1 Wireless Scanning & Antenna Lab

1.1 Exercises

In this exercise you will use a Mikrotik router to understand how a reflector can increase the gain of a standard monopole antenna.

We'll use a serial console to attach to the Mikrotik, so you'll need a USB port and a serial to USB adapter. We'll supply the adapter for this lab.

Windows users will need the Terminal Emulator called PuTTY, available here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Linux users will need Minicom: apt-get install minicom or yum install minicom

1.2 Connect to your router

Connect the adapter cable to a free USB port on your laptop.

1.2.1 Windows Users:

Open the "Device Manager" application in Windows. In the "Ports" section you should see the new device. It will be appear as a "USB Serial Port" and should be assinged to a COM port, such as COM4.

Now launch PuTTY. Choose the connection type of Serial. Set the COM port to the one you found in device manager, and the speed to 115200, then click "Open".

Press enter once or twice and you should see a login prompt.

1.2.2 Mac Users:

From a terminal, type:

ls -ltr /dev/*usb*

This will help you find the USB serial device you just added. Then start "screen" using the device you just found:

screen /dev/tty.usbserial-DEVICENAME 115200

Press enter once or twice and you should see a login prompt.

1.2.3 Linux Users:

From a terminal, type:

dmesg |grep tty

You should see your device at the end of the list. It might look like this:

[ 2843.525905] usb 2-2.2: FTDI USB Serial Device converter now attached to ttyUSB0

In this case, your device will be identified by /dev/ttyUSB0. Now launch minicom with:

sudo minicom -s

Choose the correct device, and set your line speed to 115200. Save this configuration as default "def", then "Exit" from the configuration screen and you will have a connection to the router. Press enter once or twice and you should see a login prompt.

The next time you run minicom, you can skip the -s and you will be taken straight to the current configuration

1.3 View and enable your routers interfaces

When you first connect, you should see this on the screen:

MikroTik 6.32.3
MikroTik Login: 

Log in with the username "admin" and no password. You should see this:

  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.32.3 (c) 1999-2015       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level
  
[admin@MikroTik] >

Note the instructions for navigating the Mikrotik command line above - in particular the idea of moving up and down levels, the "?" sign, and tab completion. For a detailed guide on Mikrotik's console, have a look at their wiki: http://wiki.mikrotik.com/wiki/Manual:Console. For this exercise, all the commands you need to know will be shown below.

Now view all of the Mikrotik's interfaces:

/interface print

In this lab, you should see several ethernet interfaces and a wireless interface.

[admin@MikroTik] > interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1                              ether            1500  1600            00:0C:42:04:B8:80
 1     ether2                              ether            1500  1600            00:0C:42:04:B8:81
 2     ether3                              ether            1500  1600            00:0C:42:04:B8:82
 3  X  wlan1                               wlan             1500  1600            00:0C:42:05:35:6E
[admin@MikroTik] > 

If your an interface has an "X" next to it, it's currently disabled. To enable the wireless interface, if it's disabled, type:

[admin@MikroTik] > /interface wireless set wlan1 disabled=no

1.4 Scan for wireless networks

Now we'll set up that wireless interface to scan for Wi-Fi networks in the 2.4GHz frequency band, and we'll start a scan

[admin@MikroTik] > /interface wireless set wlan1 frequency=2412 band=2ghz-b/g scan-list=default
[admin@MikroTik] > interface wireless scan wlan1 

We should see a whole lot of access points!

[admin@MikroTik] > interface wireless scan wlan1 
Flags: A - active, P - privacy, R - routeros-network, N - nstreme, T - tdma, W - wds, B - bridge 
       ADDRESS           SSID                CHANNEL              SIG   NF SNR RADIO-NAME             
AP     00:23:69:16:85:D9 DAMAGERUP           2412/20/gn           -80  -94  14
APR  B D4:CA:6D:A5:D4:0D tc2-aust-27b        2412/20-Ce/gn        -82  -94  12 D4CA6DA5D40D           
AP     94:4A:0C:F8:A2:1E vodafoneJSCK        2412/20/gn           -85  -94   9
AP     C4:71:30:43:9D:E5 Gramofon_439de4     2412/20/gn           -90  -94   4
A R    00:0C:42:FC:52:0B Vistagate           2412/20-Ce/gn        -89  -94   5 000C42FC520B           
AP     00:0E:8F:A2:BA:7C radio               2412/20/gn           -91  -94   3
AP     20:08:ED:02:65:64 vodafone655B        2422/20/gn           -91  -93   2
AP     C4:07:2F:6E:05:E6 SPARK-7MHLFZ        2422/20/gn           -89  -93   4
AP     80:71:7A:7D:1A:4C SPARK-DNVXJL        2427/20/gn           -95  -95   0
AP     BC:96:80:2F:47:B4 Johnny              2437/20/gn           -87  -95   8
 P     C0:8A:DE:20:53:68                     2437/20/gn           -91  -95   4
AP     C0:8A:DE:23:D8:78 WCWifiSmart         2437/20/gn           -89  -95   6
A      C0:8A:DE:E3:D8:78 WCPD                2437/20/gn           -91  -95   4
AP     C0:8A:DE:23:D8:79 WCBYOD              2437/20/gn           -89  -95   6
AP     C0:8A:DE:63:D8:79 wl                  2437/20/gn           -88  -95   7
AP     C0:8A:DE:A3:D8:79 WCStaff             2437/20/gn           -89  -95   6
AP     78:A0:51:0E:3A:59 XFiles              2437/20-Ce/gn        -89  -95   6
AP     C0:FF:D4:9E:3D:09 Mimir-2.4           2442/20/gn           -94  -93  -1
 P     58:98:35:18:09:F7 KB                  2447/20/gn           -94  -94   0
AP     24:C9:A1:B3:FB:38 eduroam             2452/20/gn           -84  -94  10
A      24:C9:A1:33:FB:38 CityLink WiFi       2452/20/gn           -85  -94   9

In the scan results, we can see the mode of the access point, whether it's acive, if there's privacy (encryption), what the access point's MAC address is, it's SSID, what channel it's on, and details on the amount of signal and noise received. Those last details are the most important for our lab.

If you want to cut down the bands scanned, you can specify this in your wireless lan setup. Here's wll limit the scan to channel 1:

[admin@MikroTik] > interface wireless set wlan1 scan-list=2412
[admin@MikroTik] > interface wireless scan wlan1              

Now we only see networks on channel 1! The instructor will specify a channel to scan in the workshop, and an SSID in particular to note. Record the signal and noise of all the SSIDs you can see in a note on your computer, or just take a screen shot of the scan results!

1.5 Build an antenna!

We'll distribute scissors, tape, aluminium foil, and antenna templates to all participants. Assemble the antenna and fit it to your Mikrotik's antenna. Run your scan again and see how it's different.

[admin@MikroTik] > interface wireless scan wlan1              

The best performing antenna (lowest signal level) to the target SSID will win a prize.

To replicate this antenna at home, visit Michael Erskine's Free Antennas website: http://www.freeantennas.com/