Okay, it’s easy, just start steeping some hemlock into the blood of a virgin in a quartz flask upon an altar of old single sided floppies and get to work—-
you will not know this horror unless you experience it for yourself and i recommend you not.
sonicwall was clearly developed by someone who had a raging databases-where-databases-are-not-due fetish.
you do not just specify addresses. you do not just specify ports.
You create address objects.
You create service objects to define ports.
Then you define NAT rules.
HOWEVER…. if you manually enter or edit anything about a NAT rule, for arcane and horrible reasons that have apparently never been addressed in over a decade worth of firmware versions, they break. The only reliable way to create these rules is to go into Quick Configuration and use the Public Server Wizard. There, you can create your objects (or select them if they’re existing already) and bake them into a NAT rule.
Then maybe 40% of the time it works and the rest of the time you’re frantically SSH’ing into a remote shell somewhere else and crying into your coffee over the output of nmap.
This is the map of wireless APs I was first to discover in the wigle.net database. Note that this is not necessarily areas I have travelled in — rather, it represents intersections between where possibly mobile (as in, cell phone or vehicle integrated hotspots) APs and my travels have intersected. As other wigle users log later locations of these APs, the database will update to reflect where they’re actually from.. or where they’re traveling. That’s why I show up as missing the rains down in Africa, for instance.
There’s a RF spectrum analyzer in there. Now, it’s not a GREAT one, the minimum frequency resolution is a big wide 6 megacycle wide sweep…. but it’s there.
Overall view, you can see the bands used for upstream and downstream, divided by a blank band around 100.
That band has some spiky bits in it. What are they? Well… I live within walking distance for the transmitters for a couple of 100KW ERP FM’s…
ENHANCE! There’s 93.5 “The Bull” W228BV-FX; 106.7 WDXJ-FM + HD, 105.9 WBGG-FM, and a few others, all leaking into the cable system at fairly harmless looking levels. I suspect Comcast simply leaves this band of spectrum empty on their cable system to make life easier in the face of RF leakage. (??)
I’ll code a GUI interface in Visual Basic…
The view goes in just enough to make the analog carrier and HD sidebands of WXDJ-FM visible and distinct. It looks like the lower one MIGHT be suppressed a bit – this is an interference mitigation feature present in modern HD exciter firmware from Harris/GatesAir, Broadcast Electronics, and Nautel. You can back it down a bit to be all cool and avoid adjacent channel interference.
I dunno — you can’t expect a spectrum analyzer built into cost engineered nasty home internet CPE to be the best thing ever, but it’s still fun to play with.
I’m paying over $80 a month for supposedly 25 megabits from Comcast via cable. Price keeps going up, speeds keep going down, as does the connection itself.
The fault appears to NOT be with the last mile – the modem’s SNR and signal levels look quite acceptable. I’m gonna call 36.8dB SNR and -1.9dBmV “Lucky Duck!” levels for QAM256 demodulation… aka “you’re in luck, your DSP can accurately decode this in its sleep”.
Over the past couple of weeks, this is about average:
--- kg4cyx.net ping statistics ---
2598 packets transmitted, 2428 packets received, 6.5% packet loss
round-trip min/avg/max/stddev = 53.373/535.039/4664.892/482.324 ms
And that’s IF, or WHEN, it works.
Calling Comcast support yields ONLY a “support” script telling me to scan my computers for viruses with their free version of Norton Antivirus. No thanks.
Sadly I live in an area where Comcast has an ABSOLUTE monopoly when it comes to home Internet.
Anyone know of a way to get a real tech on the line at Comcast who is CLUE equipped?
update: I tracked one down! It was beaconing from a small black device on top of a truck cab which looked a little like a Sirius satellite radio antenna with an extra vertical fin. It, as most of the others I’ve scanned, sent three mac addresses. No clue as to what the device was and I couldn’t make much more of it in the dim light. 🙁
What’s this? I had originally thought it was coming from onboard WiFi systems on Broward County Transit buses, or Broward parks, but it seems to have shown up in Palm Beach as well. First time i noticed a big cluster of them was near T.Y. Park, but I’ve seen lots more …. Clustered or alone.
One of these days I shall have to post my observations on retail store Wi-Fi customer tracking systems… For now though, here is what you can do about them if you have a rooted Android device.
Pry-Fi is a fun little toy for this purpose. It does a couple of things; one, it can turn background scanning on and off.
Your device always scans for networks when Wi-Fi is on but not connected by dropping a Wi-Fi probe request on each channel. This probe request contains your device’s unique hardware MAC address. This MAC address is what the tracking systems use to identify you – their business end is a number of wireless access points that allow monitoring and relay the probe requests on to a mystery server. Here’s what they look like in the wigle.net wardriving app:
Note that 78 of them replied to my probe requests!!
Pry-Fi can usually (hardware dependent) change the MAC address to fool these things into thinking they’ve never seen you before.
Best yet, it has a war mode, so when you know you’d otherwise be tracked, it can flood them with randomized probes!
It’s just kind of awesome. It won’t be able to do anything on a device without root, of course, but if it has access and the WiFi driver lets it change MAC, it can work its magic.