Friday, January 21, 2011

Cost Comparison between EoP versus Wifi

Background/ Requirements
I have moved home recently. There are two TV sets connected to a Western Digital Live Media Player and XBMC respectively. Both requires wired Ethernet connection to a Netgear wireless router located in a separate room, in order to access the internet:
The TV connected to XBMC is sitting in a different room. I am reusing the previously built solution DD-WRT Wifi client http://homeopensource.blogspot.com/2010/03/converting-wifi-adapter-into-80211g.html

This setup has proven to be quite reliable, although its throughput is only around 5Mbps. For example, copying a 1.36GB file (DVD) from my laptop to the XBMC takes around 37minutes.
While this is ample bandwidth for Standard Definition video streaming (and of course internet radio stations ~128kbps), the video quality degrades significantly when, say, I am using my laptop to access the internet. 


I would like to calculate the cost of setting up internet connection for the WD Media Player, connected to the second TV through HDMI. It is intended to stream High-Def contents so the bandwidth required will be higher than 11g. Also, I would prefer my YouTube videos being unaffected by wireless internet connection.

Wireless Connection (G/N Dual-Band)
Initially, I considered using g/n dual-band setup with the Access Point supporting both G and N clients simultaneously. A forum post indicates this setup works quite well (http://forums.whirlpool.net.au/archive/1226195) and should be able to support up to 80Mbps throughput - more than sufficient for HD streaming. There is only the additional cost of purchasing a 11n client with a Ethernet port, but unfortunately, they are hard to come by. As most of the commercially available wireless routers' firmware only allows the device to be configured as an Access Point, if I were to go for a wireless router, then it must support DD-WRT.

Ethernet over Power (EoP) 
This device essentially transmits data signal across the residential circuit using a different frequency band to that of electrical, in another words it acts bit like a frequency modulator. Its operation is straightforward, there is no software driver nor any configuration required, simply plug-and-play. I have managed to find an extensive review on TP-Link TL-PA201 EoP adapters (http://www.tp-link.com/products/productDetails.asp?pmodel=TL-PA201), along with its throughput performance http://www.vitocassisi.com/archives/790/6, which is quite similar to that of 802.11n.





Price Point
I searched www.msy.com.au, and found a DLink DIR-600 WirelessN router selling for $50.00, whereas the TP-Link TL-PA201 EoP adapter pair is selling for $109.00 - roughly $60.00 difference. The wireless solution is still significantly cheaper than the EoP adapter pair.


Conclusion

This analysis is rather preliminary in terms of its application (streaming video to TV). Consider when additional users require internet access. Most importantly, the smartphones definitely cannot benefit from a pure Network over Power setup. In another words, NoP effectively hinders internet mobility. This means a wireless router is needed nonetheless. Whereas in a pure wireless environment, we would see a degrade in performance as the number of devices grow, which is bad news for bandwidth sensitive IPTV applications.  


In summary, EoP shows lots of potential (e.g. ease of use, high-throughput, operates independently to wireless internet and no new wires across home required), but it is the pricing and limited application at this stage, that hinders its popularity. In fact, I see these two technologies complimenting each other more than one is better than the other.


Note: 
For those who are interested, please take a look at the FAQ for EoP on Netgear's website, it contains lots of good information including the recommended (maximum) number of EoP adapters, expected throughput etc...
Posted by at No comments:
Labels: ,

Wednesday, July 28, 2010

Some useful UNIX commands

Haven't done a post for awhile, so thought I should do a quick one on some handy UNIX commands...
A couple of days ago, I was doing some admin work on a BSD system. "df -kh" showed me that the /var partition had 35G used, taking up over 98% of its allocated space...

I found this nice command displaying the disk usage of each file/ directory:
# cd /var
# du -sk *
"du" stands for disk usage, the "k" option means KBytes (alternatively, use "m" for MB).
It turned out the /var/spool/clientmqueue/* was full, possibly because one of the programs kept trying to send mail (although I had sendmail disabled under /etc/rc.conf, but that's a different story).

There were so many files under this directory that a "rm -rf ./*" returned a "Argument list too long" error. Instead, I had to use:
# ls | xargs rm
Which pipes the outputs from "ls" to "rm". Unfortunately, there were also too much arguments for "ls" to handle.

As I was about to head off, I decided to remove the entire directory:

# nohup rm -rf /var/spool/clientmqueue/* &
"nohup" lets the process run after I have logged off, with "&" putting it into the background... and problem solved.

Posted by at No comments:
Labels:

Saturday, June 5, 2010

Implementing Network Intrusion Detection for Home Network


My home gateway is providing wireless internet access for all home computing devices, including the computer which I am writing on. For an added layer of security, I have recently added network intrusion detection (NIDS) function on the unix box using Snort.

Snort is an open-source Network Intrusion Detection System capable of analyzing packets and identify potential security threats, and BASE is a php-based program providing a graphical interface, analyzing network statistics and data collected by Snort. [http://en.wikipedia.org/wiki/Snort_(software)].

Having done some research online, I came across this great guide on installing "Snort and BASE on FreeBSD". [http://rackerhacker.com/2007/05/27/install-snort-and-base-on-freebsd/]


Giving credit to the guide mentioned above, I pretty much referenced it throughout the entire installation of Snort, except for the BASE part which isn't covered. Here is my interpretation of the entire "HowTo" base on my installation experience:

- Update BSD ports collection using "portsnap fetch extract update"
- Install Snort (enable MySQL option) and Oinkmaster under /usr/ports/security
- Install MySQL from /usr/ports/database/mysql50-server. I used version 50 while newer versions are available, because MySQL client was already installed on my system and their versions need to match.
- Modify "oinkmaster.conf" file (copied from /usr/local/etc/oinkmaster.conf.sample), and specify rule file's location:
url = file:///snortrules-snapshot-2860.tar.gz
The rules file has to be .tar.gz format. In my case, it is saved to hard-drive, so for the above example I used "file" option. Oinkmaster also supports retrieving rules file over the internet, allowing for periodic update using crontab (see other examples in the configuration file for more details).
Note, register with Snort to obtain the latest rule files, and download from their site is only permitted once every 15 minutes for security reasons.
- Extract Snort rules to rules directory
# oinkmaster -o /usr/local/etc/snort/rules/

- Configure MySQL database. Create database "testdb" using "# mysql -u snort -psnortpassword testdb < /usr/local/share/examples/snort/create_mysql", and the database will be where Snort writes to and BASE reads from.

- Grant user "snort" access to database "testdb". Login to MySQL as root user, using "mysql -u root".
> GRANT ALL PRIVILEGES ON testdb.* TO 'snort'@'localhost' IDENTIFIED BY 'snortpassword';
- To confirm, login to MySQL as snort using "mysql -u snort -p". You will then be prompted for password.
> show databases;
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| testdb |

- Configure "snort.conf" file under /usr/local/etc/snort/ and uncomment the lines:
# config detection: search-method lowmem
# output alert_syslog: LOG_AUTH LOG_ALERT
# output database: log, mysql, user=snort password=snortpassword dbname=testdb host=localhost
Ensure the database name matches that previously created.

- Configure "rules" file - I was using rules file snortrules-snapshot-2860.tar.gz, and noted quite alot of errors (e.g. data_type not known) when I test run Snort. So, I commented out some lines in the following rules in addition to "local.rules":
> web-client.rules
> x11.rules
> attack-responses.rules
> backdoor.rules
> spyware-put.rules # I had to comment this file out entirely due to large number of errors...

Finally, update "/etc/rc.conf" so it starts automatically:
### Snort/BASE Solution ###
mysql_enable="YES"
snort_enable="YES"
snort_interface="tun0" # I am using PPPoE access at home

Start Snort using "/usr/local/etc/rc.d/snort start", if there are no errors then the following messages should appear in /var/log/messges:
Jun 5 00:12:48 HomeFreeBSD snort[1273]: [1:5998:4] P2P Skype client login startup [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {TCP} 192.168.2.10:50854 -> 212.8.163.76:12350
Jun 5 00:12:48 HomeFreeBSD snort[1273]: [1:5999:4] P2P Skype client login [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {TCP} 212.8.163.76:12350 -> 192.168.2.10:50854
Jun 5 00:12:48 HomeFreeBSD snort[1273]: [1:5998:4] P2P Skype client login startup [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {TCP} 192.168.2.10:50854 -> 212.8.163.76:12350
Jun 5 00:12:48 HomeFreeBSD snort[1273]: [1:5693:4] P2P Skype client start up get latest version attempt [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {TCP} 192.168.2.10:50855 -> 204.9.163.158:80


BASE Installation
- Install BASE (enable MySQL) and adodb from /usr/ports/security/base and /usr/ports/database/adodb respectively.
I already have apache (HTTP Server) previously installed on my system, otherwise it is located under /usr/ports/www/apache22 and there are lots of good tutorials on how to get your web-server up and running.
The following is for configuring BASE:
# /usr/local/etc/apache22/httpd.conf
DocumentRoot "/usr/local/www/base"
...
# This should be changed to whatever you set DocumentRoot to.

...
Allow from All
# Enable PHP in apache
LoadModule php5_module libexec/apache22/libphp5.so

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Update $Dblib variable to /usr/local/share/adodb/ in /usr/local/www/base/base_conf.php
$DBlib_path = '/usr/local/share/adodb/';
$DBtype = 'mysql';

/* Alert DB connection parameters*/
$alert_dbname = 'testdb';
$alert_host = 'localhost';
$alert_port = '';
$alert_user = 'snort';
$alert_password = 'snortpassword';

Lastly, MySQL by default listens over network. This means anyone can connect to the database over the internet; an unnecessary security risk. Disable MySQL listening to network connection:
# cp /usr/local/share/mysql/my-large.cnf /usr/local/etc/my.cnf
# vi /usr/local/etc/my.cnf
# Don't listen on a TCP/IP port at all...
skip-networking

If things go well, Snort and BASE system should be up and running and you should see the following (as you can see, my database name is "snort_log"):















Posted by at 2 comments:
Labels: , , ,

Sunday, May 9, 2010

XBMC and DD-WRT Wireless Client

The "Home Media Centre" concept can be summarized as turning your television set into an entertainment centre, i.e. migrating what you usually do on your computer to your TV; such as watching mpeg videos, photos, DVDs, YouTube, IPTV, internet radio and various other medias stored on a hard-drive or over the internet.

Over the past couple of weeks, I have managed to setup my own low-cost media center for around $130, with most of the cost going to a brand-new wireless router as you shall read.

A couple of months ago, I bought a pre-owned Microsoft XBox (the original one) for $50 and installed XBox Media Centre (XBMC http://xbmc.org/) onto it. I followed one of the softmod installation guides found on the internet, which was pretty straight-forward. I completed the whole process at home without needing to bring the console to a shop and modify its hardware. The installation process basically utilizes another desktop PC as a platform to load XBMC OS onto XBox's harddrive (through IDE cable) as though it were its own, and then it's done.

Then I connect the media centre to the internet. My ADSL modem is located quite far away from the television set. As I have previously setup wireless internet, I decided to install dd-wrt (v24-sp2) onto D-Link's DIR 600, set it to "repeater bridge" mode and connect to the xbox with Ethernet cable. As a side note, the wireless router cost me more than $70 but supports only 802.11g...

In terms of functionalities, the original Xbox has component cables (Yellow/Green/White) supporting SD (standard definition) video - good enough for watching DVDs.

The whole setup is now sitting in my living room. I use it mostly for listening to internet radio provided by my ISP and occasionally watching DVD. I have also downloaded a YouTube script so I can watch YouTube on TV... although the Xbox seems to struggle with High-Definition videos. Nonetheless, it is still good value for $50.

As a side note, I also purchased Xbox's DVD kit over Ebay, giving me a remote controller to this media centre. There are some photos of this setup in the "photo gallery"...
Posted by at No comments:
Labels: , , ,

Saturday, May 8, 2010

Hard-Drive Short-Stroking

I read an article on Tom's Hardware page about short-stroking, and found it quite an interesting concept. The idea is to limit the "usage" of an hard-drive to its out-most rim. By under-utilizing the hard-drive, the mechanical movement of its arm is also reduced, hence increasing the r/w performance...


Giving credit to the original author, there are more information on  the following link:
http://www.tomshardware.com/reviews/short-stroking-hdd,2157.html
Posted by at 3 comments:
Labels: ,
Subscribe to: Posts (Atom)