Category: Uncategorized

Last week I reported on my new Wi-Spy analyzer that has gripped my imagination and is since scanning the ISM band used by Wifi, Bluetooth and other radio systems wherever I go. Today I’ve got a couple of additional traces which I think are spectacular enough to show around.

The first picture on the left shows how the ISM band looks like in my neighborhood. There’s one Access Point broadcasting away on channel 1. On channel 2 there are another two access points and probably a third one which is farther away and thus it’s amplitude is much lower than those of the other two. My own access point operates on channel 11 and sent a lot of data to my notebook when the trace was taken. Hence the access point emissions are shown in red. The notebook doesn’t send a lot of data but has a higher amplitude since the antenna is closer to the Wi-Spy probe. Since there is a notebook with an ‘old’ 802.11b network card in the network both the access point and my notebook send ‘Clear To Send’ packets with direct spread (DSSS) modulation. This shows quite nicely in the trace with the two side lobes to the left and right of the high main arch produced by the receiving notebook. The data packets itself are sent with 802.11g OFDM modulation which produces a much flatter main arch. The red space in the trace is actually a mixture of DSSS and OFDM modulation. Look closer and you will also see an access point transmitting on channel 9.

The second image on the left shows what happens when a Wifi card runs wild. Before I ran the test I remembered that I had a broken 802.11g network card which used to always work quite well for a couple of minutes before loosing the network. As can be seen in the figure, loosing the network actually means going completely wild. It looks like it completely looses modulation and after a short stint in the original band where it used to send and receive it moves down the bottom of the ISM band with the two main archs at 2410 and 2420 MHz. The peaks on the side are probably the side lobes. Looks like the wifi card is blasting away on full power throughout the band and I am sure it wracks havoc on any transmissions within reach… Looks like the wifi card is ready for the scrap yard.

So much for today. For more traces take a look at my previous entry, at the trace library over at Metageek either here or here.

Great new idea spotted in Paris: Textopint: Your friends are in the pub but you can’t join. But at least you can throw a round from remote with Textopint. Check out the picture and this link. Interesting service!

I like when things work but I get a strange feeling it if I can’t explain why. Here’s a scenario that works perfectly well but I can’t figure out why. Maybe a Wifi Ueber-Geek can help:

I’ve used a Linksys WRT54 access point configured to AP client mode (bridged) to connect to a Siemens Wifi Access Point. Connected to the WRT54 are two notebooks, each via one Ethernet port. When the cable is plugged in both were assigned an IP address by the DHCP server running on the Siemens AP (192.168.40.20 and 192.168.40.73). Both can communicate with the Internet over the single wireless link just fine. What I wanted to test with this scenario was how the Ethernet MAC addresses of the two notebooks and the WRT54 access point are used on the wireless link.

To my great surprise the Siemens AP always uses the Ethernet MAC address of the WRT54 when packets are sent to one of the notebooks. But how does the WRT54 then know which notebook (which Ethernet port) it should deliver it to? On the notebook the incoming packet contains its MAC address. This means that the WRT54 must have changed the MAC address in the destination field. But why does it do that and how can it know which MAC address to use? I am thoroughly confused.

I’ve documented the result in the two pictures below. The first picture shows how the packet looks like when its received on the WRT54. The destination address in the 802.11 header is the WRT54 (Cisco-Li…, traced with Kismet on the WRT54). The same packet on the notebook (traced with Wireshark) suddenly contains the notebooks MAC address in the destination field of the of the Ethernet II header (Uniwil…). It’s not IP routing since the notebooks and the Siemens AP behind the wireless link are all in
the same subnet. It’s also not Layer 2 bridging since the MAC address
changes.

Does anyone have an explanation for this?

A number of train operating companies have started to offer Wifi Internet access in some of their trains over the past year or two like for example in the U.K. or in Germany. Now Thalys, a private train company that links Paris with Brussels and Cologne has started their pilot service for Wifi Internet access on trains. From train to ground data is transmitted via Satellite, UMTS and GPRS. Another company that has understood how to make people take the train instead of the car or plane. Hopefully an example that spreads.

My boss today pointed me to an article written by Michael Mace over at his Mobile Opportunity Blog on Ovi, and Nokia strategy. While in my own article on the topic I’ve been concentrating on the potential struggles between Nokia and mobile network operators this move will probably provoke , Michael broadens the scope and puts Apple and the iPhone into the equation. A long article but a worthwhile read since it contains a lot of thought provoking observations.

Interestingly enough we come to the same conclusion in our articles: We both fear that the whole process could lead to another set of walled gardens. More colorful perhaps but still with walls. But then, a mobile phone can have more than one door…

This week the Carnival of the Mobilist is hosted by Matthew Miller over at the Mobile Gadgeteer. Matthew has done a great job pulling all the different posts on the mobile topics of the past week together and I like the way has gives each story a personal touch. So for the best writing about mobile in the past week head over to the Mobile Gadgeteer!

In 2005, the cell phone of the prime minister of Greece and those of 100 other people were secretly tapped by what in my opinion is the most extraordinary attack on a cell phone network that has been uncovered to date. The July 2007 issue of the IEEE Spectrum magazine has a very good summary of what happened, how the spy program was detected and the consequences. The article is also available online.

Here’s the elevator pitch:

• Unidentified hackers design a secret patch for Ericsson Mobile Switching Centers and mange to insert the code into switches in the Vodafone Greece network.
• The code checks all calls and taps conversations made over 100 selected phones. These conversations are in effect duplicated and forwarded to other mobile phones.
• The hackers make a mistake when they update their spy program and logs are generated by the switch. This tips of Vodafone and Ericcson which then start an investigation.
• And for the rest… read the article.

It’s one thing to program a virus or trojan horse for a Windows, MAC or Linux box. Secretly inserting code into a GSM Mobile Switching Center which does not run an off the shelf operating system, however, is quite another. It definitely shows why Cryptophones that encrypt a call from mobile to mobile are worth their money. I wonder, how many of those 100 people used one…

Both a long time and a short time, but 20 years ago on the 7th of September 1987 the GSM Memorandum of Understanding (MoU) was signed by 12 European nations on September the 7th. It took a bit after that but three and a half years later the first GSM network, today known as Elisa in Finland, opened its doors. Since then the mobile networks are constantly evolving and activities are still accelerating rather than slowing down.

For a long time, mobile networks were considered voice only networks and even SMS was only added to networks at the end of the 1990’s. Since then mobile data services have evolved in only a few years from speeds of a couple of bits per second to multi megabit 3.5G highspeed. Nevertheless, everything is still based on the GSM standards from back then, or 3GPP standards as they have been renamed to in the meantime.

The telecoms industry had a tremendous roller coaster ride during that time. For many people working in the industry the ride did not always go to the better side. After the .com burst at the beginning of this decade, tens of thousands of people in the telecom industry have lost their jobs. Today, unlike the IT industry which seems to have picked up steam again, the telecoms industry with some exceptions is still struggling and the turbulences are far from over. A challenging time for everyone in the industry which takes true determinism.

Looking at the user side it’s incredible to see the changes mobile networks have brought to the life of people in both rich and poor countries. Voice was the first revolution and today few people can still imagine a life without cell phones. Generation-C can probably not imagine it at all. After a number of iterations I can see mobile Internet access now also picking up with people around me and even some skeptics of yesterday are now using a Blackberry or HSDPA mobile data card in their notebook. Generation-C is next, pricing levels are close to become affordable for them!

Good sides, bad sides, but no matter happy birthday GSM!

Another week, another Carnival of the Mobilists. This weeks edition is hosted by Denis over at WAP review and he’s done a great job of presenting and categorizing last weeks talk about mobile on blogs all around the globe. So head over and enjoy!

I’ve been in Spain for a couple of days and I am glad that a number of people have told me about Yoigo, a new mobile operator in Spain,  which offers Internet access via Prepaid SIMs. So here’s a report from my weekend with Yoigo and Madrid:

How To Get The SIM Card

Once in Madrid the first mission was to get a SIM card. According to the Wiki, Yoigo SIM cards are sold in "The Phonehouse" shops. So before my departure I checked the web page and located the shop closest to my hotel. Buying the SIM card only took a couple of minutes. The SIM cost €20 euros and included €20  worth in phone calls and Internet connectivity. The price per day for Internet connectivity is €1.20 (€1.36 with taxes) for 2G and 3G access. It doesn’t sound like a lot but if used every day it amounts to about €40 a month which is on par with what other operators offer as well. However, charing daily certainly offers the door to new market segments.

Some people reported that Yoigo only covers a few cities with 3G so far, but Madrid was fortunately part of the list.

Mobile Phone And Notebook Use

The first megabyte is billed by the kilobyte and all data traffic afterwards during that day is free. After each data session or phone call a USSD message reports usage and remaining credit. The picture on the left shows the message which reports a cost of €0.00 of a data session established after the first megabyte has been used. Previous reports were not quite clear if Yoigo requires the use of a proxy and otherwise blocks all other ports or if the connection is open and other services like eMail, etc. can be used as well. I can definitely confirm that the connection is open and I used the SIM for both web browsing, eMail and Shozu with the mobile phone and with the notebok to browse the web, check my eMails, Yahoo messenger, for IPSec VPN connections, etc.

Network Performance

Yoigo does not seem to have 3.5G HSDPA yet, as my phone just established plain UMTS 3G connections. While 3G comes nowhere near 3.5G HSDPA speeds, it’s nevertheless fast enough for most activities (384 kbit/s which equals about 45 kBytes/s). Unfortunately, Yoigo seems to have similar problems like Wind in Italy since I had a lot of IP layer retransmissions due to ‘duplicate acknowledgments" which indicate packet loss. I tried during different times during daytime and also nighttime but the problem persisted. Thus, it’s not a busy hour problem. I can also rule out terminal incompatibility as I saw the same behavior with a Motorola V3xx and a Nokia N93 in combination with a notebook. As a consequence web pages take somewhat longer load and file download performance is around 12 kByte/s instead of 45 kByte/s. Throughput peaks were at around 45 kBytes/s which indicates I got a 384 kbit/s bearer, while the low overall throughput is caused by the frequent retransmissions. The second picture on the left shows a pretty disastrous throughput graph of a file download.

I can’t say if this is a temporary problem or not since I’ve only been in Spain for a couple of days. If I lived in Spain, however, and the problem persisted it would definitely make me go to another operator. So I hope Yoigo takes a closer look and fixes the issue. If you like Wireshark traces of the issue, let me know 🙂

Summary

Despite the less than optimal performance I was quite happy with my Yoigo weekend experience in Madrid. In total I transferred about 60 MB during 4 days which is not much, but I have been on vacation after all 🙂 There are still about €13 of the initial €20 left on the SIM card which will probably be eaten up by the €6 per month minimum usage fees over the coming months. However, I hope that the SIM stays active till next February when I will probably come back to Spain for the Mobile World Congress (formerly the 3GSMWorldCongress) in Barcelona. Until then I hope Yogio will also have upgraded to HSDPA.