. SOHO manufacturer started to offer it before enterprise did. All the Lowyat stores are already busy offering the 802.11ac access point. All the salesman blow this technology up like no other. The issue now is there are limited devices come with 802.11ac compatibility. End up you'll need to purchase the external USB adapter which is just started offer locally. But make sure you go for USB 3.0 version of adapter. Else you'll get stuck at 480Mbps speed due to USB 2.0 speed limitation.

A 802.11ac SOHO router

As per enterprise market, they are starting to offer the new product. But not all. There are still few vendor lacking of 802.11ac product. Personally, I think the enterprise just finished or completed the 802.11n mission. Which they are happy with it. Definitely the next budget allocation won't be these recent years. As mentioned, the end clients is still lacking of 802.11ac compatibility so they have no reasons for the upgrade. In enterprise field, when you upgrade something make sure you utilize it or else it will be a big waste. Perhaps only new deployment with plenty of budget will be adopting 802.11ac infrastructure rather than upgrade the existing infra. Like 802.11n few year back, they need around 3 to 4 year time to fully migrate from legacy 802.11b/g.

In term of technology itself, what is the reason behind making 802.11ac run faster than it previous ancestor 802.11n? There are only two main reason, more channel bonding and more spatial stream compare to 802.11n. Theoretically, 802.11n only can have maximum 40MHz channel bonding and 4 spatial multiple stream. So, 802.11n able to run up to 600Mbps per radio. However, no manufacturer offer 600Mbps per single radio 802.11n devices. I have no idea why, perhaps there is limitation on this. For 802.11ac all it did was just increasing the existing number of channel bonding and data stream to boost the speed over Gigabits. When you need to bond more channel means the legacy 2.4GHz spectrum have no enough non-overlapping channel to support this technology. Therefore, 802.11ac is not compatible with 2.4GHz and only running on 5GHz spectrum.

Channel bonding in 5GHz spectrum

However, there is a good enhancement on 802.11ac which allow simultaneous transmission to multiple clients. Means clients do not require to queue up for Tx and Rx. Maybe, no more airtime fairness issue keep mentioned on 802.11n technology?

Lastly, 802.11ac is worth upgrading for home use which allow HD movie streaming and big file transfer. However, for enterprise market you'll need to wait patiently until the technology become more common for most of the device because the upgrading will cost you a lot. Besides, 802.11n access point still work fast enough and reliable to serve your wireless clients.

Latest Blog


© Kiwespot Solution All right reserved.