I'm creating an access point with no Internet access. Users can view content hosted locally on a Raspberry Pi
I want a jump-off point where the user can share something on Facebook. At this point I would need them to be kicked from the WiFi network so they can use their own 3G/4G connection.
How can I force a mac address off the access point instantly without restarting hostapd?
You an use the hostapd_cli command to control the hostapd daemon.
To force a client off the wifi you can use either the "disassociate" or the "deauthenticate" command.
hostapd_cli deauthenticate 00:5e:3d:38:fe:ab
make sure you have the ctrl_interface properly set in your hostapd config!
The default is this:
ctrl_interface=/var/run/hostapd
It depends on the Client if it will reconnect right away though. This could be "remedied" by filtering his packets using iptables so he doesn't get an IP anymore and thus is highly likely to not try and connect again.
NOTE: Doing the latter with iptables might make the client "blacklist" your AP, at least for a certain time!
NOTE2: If you do not provide a default route with your DHCP-Server you should not need to disconnect them from the wifi at all. Though most devices (Smartphones) will avoid the wifi alltogether since it's not what they expect (an internet connection).
Like Badmaster's answer, the Client will try to reconnect to the AP in my case and it got connected. But in my case I want to force the Client disconnected and the AP will not accept it when reconnecting.
So I just add some codes in related function of disassociate, before it call the function hostapd_drv_sta_disassoc() in file ctrl_iface_ap.c in function hostapd_ctrl_iface_disassociate. I add codes of adding the mac address of the Client to the mac deny list in hapd->conf->deny_mac. Before make these codes working you should make sure your settings of mac access control in file hostapd.conf is right.
then then command hostapd_cli deauthenticate 00:5e:3d:38:fe:ab can force the Client disconnect and will not connect again.
At the same time, I create a function to remove the mac address from the mac deny list to allow the Client connecting.
the example of modifying source codes is as follows:
Force disconnect a P2P Client/STA from GO/AP side
hostapd: make it possible to remove addresses from maclists
The prevent your sta rejoin the network automatically, before the 'hostapd_cli deauthenticate ' cmd, you could run cmd below to enable allowed macaddr list
hostapd_cli macaddr_acl 1
Assuming the macaddr has not been added in the allowed list it will be prevented to join.
Later disable it via hostapd_cli macaddr_acl 0 so that the sta can join
Related
I'm wring a small packet tunnel using NETunnelPacketProvider. Before starting VPN, I need to use setTunnelNetworkSettings in order to provide connected VPN settings. In this settings, I need to provide tunnelRemoteAddress for NEPacketTunnelNetworkSettings. I have noticed that this address is shown when VPN is in connected status. But I wonder if there is any other effect too or not?
Since I want ability to change my connected VPN server(e.g. changing to another server when disconnecting from one) and I were not able to change this value by using setTunnelNetworkSettings again while VPN is connected, I was wondering if this tunnelRemoteAddress is just some string for representing in UI and I can set it to just a dummy address like 127.0.0.1 or not.
Any idea?
I have installed control room and client successfully and also able to work on it. But, whenever I connect VPN, the control room disconnects automatically with the message "The requested address could not be resolved".
It seems that the control room binds with the system IP, and when connected over VPN system IP changes. As per my understanding, this could be the reason for the disconnection of Control Room over VPN.
Do you have any idea how to resolve this?
Please let me know if you have a solution for this or let me know where can I get help with this issue
yes, this is correct. and this is not an error.
Once the machine is connected to the VPN, then it is effectively on the remote network... so all local resources (including the control room) will not be reachable. most likely you are connecting to the control room using its FQDN.
so you can do one of these things:
while connecting the AA client to the control room, use its IP address instead of hostname
use split DNS on ur VPN or split tunneling
I can't for the life of me figure out why my ESP8266s create WiFi access points.
I plug it in and send an empty sketch, and it creates an AP called "ESP_28F2F8" and here the ESP is at 192.168.4.1.
I do not want it to create a WiFi network. I just want it to connect to one.
Has anyone else run into this issue? Is this perhaps some weird OS?
That's normal operation of the underlying Espressif's SDK. It remembers some of the settings in flash, like the last created AP and last WiFi network connected.
You need to run
WiFi.softAPdisconnect(true);
so the ESP disconnects all clients currently connected to it, disables AP and remembers it to flash.
If you might also need to disable automatic connection to the last WiFi network, you need to call:
WiFi.setAutoConnect(false);
I try to see the network trafic of my mobile device in my home wlan network.when I opened wireshark, listening on the WLAN Adapter and entered http.request.method == "GET"` to the wireshark filter.
All I can see is the requests from my laptop and not of my mobile device.
If I enter ip.addre == 10.0.0.30 i can see the protocolls BJNP, ICMP, IGMPv2 and so on.
What is the reason for this behavior?
In my opinion, if I can see a TCP IP Protocol, it should be also possible to see a HTTP request.
There are two things that need to happen in order for you to be able to sniff TCP traffic from another device.
Your device needs to receive the traffic you want to analyze, and
Your device must be configured in "promiscuous mode".
If promiscuous mode is disabled (which is the default), packets not intended for your laptop will never make it to Wireshark. They will instead be filtered out by your network adapter.
There are cases where this is not enough, for example, if you connect to a network with a layer 2 switch.
The first thing you need to ensure is that your network adapter is set to monitor or promiscuous mode, otherwise you just won't be able to see packets not meant for your NIC. Also, set your computer as an access point, and connect your phone to said access point.
If you're going to sniff HTTPS traffic don't forget to add your own certificate to the phone.
I am working on a web application for iOS that is going to be accesed from a local webserver in a network that has NO internet connectivity at all.
My problem is that everytime an iOS device is locked, it disconnects from the WiFi network, so when the device is unlocked again, it has to reconnect. Part of that reconnection process is determining if there is Internet connection (which there isn't). Until the process is not finished iOS does not allow any DNS resolution (so if I write http://10.0.0.1 it will go there, but not if I request http://something.local.com).
Since we control that network, we want to know how to does iOS verifies Internet connectivity so that we can fake the responses it expects.
I don't know if it's possible to resolve DNS without an internet connection on iOS, but if that's the case, that would be a way better solution since you don't need to mess with your router settings. Use my solution only if it really isn't possible with only code.
I'll suggest you to follow this guide: http://blog.jerodsanto.net/2009/06/sniff-your-iphones-network-traffic to check which actions your iPhone executes to detect an internet connection.
Using this information you could forward the is-there-internet-requests on your router to a local server which fakes the there-is-internet-responses.
This assumes Apple really uses an external server to detect this, which I'm not sure about. But it wouldn't hurt to give it a try!
Have you looked at the Reachability Class? You don't have to use the reachabilityForInternetConnection method, which checks if a default route is available. You can use the reachabilityWithAddress: method and check if your server is reachable.