WHAT

notes/wiki/EnvironmentSetup.md

@@ -0,0 +1,48 @@
+Here I try to document the setup needed to perform reliable captures of IoT device traffic. Setting up the environment properly is a precondition for capture tools like
+[[Wireshark]] et al. to capture ALL traffic needed reliable (while also avoiding nosie).
+
+Since most IoT devices use the internet, it is vital that any capturing mechanism/setup does not interfear with their ability to phone home.
+
+At this point I can descerne the following steps.
+Essentially, all this is to enable reliable [[monitoring]] of IoT network traffic.
+# Overview/Big Picture
+Assumption: The machine used to capture traffic has internet acces either wired (ethernet) or wireless (wifi, maybe bluetooth?).
+Since IoT devices work wirelessly the testing/experiment environment needs at least none wifi card which supports AP mode (see [[iw]]). It will act as the AP for the device to be tested.
+Since many IoT devices are internet enabled we need a way to bridge the IoT<->AP network to the internet. 
+Problem: How do we get internet access to an IoT device?
+1. It connects to a router. The router must then be able to: Mirror ports/run required capturing software itself
+2. It connects to an AP on some other machine. The other machine is connected via some other iterface to the internet. 
+	1. Wired Internet: Either using a (software) bridge or NAT make sure traffic IoT<->Internet can be established and that it can capture all needed packets.
+	2. Wifi Internet: Same as wired. But special care must be taken on a "unclean" system. Desktop systems tend to come with running network management utilities and daemons running. To avoid them interfereing with the AP card special care must be taken, see e.g. [[nmcli]].
+So what must a toolkit which sets up the experiment environment be able to do:
+1. __AP Service__ Through config or detection setup a properly configure AP, possibly on a external adapter
+2. __IP networking dependencies__ Since the experiment machine is replacing some functionality usually offered by the router to connecting host, some router functionality must be offerd. In particular [[dhcp]] (IoT device needs an IP) and [[dns]] (IoT device needs some way to get IPs of hosts it wants to connect to). 
+3. __Internet Gateway__ Enable any IoT device to connect to the Internet. That is, test machine must at least be a [[gateway]] and the IoT device should ideally be able to understand that without any configuration.
+4. Any firewall must allow for [[dhcp]] and [[dns]] services to be accepted by experiment host.
+# AP Configuration
+## Using NetworkManager
+See [here](https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point_with_NetworkManager). Can use the command line tool [[nmcli]].
+
+## Using [[hostapd]]
+Must first make sure that the interface is not managed by nmcli, see [[nmcli]].
+It turns out that _**leaving out**_ those parts of the config file which have to do with security and auth:
+```
+# hostapd.conf
+# Do not include in config if we wish to have an open auth AP!
+wpa=2
+wpa_passphrase=11help22help33
+wpa_key_mgmt=WPA-PSK
+rsn_pairwise=CCMP
+```
+Further more we set the config option `auth_algs` appropriatly so open auth is allowed:
+```
+auth_algs=1
+```
+see [[hostapd]] for description of the option.
+
+# DNS and DHCP
+#TODO
+Tools: [[dnsmasq]]
+# Internet
+#TODO 
+Possible tooling: [[iw]], [[firewalld]], [[iptables]], [[netables]]

notes/wiki/Tools.md

@@ -0,0 +1,9 @@
+# Wifi Tools
+- [[aircrack-ng]]can easily enable monitor mode
+- [[nmcli]] NetworkManager cli
+- [[hostapd]]
+- [[iw]] 
+# Wifi Adapter not found anymore
+- __Issue__: After using `airmon-ng` to put my wifi adapter into monitor mode and then supposedly back into normal mode: network manager couldn't find wifi adapter anymore.
+- `sudo nmcli dev` showed that `wlp44s0` interface was "unmanaged".
+- __Fix__: `sudo nmcli set wlp44s0 managed yes` 

notes/wiki/aircrack-ng.md

@@ -0,0 +1 @@
+#tldr : #TODO 

notes/wiki/dnsmasq.md

@@ -0,0 +1,33 @@
+#tldr : #TODO 
+**Resources**:
+- https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point
+- https://wiki.archlinux.org/title/Dnsmasq
+- https://thekelleys.org.uk/dnsmasq/doc.html
+- https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
+- https://thekelleys.org.uk/dnsmasq/docs/FAQ
+
+
+## Configuring WiFi Access Point with NetworkManager
+
+NetworkManager can also be used to turn WiFi interface into Access Point.  
+The benefit of using NetworkManager in this scenario is the complete automation of WiFi, DHCP server and NAT configuration.
+
+### Disabling standalone dnsmasq service
+
+Dnsmasq is a lightweight DNS forwarder and DHCP server.  
+By default dnsmasq runs as a standalone service and will conflict with dnsmasq instance launched by NetworkManager.  
+To prevent the conflict, disable dnsmasq service by running the following commands:
+
+```
+systemctl disable dnsmasq
+```
+```
+systemctl stop dnsmasq
+```
+
+For NetworkManager to run dnsmasq as a local caching DNS server, edit/create /etc/NetworkManager/NetworkManager.conf and add the following
+```system
+[main]
+dns=dnsmasq
+```
+#note: Maybe must disable #NetworkManager #dnsmasq and enable system service dnsmasq.

notes/wiki/firewalld.md

@@ -0,0 +1,3 @@
+Resources: [Firewalld](https://wiki.archlinux.org/title/Firewalld), [Internet Sharing](https://wiki.archlinux.org/title/Internet_sharing#With_firewalld)
+
+Fazit: Not really viable since not enough fine grain control.

notes/wiki/hostapd.md

@@ -0,0 +1,33 @@
+#tldr : #TODO 
+
+```bash
+# For nl80211, this parameter can be used to request the AP interface to be
+# added to the bridge automatically (brctl may refuse to do this before hostapd
+# has been started to change the interface mode). If needed, the bridge
+# interface is also created.
+bridge=br0
+```
+
+# Operation mode
+```bash
+# (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
+# g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
+# with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
+# needs to be set to hw_mode=a. For IEEE 802.11ax (HE) on 6 GHz this needs
+# to be set to hw_mode=a. When using ACS (see channel parameter), a
+# special value "any" can be used to indicate that any support band can be used.
+# This special case is currently supported only with drivers with which
+# offloaded ACS is used.
+# Default: IEEE 802.11b
+hw_mode=g
+```
+
+```bash
+# IEEE 802.11 specifies two authentication algorithms. hostapd can be
+# configured to allow both of these or only one. Open system authentication
+# should be used with IEEE 802.1X.
+# Bit fields of allowed authentication algorithms:
+# bit 0 = Open System Authentication
+# bit 1 = Shared Key Authentication (requires WEP)
+auth_algs=3
+```

notes/wiki/ip-forwarding.md

@@ -0,0 +1,32 @@
+Resources:
+[archwiki-internet-sharing](https://wiki.archlinux.org/title/Internet_sharing#Configuration)
+[archwiki-sysctl](https://wiki.archlinux.org/title/Sysctl#Configuration)
+[kernel-sysctl](https://www.kernel.org/doc/html/latest//networking/ip-sysctl.html)
+
+Remark: Many resources mention that all #firewall config should be executed in one go from a script.
+They also mention to make sure to flush all previous rules/tables/chains before beginning the setup.
+Order of rules matter.
+
+*Check current settings*
+```bash
+sudo sysctl -a | grep forward
+```
+
+# Config 
+```
+net.ipv4.conf.all.bc_forwarding = 0 # broadcast?
+net.ipv4.conf.all.forwarding = 1 # Enable IP forwarding on this interface.
+```
+Latter above controls whether packets received _on_ this (in this case on _all_) interface can be forwarded.
+
+```
+net.ipv4.conf.all.mc_forwarding = 0 # Multicast routing
+```
+## Locations
+### Preloaded
+
+# Tags
+#firewall #nat
+#sysctl
+#ip-forwarding
+#masquerading

notes/wiki/iw.md

@@ -0,0 +1,10 @@
+#tldr: show / manipulate wirless devices and their configs.
+
+# Commands used:
+- `iw list` shows extensive info about all wirless devices. 
+- To check if any devices is AP ready:
+```bash
+iw list | grep -i ap -A 5 -B 5
+```
+
+

notes/wiki/monitoring.md

@@ -0,0 +1,19 @@
+#tldr How to monitor/sniff wifi network traffic of IoT Devices. Two strategies:
+Use a wifi adapter to setup an #AP and have the devices connect to via that or use wifi card in monitor mode.
+
+# Funnel traffic via AP
+**Issues**: iPhone has problems connecting to the provided APs. But need iPhone to configure network  connection of devices.
+# Monitor Mode
+--- 
+## HowTo 
+Insert wifi adapter and make sure it shows up as a interface with e.g. `nmcli dev`.
+### Manually activate:
+1. Find out which interfaces already exist with names like`mon_N_`: `ifconfig -a`. 
+2. `iw dev _interface_ interface add _mon_num_ type monitor` 
+3. `ifconfig _mon_num up` 
+### Using [[aircrack-ng]] :
+Activate monitor mode on interface `wlp0s20f0u1`:
+```bash
+sudo airmon-ng start wlp0s20f0u1
+```
+Output:

notes/wiki/nmcli.md

@@ -0,0 +1,53 @@
+#tldr :  Command line utility of [NetworkManager](https://networkmanager.dev)
+Resources:
+- https://wiki.archlinux.org/title/Software_access_point#NetworkManager_is_interfering
+- https://wiki.archlinux.org/title/NetworkManager#Ignore_specific_devices
+Benefit: Automates setting up WiFi, DHCP server and NAT config, according to [here](https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point_with_NetworkManager).
+
+
+# Commands
+```bash
+nmcli dev #list network devices
+```
+```bash
+nmcli con down <name> # disable AP config
+```
+```bash
+nmcli con delete <name> # permanently delete AP configuration
+```
+```bash
+sudo systemctl restart NetworkManager # for config changes to take effect
+```
+```bash
+sudo nmcli device set <interface-name> managed no # make sure itnerface is not managed by NetworkManager. Can use d instead of device.
+```
+More examples [here](https://networkmanager.dev/docs/api/latest/nmcli-examples.html)
+
+# Config
+## Ignoring specific devices
+This is mostly taken from different parts of [archwiki/NetworkManager](https://wiki.archlinux.org/title/NetworkManager). This is desirable so it wont interfere with our [[hostapd]] or [[dnsmasq]] config.
+In ``/etc/NetworkManager/conf.d/unmanaged.conf`` :
+MAC addr based:
+```config
+[keyfile]
+unmanaged-devices=mac:<hwaddr>
+```
+Interface name based:
+```config
+[keyfile]
+unmanaged-devices=interface-name:<ifname>
+```
+After modifying run
+```bash
+sudo nmcli general reload
+```
+
+Must avoid having conflicting [[dnsmasq]] instances between #systemd managed and #NetworkManager built in. 
+
+
+# Troubleshooting
+## Wifi adapter not found anymor
+See [[Tools]].
+
+
+

notes/wiki/python-libs.md

@@ -0,0 +1 @@
+# `argparse`

notes/wiki/tcpdump.md

@@ -0,0 +1,22 @@
+[docs](https://www.tcpdump.org/manpages/tcpdump.1.html)
+
+### Options
+#### `tcpdump`
+| Option | Description |
+| ------- | ------------ |
+| `-c` _count_  <br/> `--count`  | to specify number of packets to capture |
+| `-i` _interface_ <br/> `--interface=` | specify the interface e.g. 'eth0' or 'wlan0' etc. |
+| `-F` _file_  | Get  filter expression from _file_ |
+| `-I` <br/> `--monitor-mode` | Put interface into monitor mode|
+| `-n` | No name resolution for addresses (host, port no. etc) |
+| `-#` <br/> `--number` | Print a packet number at beginning of line |
+|`-t` | _Don't_ print a timestamp on each dump line. |
+|`-tt` | Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line. |
+| `-ttt` | Print a delta (res dep on `--time-stamp-precision` option) between current and previous line on each dump line. default is microsecond resolution. |
+| `-tttt` | Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line. |
+| `-ttttt` |Print a delta (res dep on `--time-stamp-precision`) between current and first line on each dump line. default is microsecond resolution. |
+| `-w` _file_ | Write raw packets to _file_ |
+| `-e` | print link level header. See manpage for more details |
+
+
+