Network basics related to wifi hosting (1/2)

Yuta Fujii
5 min readFeb 12, 2022

This is a series of posts of building wifi access point on Kali Linux with Raspberry Pi.

Please first read the previous article if you haven’t read yet.

In this article, we will explain about networks.

What is network?

Since the birth of computers, various processing of data represented by 0 and 1 has evolved. The need to exchange data between computers has gradually increased, and this has come to be called a network. As a result, rules (or conventions, called protocols) were established by ISO.

OSI model

The communication system standardized by ISO is based on the OSI model developed by OSI. The OSI model classifies protocols into seven categories according to the roles that networks should play.

Of course, the OSI reference model is just one classification of protocols, and there are other ways of conceptualize the relation of protocols. In this article, we adopt OSI model.

In hosting WiFi access point, understanding the data link layer, network layer and application layer will help you a lot. Like:

Driver installation: Data link layer
Startup of Hostapd: Data link layer
DNS: Application Layer
IP packet forwarding: Network layer

IP address and NAT

IP addresses are often explained with postal addresses metaphor. It is often thought of as a unique number for each computer, but more precisely, each network interface is unique, and it is more common for a computer to have multiple IP addresses.

ifconfig on Macbook:

$ ifconfig
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether f0:18:98:xx:xx:xx
inet6 fe80::xxxx:xxxx:xxxx:xxxx%en0 prefixlen 64 secured scopeid
inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active

ifconfig on Raspberry Pi:

└─# ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 2312
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::xxxx:xxxx:xxxx:xxxx prefixlen 64 scopeid 0x20<link
ether 98:48:27:xx:xx:xx txqueuelen 1000 (Ethernet)
wlan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.49 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::xxxx:xxxx:xxxx:xxxx prefixlen 64 scopeid 0x20<link
ether dc:a6:32:xx:xx:xx txqueuelen 1000 (Ethernet)
wlan2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.41 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::xxxx:xxxx:xxxx:xxxx prefixlen 64 scopeid 0x20<link
ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)

You can find multiple network interfaces with IP addresses:

eth0: Ethernet cable that comes standard with the Pi
wlan1: wireless LAN (192.168.0.49) of incorporated wireless adapter on Pi
wlan0: The TP-Link connected to the Pi (192.168.1.1)
wlan2: another network adapter connected to the Pi (192.168.0.41)

There are two types of IP addresses: IPv4 and IPv6.

IPv4 is a representation of address with 32bit, often converted to four-blocks of three decimal digits, such as 123.123.123.123. As network grew, 32bit become short to represent entire world, and a mechanism called NAT is used to deal with this problem.

NAT (Network Address Translation)

You can easily know your IP by ifconfig.me (let’s say 222.111.3.12). However, you are not the only one who connects to WiFi. Your coworkers are also connected to WiFi, as are your own iPhone, iPad, and everything else. They all have the same IP address.

So, when a server respond back to the user, with the destination IP address is 222.111.3.12, it will reach the WiFi router, but how the router determine which device to send it to.

The solution to this problem is a mechanism called NAT (or more accurately, NAPT: Network Address Ports Translator).

In IPv4, destination can be uniquely identified by its global IP address and its port number. For this reason, it is necessary to maintain and manage a table that converts the combination of IP address and port number. WiFi routers are equipped with this function so that multiple devices can share the same global IP.

Global IP and Private IP

As I mentioned earlier, by utilizing the NAT mechanism, multiple devices are able to share the same IPv4 addresses.

In order to avoid confusion, there is dedicated IP addresses that can be and only can be assigned to multiple interfaces. Those are called private IP addresses and others are global IP address.

Private addresses
Class A: 10.0.0.0/8
Class B: 172.16.0.0/12
Class C: 192.168.0.0/16

As you can see from the subnet mask length, Class A can have the largest number of hosts. Class C IPs are usually assigned to WiFi at home, while you may’ve seen AWS VPC subnets with class B addresses assigned to EC2, and in WiFi at cafes and coworking spaces, class A addresses are assigned to each connected device.

MAC address

I mentioned that NAT is used to uniquely identify network interfaces with IPv4. In other words, private IP addresses are given to so many different interfaces at the same time. If you connect to a WiFi router with IP 192.168.0.1 in a cafe, what happens if another WiFi router in the next cafe also has IP 192.168.0.1?

The trick is that device don’t actually use IP address but use another device specific address to send packet. This device identifier is called MAC address, and each device maintain a table mapping the IP address to MAC address. Communication using this MAC address is the role of the data link layer.

The format of a MAC address consists of 12 hexadecimal characters, xx:xx:xx:yy:yy:yy, where the first six characters represent the vendor ID and the last six characters represent the product ID. The first six characters represent the vendor ID, and the last six characters represent the product ID. The last six characters are like the serial number of the product, so be careful when handling them. On the other hand, the first six characters are the vendor ID, so you can easily find out which vendor it is by typing it into Find MAC Address Vendors.

You can check the WiFi router identifier by using the arp (address resolution protocol) command.

$ arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.1 ether xx:xx:xx:xx:xx:xx C wlan1

That’s it!

Happy WiFi hosting! 🚀

--

--

Yuta Fujii

Web developer, Data analyst, Product Manager. Ex investment banker( structured finance ). Learn or Die.