Nintendo DS Wireless Networking Guide Version 1.3
Copyright 2005 - 2010, Tom Nardi (MS3FGX@gmail.com)
For more info and the latest version of this Guide, visit www.digifail.com

================================================================================
= Contents                                                                     =
================================================================================

1. Introduction & Overview
     1.1...Introduction
     1.2...Why was this Guide Written?  
2. DS Configuration
     2.1...Introduction to WiFi Setup on the DS
     2.2...Configuring a WiFi Connection on the DS
       2.2.1...Step 1
       2.2.2...Step 2
         2.2.2.1...Automatic Configuration
         2.2.2.2...Manual Configuration
         2.2.2.3...AOSS Configuration
       2.2.3...Step 3
     2.3...Configuring a Connection with the Nintendo Wi-Fi USB Connector
     2.4...Wi-Fi Connection Options Menu
       2.4.1...System Information
       2.4.2...Erase Nintendo WFC Configuration
       2.4.3...Transfer Nintendo WFC Configuration
3. Setting Up Your Own AP (Basic)
     3.1...Using a WiFi Router
       3.1.1...Using a Stand-Alone AP
     3.2...Using the Nintendo Wi-Fi USB Connector
       3.2.1...Requirements
       3.2.2...Pre-Installation
       3.2.3...Installation
     3.3...Nintendo Wi-Fi USB Connector Versus Wireless Router
       3.3.1...Compatibility
       3.3.2...Security
       3.3.3...Efficiency & Convenience
       3.3.4...Verdict
4. Setting Up Your Own AP (Advanced)
     4.1...Configuring a Software AP in GNU/Linux
       4.1.1...WiFi Options in GNU/Linux
       4.1.2...Setting up the Hardware
       4.1.3...Setting up the Software
         4.1.3.1...IP Ranges
         4.1.3.2...Routing
         4.1.3.3...Static IP
         4.1.3.4...DHCP
       4.1.4...The Complete DS_AP Script
       4.1.5...Introducing linux_ics
     4.2...Configuring a Software AP in Windows
       4.2.1...Supported Devices
       4.2.2...RT2500 Driver Installation
       4.2.3...Software Configuration
         4.2.3.1...RT2500 Soft AP Setup
         4.2.3.2...Configuring ICS
     4.3...Configuring a Software AP in Mac OS
       4.3.1...WiFi Options in Mac OS
       4.3.2...Configuring Internet Sharing
       4.3.3...Configuring AirPort Options
       4.3.4...Connecting the DS
     4.4...Hacking the Nintendo Wi-Fi USB Connector
       4.4.1...Using the Nintendo Wi-Fi USB Connector with AOL
       4.4.2...Nintendo Wi-Fi USB Connector Soft AP
         4.4.2.1...Driver Modification and Installation
         4.4.2.2...Software Modification and Installation
         4.4.2.3...Soft AP Configuration
5. Network Security
     5.1...WiFi Security
       5.1.1...Cloaked SSID
       5.1.2...MAC Filtering
       5.1.3...WEP
         5.1.3.1...Use a Strong Key
         5.1.3.2...Use the Highest Encryption Possible
         5.1.3.3...Limit your Bandwidth
         5.1.3.4...Rotate your Key
         5.1.3.5...Combine Forces
       5.1.4...Is it Safe?
     5.2...Securing your WiFi Router
       5.2.1...Use a Strong Password
       5.2.2...Disable Wireless Management
       5.2.3...Disable Remote Management
       5.2.4...Disable Remote Upgrade
       5.2.5...Enable HTTPS
     5.3...Nintendo Wi-Fi USB Connector
     5.4...Firewalls
       5.4.1...General Firewall Concepts
         5.4.1.1...Inbound Firewall
         5.4.1.2...Outbound Firewall
         5.4.1.3...Network Segmentation
       5.4.2...Types of Firewalls
         5.4.2.1...Hardware Firewalls
         5.4.2.2...Software Firewalls
           5.4.2.2.1...GNU/Linux
           5.4.2.2.2...Windows
           5.4.2.2.3...Mac OS
       5.4.3...Practical Application
         5.4.3.1...Inbound Firewalling
         5.4.3.2...Outbound Firewalling
         5.4.3.3...Network Segmentation 
6. FAQ & Troubleshooting
     6.1...FAQ
       6.1.1...Nintendo Wi-Fi Connection
       6.1.2...Routers
       6.1.3...Nintendo Wi-Fi USB Connector
       6.1.4...GNU/Linux
       6.1.5...Windows
       6.1.6...Mac OS
     6.2...Troubleshooting
       6.2.1...Nintendo Wi-Fi Connection
         6.2.1.1...Error Messages 50000 to 59999
         6.2.1.2...Error Messages 80000 to 89999
       6.2.2...Routers
         6.2.2.1...DS Does Not Detect Router
         6.2.2.2...DS Cannot Establish Link with Router
         6.2.2.3...DS Connects to Router But Cannot Connect to Internet
         6.2.2.4...None of that Worked!
       6.2.3...Nintendo Wi-Fi USB Connector
         6.2.3.1...Wi-Fi Connector Not Detected by Installer
         6.2.3.2...Internet Connection Sharing Error
7. Reference
     7.1...Networking Glossary
     7.2...Software AP Compatible WiFi Hardware and Drivers
       7.2.1...GNU/Linux
       7.2.2...Windows
       7.2.3...Mac OS
     7.3...Finding the Current TCP/IP Information
       7.3.1...Under GNU/Linux
       7.3.2...Under Windows
       7.3.3...Under Mac OS
     7.4...Correctly Configuring a Static IP
     7.5...Tips for Increasing WiFi Range
       7.5.1...Transmission Rate
       7.5.2...Antennas
       7.5.3...Router Firmware
8. Thinking Out Loud
     8.1...Rate Autonegotiation
     8.2...WiFi vs. NiFi
     8.3...Nintendo Wi-Fi USB Connector vs. Software AP
     8.4...What Happened to WPA?
     8.5...A Tale of Two Consoles
     8.6...Ad-Hoc on the DS
     8.7...Monkey See, Monkey Don't
     8.8...Escaping Captivity
       8.8.1...Nintendo Wi-Fi USB Connector
       8.8.2...MAC Cloning
       8.8.3...Nintendo DS Browser
9. Misc
     9.1...Version Information
     9.2...Future Additions
     9.3...Disclaimer
     9.4...Credits

================================================================================
= 1. Introduction & Overview                                                   =
================================================================================

--------------------------------------------------------------------------------
- 1.1  Introduction                                                            -
--------------------------------------------------------------------------------

I welcome you to the first Guide I have ever submitted. The reasoning behind
this Guide, and my goals with it, are covered elsewhere. I just thought I would
start the Guide off with a little general background information about it and
myself.

I am a Network Administrator by profession. Some would say that networking is
my life, and others would say that I have no life at all. Both parties would
probably be correct. I saw the opportunity to use my knowledge to help others
on a fairly large scale when the DS was announced to have WiFi capability, and
this Guide is the end result.

Considerable time and money has been spent researching this Guide. I have spent
hundreds of dollars to buy the hardware needed to test all of the things you 
will read here. Hardware that I had no use for, but could not in good 
conscience write about unless I had in my own hands.

This document was written entirely by myself, but even though I wrote this on
my own, I have had support and help from others, and they are all thanked in
the credits.

I also encourage anyone who reads this Guide to email me with their impressions
or suggestions. I am always open to new ideas for the Guide, so drop me a line
if you think there is something I should cover. Even if you don't have a 
technical comment or idea, general feedback is always welcome as well.

If you want more one-on-one help with anything I have covered in the Guide, or
something is not exactly clear to you from what I have written, feel free to
email me with that as well. A few people have already emailed me with the
problems they were having, and we were able to work out a solution together,
which is what this is all about in the first place.

A word of warning though, I feel that if you chose to use a text-based method
of communicating with others, you should at least form that text properly. So
if you are going to email me, then make sure it is done in proper English. I
hate "133t speak", and if I receive an email written in it, I assure you, I
will redefine the word "unhelpful".

Finally, perhaps a little technical information on this document itself. This
Guide was written completely in Vim, and spell checked with Aspell. I did not
use word wrap, and instead manually entered carriage returns at or before 80
characters as I wrote it. Big fun.

I hope that you enjoy this Guide, and more importantly, I hope that it helps
you.

--------------------------------------------------------------------------------
- 1.2  Why was this Guide Written?                                             -
--------------------------------------------------------------------------------

The answer to that question is not what you might think.

Prior to the opus you are currently reading, I had never written a single FAQ
or Guide of any sort. This is because I never felt there was anything worth 
writing about, and if there was, certainly somebody else would do it.

But, coming to the end of 2005, no serious WiFi Guide had been written for the
DS, and even worse, there was even more confusion then usual, as Nintendo had 
released their own WiFi adapter, and it had gotten to the point that some
people actually believed that the Nintendo Wi-Fi USB Connector was the only way
to get online.

At the same time, the Nintendo Wi-Fi USB Connector troubled me, as it put heavy
limits on what sort of hardware and software it would work with. Limits that
did not have to exist. Many people out there, including myself, do not use
Windows XP, or Windows at all for that matter. Nintendo obviously did not care
too much about the Linux and Mac OS users of the world, or even people running
older versions of Windows itself.

So, due in no small part to my own greed, my initial idea was to write a Guide
that would detail how to use nearly any WiFi device as an AP for the DS in
Linux. Then I realized that (other than myself) roughly 4 people would benefit
from such a Guide.

Then I said, "Fine, I will expand that to Mac OS as well." Alright, that gives
us 10 more people.

So far, I have 14 people on the edge of their seats.

I was starting to figure this was useless, so I came to the conclusion that I 
couldn't just write about setting up a software AP in Linux, or even in Linux
and Mac OS. I would need to cover everything possible.

I would have to cover creating a soft AP in all 3 major operating systems. But,
what good is a Guide on creating and setting up an AP, if you don't tell people
how to connect their device to it? So I would also have to cover how to setup
the DS with WiFi. Of course, many people just want to use their standard
wireless routers, so I would have to cover that as well. While on this grand
adventure of networking, I might as well document my observations and 
experiments too...

So, from my simple initial goal, we now have the Guide you are currently 
reading. A document that, I hope, will help everyone who reads it, from people
who just want to get their DS working with their existing router, to Linux
users who want to fight the system.

That is why this Guide is called the "DS Wireless Networking Guide", rather than
something like "WiFi FAQ". This document is not intended to be a simple FAQ
giving obvious answers to equally obvious questions. This is intended to be the
Bible of the DS's WiFi abilities. It is a technical look at the DS, WiFi 
technology, and networking in general.

================================================================================
= 2. DS Configuration                                                          =
================================================================================

--------------------------------------------------------------------------------
- 2.1  Introduction to WiFi Setup on the DS                                    -
--------------------------------------------------------------------------------

So here is where things get murky. Because of Nintendo talking so much about 
their designated public APs, and the WiFi Adapter, some people have gotten the 
idea that the DS does not work with normal WiFi hardware, and needs to get 
online using special Nintendo software/hardware. This is completely untrue, and 
here we will talk about getting the DS online with your average home wireless 
router.

A few details on the WiFi setup for the DS. Unlike the PSP, the DS itself has 
no capacity to configure it's WiFi hardware, search for APs, do a connection 
test, etc.

This ability is added by each online game for the DS. They all contain the same 
identical WiFi setup and testing application, so one explanation will cover 
every online DS game ever released. How convenient.

In addition, contrary to what many people assumed, WiFi configuration 
information is not saved to the game cart, but is written to free space on the
firmware EEPROM inside the DS itself. This means that once you configure your
DS for WiFi connectivity in one game, you don't have to do it for other games.
There is enough free space on the firmware EEPROM to hold 3 separate WiFi
connection profiles. An interesting note is that, unlike the PSP, you don't
need to actually tell the system which profile to use, it will automatically
determine which one of the connection profiles to use, without user
intervention (actually, you can't manually select which profile to use even if
you wanted to).

So now that we know some specifics about the WiFi configuration for the DS, 
let's figure out how to do it.

--------------------------------------------------------------------------------
- 2.2  Configuring a WiFi Connection on the DS                                 -
--------------------------------------------------------------------------------

Each game is different, so you will need to find out how to get into the WiFi 
configuration system by reading the manual for your game. Assuming you have 
found it, let's go over the basic setup.

Once you get into the WiFi setup, you will be presented by a large blue button 
that says "Nintendo Wi-Fi Settings" and a smaller orange button that says 
"Options". For now, we are only interested in the Settings menus, so click on 
that button.

From here on, the setup process is separated into 3 major parts. Let's take a 
look at each one individually, and cover it's use.

--------------------------------------------------------------------------------
- 2.2.1  Step 1                                                                -
--------------------------------------------------------------------------------

For step one, you will chose which WiFi profile you want to work with. Again, 
the DS can hold 3 such profiles, so you can have one for home, work, and a 
spare for public APs. How you use these profiles is up to you, so chose which 
one you want to setup, and click it.

--------------------------------------------------------------------------------
- 2.2.2  Step 2                                                                -
--------------------------------------------------------------------------------

Here you must choose how you want to configure your DS. Either Automatically, 
Manually, or with an AOSS device. Let's talk a bit about each one, and give an 
example setup.

--------------------------------------------------------------------------------
- 2.2.2.1  Automatic Configuration                                             -
--------------------------------------------------------------------------------

This is the mode most people are looking for; this will enable you to get 
online with your DS with almost any WiFi router out there. At home or away, 
if you want to get online with the DS, this is the first part of the 
configuration you are going to be looking at.

To enter this mode, click on the button, "Search for an Access Point". You 
should then get the message "Searching for an access point..." along with a 
noise. This will take a few seconds, and afterwards, you will be presented with
a list of all the AP's detected (if any were found).

For each AP, you will see three pieces of information:

The first, and perhaps most relevant is the name of the WiFi network, or SSID. 
This is the name that was given to the network to help identify it. You will be
using this name to figure out what device you are actually connecting to.

Second is an image of a lock. Very simply, if the lock is open, there is no 
encryption on the network and you will be able to immediately connect to it. If 
the lock is closed, that means encryption is in place. The lock can be two
different colors. Red indicates WEP, which means you will need the WEP key for
that network if you want to connect to it. The lock could also be gray, which
means the network is using WPA. At this time (more on this in my "Thinking out
Loud" section), WEP is the only supported form of encryption for the DS, so if
you see a gray lock, you cannot connect to that network.

The last piece of information is a simple indication of signal strength. This
should be pretty simple for most people to decipher, since it is very similar 
to the signal strength indicator on cell phones. The more bars, the better the 
signal. Additionally, the icon itself will be green, yellow, or red, indicating
the condition of the connection. Green is obviously the best, and red is 
either very low, or no connection at all. You might as well ignore any APs that
show up consistently as red, as it is likely the signal is not strong enough to
connect.

Now that we know what all that means, take a look at the list and decide which 
one you want to connect to. Simply click on it, and it will automatically setup
the connection. If a WEP key is required, a prompt will come up asking you for 
it.

You will then see a message confirming that the setup has been saved, and then
it will ask to run a Connection Test (Step 3). Assuming everything worked and
you have a good signal, you should get a message saying "Connection Successful"
and it should return to the main WiFi setup menu. If you got this message, you
are ready to play online.

Now, this is obviously the easiest and most applicable of the connection 
options. However, it depends on a few things which may be a problem depending
on the network setup. First, it depends that the network you are connecting to 
has SSID Broadcast enabled. This is not always true, as many people chose to 
cloak their SSID to make it less obvious to other WiFi users. Second, this 
depends on a DHCP server on the network. A WiFi router contains a DHCP server
element (though it might not be enabled on the particular router you are 
connecting to), but a more advanced network, using WiFi APs and not 
consumer-type hardware may or may not have network-wide DHCP enabled.

If you fall into a group where either of these is a problem, then the next 
option is for you.

--------------------------------------------------------------------------------
- 2.2.2.2  Manual Configuration                                                -
--------------------------------------------------------------------------------

This mode is for more advanced setups. Probably 80% of users will not need this 
option, but for those of us that do, be glad it is here.

To get here, get yourself to Step 2 as described earlier, and click on "Manual 
Setup".

I assume that if you are at this screen, you already know what you are doing. 
You know what an IP address is, you know what a subnet mask is, and you don't 
need to waste time reading detailed explanations about them, and I certainly 
don't need to waste time writing them. If you do need a more detailed 
explanation about these terms than I am giving here, take a look at the 
"Networking Glossary".

You are given the following options in the Manual Setup:

+------------------------------------------------------------------------------+
| Setting                         | Description                                |
+------------------------------------------------------------------------------+
| SSID                            | This is the name of the WiFi network you   |
|                                 | want to connect to.                        |
|------------------------------------------------------------------------------|
| WEP Key                         | Enter the WEP key here, if WEP is enabled. |
|------------------------------------------------------------------------------|
| Auto-obtain IP Address          | This gives you the option to disable or    |
|                                 | enable DHCP.                               |
|------------------------------------------------------------------------------|
| IP Address                      | This allows you to manually assign an IP   |
|                                 | address for the DS to use.                 |
|------------------------------------------------------------------------------|
| Subnet Mask                     | This allows you to manually assign the     |
|                                 | subnet mask for the DS to use.             |
|------------------------------------------------------------------------------|
| Gateway                         | This is the IP for whatever router you are |
|                                 | using to connect out to the internet.      |
|------------------------------------------------------------------------------|
| Primary DNS                     | These options allow you to assign          |
| Secondary DNS                   | primary and backup DNS servers.            |
+------------------------------------------------------------------------------+

At the top there is also a button labeled "Test Connection" which you can use 
to make a quick check of the current settings. At the bottom there are buttons
to Cancel and Save Settings. When you choose Save Settings, you will be 
prompted to perform a Connection Test (Step 3), let it run, and if it passes, 
you are ready to play online.

Again, if you have gotten this far, you likely don't need any more guidance 
than that. The Manual mode is a nice addition for advanced users, but does lack 
MAC Spoofing and Proxy support, which might be a problem for some people.

--------------------------------------------------------------------------------
- 2.2.2.3  AOSS Configuration                                                  -
--------------------------------------------------------------------------------

AOSS (AirStation One-Touch Secure System) is a system designed by Buffalo 
Technology to automatically setup a secure WiFi connection. This attempts to 
address a major problem with WiFi technology, or perhaps more accurately, the 
use of WiFi technology. Due to the popularity of WiFi, it is in use by many 
people who do not really understand the technology and how to properly use it. 
This has lead to literally millions of insecure WiFi networks all over the 
world, posing a massive security risk for individuals, businesses, and indeed, 
the Internet itself.

To use the AOSS feature, your router needs to support AOSS. I'll save you the 
time of doing the research, and tell you, it almost certainly does not support 
AOSS. AOSS is (at the time of this writing, and the time of the launch of 
Nintendo Wi-Fi Connection) a new, and fairly rare technology. Unless you have 
a very recent router from Buffalo Technology, you aren't going to have AOSS.

But for those who do, or will in the future, here is a quick run down of the 
AOSS setup:

Navigate to Step 2 as done before, and then click the button that says "AOSS". 
The DS will then begin scanning for a signal from the AOSS device. While it is 
doing this, go to your router and locate the AOSS button on the front panel. 
Hold the button down until it starts to blink, then let go. After a minute or 
so, the DS and the router should have worked out the proper connection 
settings, and the DS will inform you of this, and save the settings to the 
firmware. Again, like in the other modes, it will also prompt you to start a 
Connection Test. If the Connection Test is successful, you are ready to play 
online.

--------------------------------------------------------------------------------
- 2.2.3  Step 3                                                                -
--------------------------------------------------------------------------------

Step 3 is simply the Connection Test that the DS WiFi setup program runs after 
you configure any WiFi connection.

In this Step, the DS will test the WiFi connection by first associating with 
the AP, authenticating, and then contacting the Nintendo Wi-Fi Connection 
servers.

You have no control over any of this, and if all goes well, Step 3 should 
simply say "Connection Successful", and return to the main menu. If any part 
of the test fails, it will give you a fairly detailed error message about what 
exactly it failed to do, and will also give you contact information for 
Nintendo of America. In addition, it may give you an error code that you can 
put into a form on NintendoWiFi.com and try to find a solution there.

The vast array of problems that can come up with WiFi and all the error codes
and messages the DS may display are well beyond the scope of this document. 
The only thing I can tell you is that the DS does at least tell you what it 
failed to do, so you at least have a place to start your troubleshooting.

--------------------------------------------------------------------------------
- 2.3  Configuring a Connection with the Nintendo Wi-Fi USB Connector          -
--------------------------------------------------------------------------------

Nintendo realized that as common as WiFi is today, there are still many people
that do not have access to it, and are intimidated by technology too much to
try and setup their own router just to use the Nintendo Wi-Fi Connection.
Because of this, Nintendo has developed the "Nintendo Wi-Fi USB Connector".

This device is a USB WiFi adapter that can be used to get the DS (and only the
DS) online without the luxury of a real WiFi router. This is great for some
people, but it's relatively high price and OS requirements have left quite a
few people unhappy with it.

To use the Nintendo Wi-Fi USB Connector, we don't go through the usual steps 
to configure the WiFi. Instead, from the the WiFi setup, click the button that
says "Connect to your Nintendo Wi-Fi USB Connector". You will be prompted to
setup the Wi-Fi Connector on your computer, and to press A once you have done
so.

You should already have the Connector setup on your computer, but if you have
not, then jump to Section 3.2 and read how to do so. If you have your Connector
setup already, then just keep reading here.

Press A on the DS to connect it to the Wi-Fi Connector. After a few seconds,
you should get a pop-up on your computer saying that a user wants to connect to
the Nintendo Wi-Fi Connection. Open up the Registration Tool by double clicking
the WFC logo, and you will see a list of DS's that are trying to connect to
your computer. To identify individual DS units, the list shows the nickname
that the user entered on that DS. Simply right-click on the DS you want to
manage, and either Allow or Deny access for that DS.

After granting permission for the DS, you will see a message on the DS that 
says it has saved the configuration options, and it will ask you to run a 
Connection Test, as usual. If the test passes, you are ready to play online.

One note on the Wi-Fi Connector, you can only have 5 people connected up to the 
computer at once. This is probably not a problem for most sane individuals, but
it is still something that should be noted.

--------------------------------------------------------------------------------
- 2.4  Wi-Fi Connection Options Menu                                           -
--------------------------------------------------------------------------------

Here I will briefly describe the functions that are available under the
"Options" menu on the main screen on the "Nintendo Wi-Fi Connection Setup"
program.

--------------------------------------------------------------------------------
- 2.4.1  System Information                                                    -
--------------------------------------------------------------------------------

On this screen, you will see both the DS's hardware MAC address, which you may
need if you are using MAC filtering on your AP.

Under this, you will see your DS's Nintendo Wi-Fi Connection ID, which is a
unique ID created for your DS the first time it logged onto the WFC. It is what
identifies your system and links it with your "My Nintendo" account for stat
tracking.

--------------------------------------------------------------------------------
- 2.4.2 Erase Nintendo WFC Configuration                                       -
--------------------------------------------------------------------------------

As the name implies, this option will completely erase all of the WiFi settings
on your DS, as well as your WFC ID. You will only want to use this option if
you are selling the DS, or want to completely start over with your WFC career.

*IMPORTANT*

Once deleted, there is no way to restore this information or your WFC ID.

--------------------------------------------------------------------------------
- 2.4.3  Transfer Nintendo WFC Configuration                                   -
--------------------------------------------------------------------------------

Since WFC identifies users based on their WFC ID rather than the standard
username and password combination, once you sign on to WFC with a DS, that must
be the DS you use at all times, or else your stats will not be kept track of.

This however causes a problem if you ever want to get a new DS. Thankfully,
Nintendo saw ahead and added this feature, which will allow you to transfer
your WFC ID and settings to another DS.

Let's call your old DS with your WFC information "DS A", and the new DS that
you wish to transfer the information into, "DS B".

Start DS A with a WFC game, get into the "Wi-Fi Connection Option" menu, and
select "Transfer Nintendo WFC Configuration". The DS will then show you some
information about what you are about to do. Hit "OK" on both of these screens.

Now, on DS B, start the system and go to "DS Download Play", you should see
"Nintendo WFC Configuration Transfer" come up. Select it and press "Yes" to
download it into your system. Back on DS A, you must select "Yes" to transfer
the information into DS B.

If there is already WFC information on DS B, it will warn you, and you will
have to hit "OK" to overwrite it.

After that, the transfer will begin. This should take around 30 seconds. After
the transfer, select "OK" on both DS A and DS B, which will save the changes
and shut down both systems.

As far as WFC is aware, DS B has now taken the identity of DS A. Your WFC ID
has been transferred, as well as your configured WiFi profiles. All of your
Friend Codes will still be valid, and your new DS will also remain linked to
your "My Nintendo" account.

*IMPORTANT*

Transferring the WFC settings from one DS to another permanently deletes the
information from the old DS. Only transfer WFC settings if you are sure that is
what you want.

================================================================================
= 3. Setting Up Your Own AP (Basic)                                            =
================================================================================

For the vast majority of computer users out there, there are two main options 
for setting up your own AP in your home.

You can either buy a wireless router (or a stand-alone AP to add to your 
current wired router) or buy the Nintendo Wi-Fi USB Connector. Personally, for
many reasons, I would suggest the router.

Not only does it add a hardware firewall to your network, it is a much more 
capable device for the price, compared to the fairly high price of the 
Connector, which can't be used for anything else. Also, the router is 
independent of the OS on the computers it is connected to, which means people 
running Linux, Mac OS, and older versions of Windows, can all use the router 
along with your DS.

But regardless, I must be objective as possible, and describe all 
possibilities, so in this section we will cover the two major options.

--------------------------------------------------------------------------------
- 3.1  Using a WiFi Router                                                     -
--------------------------------------------------------------------------------

Not to get into a rant here, but the device you know as a router isn't actually 
a router. 

The average SOHO (Small Office Home Office) "router" is a combination of 2 or 
more devices. In the case of a wired router, it is a combination of an actual 
router, and a 10/100 switch. In the case of a WiFi router, then you are talking
about a device made up of a router, a 10/100 switch, and a WiFi AP.

Not to shatter your world perspective there, but I wanted to at least clear up 
the misconception. It is just easier to market these combination devices as 
"routers" to the public. It is also easier to type router than to type out 
what it really is, so I might as well refer to it as such as well.

First of all, there is no way I can adequately describe the setup of every 
WiFi router out there. There are just too many brands, models, and options. 
What I can do is point you to the official list of tested routers by Nintendo:

http://nintendowifi.com/customersupport/supportedRouters.do

If you don't have a WiFi router, and want to get one to use the Nintendo Wi-Fi 
Connection, this is a good a place as any to check for suggestions. Linksys 
makes the best consumer-grade routers available today, so if you are going to 
buy a router, do yourself a favor and get yourself the Linksys WRT54G. Yes, 
there are cheaper routers, and those routers are almost all of the ones with a
low rating. You get what you pay for, plain and simple.

As for setting up each router, Nintendo has already done that work for you as 
well:

http://nintendowifi.com/consumerservice/routerSetup.do

Beyond that, there is not much I have to say about this part. Nintendo has 
already done a far better job then I can testing routers and detailing their 
setup. Follow their guides, and you will have no problems.

--------------------------------------------------------------------------------
- 3.1.1  Using a Stand-Alone AP                                                -
--------------------------------------------------------------------------------

I felt this was better suited as a note to the main router section since they 
are so similar in concept.

As I talked about in the beginning of this section, the normal consumer grade 
"wireless router" is a combination of many networking devices, including a WiFi 
AP. So then as you may have guessed, it is possible to get a wired router, and 
buy an add-on AP to give the router WiFi capabilities.

This is a good concept, but in the real world is not terribly practical. The 
problem here is that most WiFi APs worth buying (or in other words, aren't 
trash) easily cost as much if not more than a brand new SOHO router. In 
addition, Nintendo has done no testing with these devices, nor have they
detailed setup guides for the different models and brands of them out there.

That means that if you choose to go this route, you are not only likely to pay 
more than you have to, but you have no assurance the end result is going to
work, and are completely alone on the setup.

If you can, do yourself a favor, and buy a complete WiFi router.

--------------------------------------------------------------------------------
- 3.2  Using the Nintendo Wi-Fi USB Connector                                  -
--------------------------------------------------------------------------------

The setup for the Wi-Fi Connector is pretty straight forward, there isn't a
whole lot you need to do, or much that can go wrong (as long as you follow all
of the directions, anyway).

The most likely problem you will face is if you use a software firewall. You
will need to allow the Wi-Fi Connector software though the firewall, but
unfortunately some of these products do not work properly with the Wi-Fi
Connector, and so that isn't always possible. Due to the amount of firewall
products out there, I can't advise on how to correctly configure each one to
work with the Wi-Fi Connector software. You will have to check the help files,
or the developer's website, to find out how to allow programs though the
firewall, and what (if any) adjustments need to be made for the Wi-Fi Connector
to work with it). The Nintendowifi.com website also contains some information
on software firewalls which might help you if you run into a problem.

--------------------------------------------------------------------------------
- 3.2.1  Requirements                                                          -
--------------------------------------------------------------------------------

There are a few requirements you need to meet to be able to use the Wi-Fi
Connector. Check to make sure your setup is compatible before you purchase, or
try to install, the Connector.

You will need:

Broadband Internet
Windows XP
USB 2.0

A few notes on these requirements:

The source of the Internet connection does not really matter. Technically, it
doesn't even have to be broadband. All that matters is you have a network
interface on your machine that can connect out to the Internet in some way.
This interface can also be wired or wireless. So for example, if your router is
not compatible with the DS, but you have a laptop equipped with a wireless
adapter and a free USB port, you could use the Connector with that to get the
DS online.

Windows XP is required for the Wi-Fi Connector to work. It does not work on any
other version of Microsoft Windows. Be sure you understand this before you
purchase it.

The Wi-Fi Connector does not work with USB 1.0 or USB Hubs. Be sure you have
one free USB 2.0 port before you purchase the Connector. The Connector comes
with a USB extension cable, so don't worry if your only free port is in the
back of the computer, you can use the extension cable to bring the actual
Connector to the front of the machine. If you do not have USB 2.0 in your
computer, you can purchase a USB 2.0 PCI card for around $20 - $30 at most
retailers, such as Radio Shack, CompUSA, or BestBuy.

--------------------------------------------------------------------------------
- 3.2.2  Pre-Installation                                                      -
--------------------------------------------------------------------------------

Before you do anything, go to the Nintendowifi.com site and download the latest
version of the Wi-Fi Connector software. The version on the CD that came with
your Connector is likely out of date, and there are important fixes in the
latest versions. The latest version of the Wi-Fi Connector software can be
found at the following address:

www.nintendowifi.com/consumerservice/downloads/Nintendo_WFC_USB.zip

Don't insert the Wi-Fi Connector until the installation process tells you it is
time to. If you plug the Connector in first, it will start the "New Hardware
Wizard", and it will not be able to find the appropriate drivers.

You will want to make sure ICS is not already setup and in use on your system.
By default it is not, and unless you specifically setup ICS on your machine
before, it will not be running, and there should be no problem.

The Wi-Fi Connector documentation recommends that if your computer is connected
to a router with an IP of 192.168.0.1 or 192.168.1.1, that you should change
the router's IP to 192.168.2.1. Personally, I don't understand why they
recommend this, since the Wi-Fi Connector sets up an IP range that isn't even
in the 192.168.x.x range. When I did the research for this section of the Guide
I did it with my main router at 192.168.1.1, and had no problems at all. Still,
Nintendo recommends it for whatever reason, so I mention it in case anyone
actually has a conflict with their router at those IPs.

Now that you have checked your system to make sure it meets the requirements,
and completed the pre-installation steps, you can continue on with the actual
installation.

--------------------------------------------------------------------------------
- 3.2.3  Installation                                                          -
--------------------------------------------------------------------------------

You should have downloaded a file named "Nintendo_WFC_USB.zip". Inside this
archive there will be a folder called "NintendoWFCReg", extract this to the
Desktop.

Open the folder you just extracted, and double click the "Setup.exe" file
inside to start the installer. You will see a welcome message and a warning
that firewall or anti-virus software could effect the Connector. Click OK.

You will then be shown a box that contains multiple languages. Highlight the
language you want the installer to continue in, and click OK.

Let the installer run for a bit as the progress bar fills. After a minute or
two, the installer will ask you to plug the Connector into the computer. The
installer does not make a noise or have a pop-up to tell you to do this, so if
you aren't paying attention, you can miss this line, and the installer will
just sit there doing nothing. I know I missed it the first time I installed the
software.

Once you plug in the Connector, the message on the installer should change, and
the progress bar will start moving again. The "Found new hardware" pop-up will
also come up, as well as a few other windows that involve the installation of
the drivers. You don't have to do anything with these other windows or pop-ups,
the installation software will take care of it all, just ignore them.

At this point, the light on the Connector should be blinking.

After the windows about the new hardware, you should also see a message about
the computer finding a new network device. Ignore this as well. Around this
time, the installer will say it is setting up ICS.

Soon after, the installation will finish, and the installer will say "Setup
Complete". Click OK to exit the installer. You may now delete the
"NintendoWFCReg" folder if you wish.

After closing the installer, the registration tool should start in the task
bar, which appears as the WFC logo.

At this point, the installation of the Nintendo Wi-Fi USB Connector is
complete. You will now need to setup and register your DS systems with it to
play online.

Read Section 2.3, "Configuring a Connection with the Nintendo Wi-Fi USB
Connector" to find out how to register your DS with the Wi-Fi Connector.

--------------------------------------------------------------------------------
- 3.3  Nintendo Wi-Fi USB Connector Versus Wireless Router                     -
--------------------------------------------------------------------------------

For users who want to get online with the DS as quickly and as easily as
possible, both a standard wireless router and Nintendo's proprietary soft AP
are the best options. They are both priced close enough for cost not to be an
issue (at the time of this writing), and they both achieve the same end goal
to the user, to get the DS online within only a few minutes, and with minimal
setup and technical knowledge required.

But are they really so similar? While the end result of both options is the
same, there is a bit more to consider in the larger picture.

In this section, I am going to point out a few of the major differences between
the Wi-Fi Connector and your average wireless router. While everything in this
section might not be immediately obvious, it is all well worth considering when
you are making a decision about which device to invest in.

--------------------------------------------------------------------------------
- 3.3.1  Compatibility                                                         -
--------------------------------------------------------------------------------

Device compatibility is one of the largest differences between the Wi-Fi
Connector and a wireless router. For many people, this might be the deciding
factor as to which device they go with.

A wireless router is more compatible than the Wi-Fi Connector on multiple
levels. The first, and most obvious, compatibility difference between the two
is that the Wi-Fi Connector only allows Nintendo products to connect to it (DS
and Wii), while a wireless router will work with any WiFi device.

Now, it is possible to hack the Wi-Fi Connector (as will be explained later in
this Guide), but doing so is fairly difficult, and takes a bit of time. It is
much easier to just get a router in the first place, and save yourself the
trouble if you want to use other WiFi devices besides the DS.

The second compatibility issue is that of the operating systems required on the
computers in the network. For the Wi-Fi Connector, you are limited to Windows
XP to configure and run the wireless network. Not only that, but the Wi-Fi
Connector also requires software to be installed on the host computer, so you
can't just plug it into a random computer and get the DS online.

However, if you use a wireless router, there is no OS requirement at all, in
fact, you don't even need a computer beyond the initial router setup. Even
then, all you need is a device with a decent browser.

This is because the router works on the hardware layers of the OSI model, while
the Wi-Fi Connector operates on the software OSI layers, and as such requires a
computer to do much of the work for it.

Any device that utilizes TCP/IP and/or WiFi can communicate and use a wireless
router. So if you are running Linux or Mac OS, or you just want to get other
devices online (PDA, PSP, etc), then you should get a wireless router rather
than the Wi-Fi Connector.

--------------------------------------------------------------------------------
- 3.3.2  Security                                                              -
--------------------------------------------------------------------------------

While the wireless router clearly has the upper hand in terms of compatibility,
in terms of security, it is harder to declare a clear winner. Both devices are
excellent in their respective strengths, it just happens those strengths are
completely different between the two.

In terms of WiFi security, the Wi-Fi Connector has the router beat. While many
methods of securing a WiFi network are detailed in the Network Security
section, the fact remains that WEP is a fallible technology. The Wi-Fi
Connector on the other hand, uses a completely proprietary and unique
challenge-response system, that as of this writing, has not been exploited.

The bottom line is, at this point in time, WEP can easily be cracked, but the
Wi-Fi Connector's user registration system can't.

However, it isn't as clean cut as all that. While the Wi-Fi Connector wins out
on wireless security hands down, the wireless router has the considerable
advantage of including an inbound firewall which will protect any device
connected to it. This will protect your network from Internet attacks, such as
worms and malicious crackers. The Wi-Fi Connector offers no firewalling ability
at all.

So in the end, it depends on where you think you are most likely to be
attacked. If you value wireless security, get the Wi-Fi Connector, but if you
are more concerned with keeping your network secure from the Internet side, get
the wireless router.

--------------------------------------------------------------------------------
- 3.3.3  Efficiency & Convenience                                              -
--------------------------------------------------------------------------------

Few people ever think of this aspect of the debate, but it is certainly an
important one to consider.

In terms of energy efficiency, the Wi-Fi Connector is terrible, as it requires
a computer to operate. This means that any time you want to play online with
the DS, you will have to start your computer up (or keep it running). The
computer can't even be in sleep mode, as that would stop the software from
functioning.

Clearly, this takes a lot more energy than the wireless router would. The
router is a small, efficient device, that doesn't contain any moving parts.
This means that not only will it only use a fraction of the electricity of the
computer, but it will also be silent as it operates. A wireless router is
designed to be turned on, configured, and left to run indefinitely.

This is where the issue of convenience comes in. Let's say you are laying in
bed, and decide you want to play a few rounds in Metroid before falling asleep.
Well, if you are using the Wi-Fi Connector, you will have to get out of bed,
start up the computer, play the game, then get back out to shut the computer
down. On the other hand, with the router, you can play online at anytime
without prior setup. The router is always up, so you can play whenever you want
without having to worry about turning anything on or off.

Obviously, in terms of both energy efficiency and convenience, the wireless
router is superior. Convenience especially is important in relation to the DS,
since the whole point of online games on a portable system is the ability to
quickly and easily get into a match.

--------------------------------------------------------------------------------
- 3.3.4  Verdict                                                               -
--------------------------------------------------------------------------------

In all aspects beyond wireless security, the router is ahead of the Wi-Fi
Connector. If all other traits are to be considered equal, and most of them
are, then the clear winner in my humble opinion is the wireless router.

Affordable, efficient, and reliable, a good router will serve you and your
devices for years without you having to worry about it.

Just make sure you get a quality router, configure it properly, and keep up on
any firmware updates it may have, and you should have no problems.

================================================================================
= 4. Setting Up Your Own AP (Advanced)                                         =
================================================================================

First of all, if you are this far in the Guide, welcome. My goal with the 
Advanced Section is just that, to detail much more advanced setups than what 
the average computer user would ever need, or likely even understand.

Specifically, I am talking about software APs, or using an existing WiFi 
client device (USB, PCI, or PCMCIA WiFi card) as an AP that the DS can actually
use to connect to the internet. The advantage of this is obvious, not only are
you free of the Windows XP limitation of the official USB Connector, you are 
free to pay what you feel is fair. Personally, I did most of the research and 
testing for this Guide using a PCMCIA 802.11b adapter that I bought for $4 
from eBay.

For all of these setups, you will only need three things; a WiFi device with 
fairly good drivers, a broadband internet connection, and an Ethernet card.

I hope this section is of use to those who are advanced enough to know the 
official USB Connector is not some magical device, but not quite advanced 
enough to actually get a standard WiFi adapter working, or perhaps just don't
want to have to do it without some guidance.

--------------------------------------------------------------------------------
- 4.1  Configuring a Software AP in GNU/Linux                                  -
--------------------------------------------------------------------------------

There is little surprise I chose to cover GNU/Linux first. This was originally 
the whole goal of this document. Besides that, Linux is without a doubt the 
most capable OS mentioned in this document when it comes to networking.

All of the following has been tested with my own hardware and on my own 
network. Everything I put down here has worked for me, and should work for you
as well.

My test setup is a laptop running Slackware 10.2 with kernel release 2.6.10, 
on the hardware side, I am using a PCMCIA WiFi card with an RTL8180 chipset. 
I am using the card with unofficial open source drivers written by 
Andrea Merello.

Much like in the Manual Configuration Section, in the Linux Section, I am not 
going to go into painful detail about everything. If you have managed to 
install a fairly advanced Linux distribution and are reading this document 
from there, you probably don't need much help from me.

--------------------------------------------------------------------------------
- 4.1.1  WiFi Options in GNU/Linux                                             -
--------------------------------------------------------------------------------

I also then suspect you know the situation of WiFi in Linux. Namely, the poor 
hardware support that comes from manufacturers not wanting to release 
documentation on their hardware. This leaves Linux users with 4 options when 
it comes to WiFi drivers.

1. Binary Linux Drivers
------------------------
These are bad because they are statically compiled against a certain kernel 
release and build. That might be fine if you are running that identical setup,
but a lot of us are not. It is nice that the manufacturers went ahead and
worked out a binary driver release for their hardware, but it is far from
ideal.

2. Unofficial Open Source Drivers
----------------------------------
Now we are talking. These are drivers created by individual users or groups of 
users that wanted no more than to have their WiFi hardware work. These are 
usually not quite as stable as more "mature" projects, but are almost always 
better than using a binary Linux driver. These projects may or may not be part
of the official kernel tree, so you might need to compile and install them
yourself.

3. Official Open Source Drivers
--------------------------------
These are similar to the second option, but are maintained by larger teams, or 
even the manufacturer of the device itself. These are usually part of the 
official kernel tree, so your distro might already have these installed, and if 
not, you can easily compile them from the official kernel tree.

4. Windows Binary Drivers through Ndiswrapper
----------------------------------------------
Ugh. This is the bottom of the barrel here. You use this right before you just 
run a really long network cable to your laptop. To give the developers credit, 
Ndiswrapper is an absolutely incredible piece of software; to be able to take 
drivers from Windows and use them in a completely different OS is an amazing 
achievement. But at the same time, it can be very unstable, and often not all 
features of the card are workable through Ndiswrapper.

WiFi drivers in Linux are enough to write a whole other Guide on, I can't 
possibly go into it here. All I can say is find a card that works with either 
option 2 or 3. If you can't do that, or already have a card that is supported 
through 1 and 4, give the following a shot, but I can't make any promises.

On that same note, this entire project hinges on the ability of your WiFi 
card's drivers to operate in Master mode. I can't speak for all cards, but 
most of the drivers I have used in Linux have supported this. You should check
the documentation included with the drivers to find out if your setup supports
it.

In addition to the WiFi drivers, you are also going to need to have the 
Wireless Tools package installed. This will vary with distro, but nearly all
distros should have this available by now.

--------------------------------------------------------------------------------
- 4.1.2  Setting up the Hardware                                               -
--------------------------------------------------------------------------------

The easiest part of this process is setting up the WiFi adapter as an AP. 
Again, this feature depends on the driver itself, so if you get an error 
message when running any of these commands, you are going to want to do some
research and figure out where your drivers stand on Master mode.

Also, before you go any farther, if you have not already, you should really 
check the WiFi setup on your computer to make sure it is working properly. 
Connect to a known AP, do some scanning, etc. Make sure you have a stable 
system before you start trying to get into a more advanced setup like this.

I am going to give sample commands, and then describe what each one is doing 
and why. At the end of this part of the Guide, I will be putting together a 
sample start up script that you can use on your system with a little 
modification.

For this Guide, I will be using the most common interface names. Namely, the 
WiFi device will be known as wlan0, and the Ethernet device will be known as 
eth0.

The first and most important thing you need to do is to set the WiFi device 
into Master mode. To do this, you are going to want to run the following
command:

bash# iwconfig wlan0 mode Master

This will put the WiFi device at wlan0 into Master mode, or in other words, an 
access point. To be able to connect to this AP though, we need to give it some 
more information. Let's start with the SSID:

bash# iwconfig wlan0 essid "LINUX_AP"

The SSID can be whatever you chose. Choose something that is short and easy to 
remember.

The DS is a bit picky as to what it wants to connect to, so the following two 
commands will setup the AP in a way the DS will accept.

bash# iwconfig wlan0 channel 6
bash# iwconfig wlan0 rate 2M

This puts the channel to 6, and the rate to 2 Mbps (more about that in 
"Thinking out Loud"). Channel 6 is fine for the US, but in other countries, 
WiFi APs run on different channels, so you may need to adjust the channel 
based on your region.

And that's it; your hardware is now setup.

Follow Section 2.2.2.1 to scan for an AP. You should see the AP you just 
created on the list. Click on it to connect to it.

...

And then watch as it shows an error message. Why does it show an error message 
you ask? That is because while we have setup the hardware, we have not setup
the network to actually route traffic over the connection. We have only won
half the battle.

But we now have an AP that the DS sees and will connect to, so we are almost 
there. Let's now go over your options for the software setup.

--------------------------------------------------------------------------------
- 4.1.3  Setting up the Software                                               -
--------------------------------------------------------------------------------

Next, we are going to go over some of the required and optional software 
configurations to actually get the DS online.

For the purposes of this example, we are going to assume that you already have
a working internet connection in place through your Ethernet card, either by
being directly connected to a wired router, a broadband modem, or some other
network.

--------------------------------------------------------------------------------
- 4.1.3.1  IP Ranges                                                           -
--------------------------------------------------------------------------------

You will need to decide what IP range to use for your new wireless network. 
You will need to use an IP range that is both in the Class C range and is NOT 
the range your computer's Ethernet card is in.

A good range that follows these rules is 192.168.2.x. Most routers are setup 
to use either 192.168.0.x or 192.168.1.x, so 192.168.2.x should be out of the
range that any router would have assigned.

So for this document, I will use 192.168.2.x as the IP range for the DS. If
this does not fit your network for whatever reason, you can of course change
this, but keep in mind the two rules you must follow.

To setup your AP with the new IP, run the command:

bash# ifconfig wlan0 up 192.168.2.1

This will now bring up TCP/IP on the AP, and give it the IP 192.168.2.1.

Now that we have an IP for this device, let's get the rest of the networking 
sorted out.

--------------------------------------------------------------------------------
- 4.1.3.2  Routing                                                             -
--------------------------------------------------------------------------------

The next thing you need to get setup is a route between your Ethernet 
connection and the WiFi AP you just created.

To do this, we will be using something called IP masquerading or NAT (Network 
Address Translation). This allows one computer with an internet connection 
(our newly created AP) to share that internet connection with many clients.

To do this in Linux, you will need to use iptables. To use iptables, you will 
need to be running a kernel release of 2.4.x or above. Many distros are 
shipping with 2.6.x at this point, and all of them (that I know of) are using 
at least 2.4.x. So you should have no problem here.

The following commands will setup NAT between eth0 and wlan0:

bash# iptables --table nat --append POSTROUTING -o eth0 -j MASQUERADE
bash# iptables --append FORWARD --in-interface wlan0 -j ACCEPT
bash# echo 1 > /proc/sys/net/ipv4/ip_forward

We now have a connection bridged between your computer's internet connection, 
and the WiFi AP.

Next up, we need to give the DS an IP. To do this, we have two options, either 
setting up the DS manually, or using DHCP. As manual configuration is the 
quicker of the two, let's cover that first.

--------------------------------------------------------------------------------
- 4.1.3.3  Static IP                                                           -
--------------------------------------------------------------------------------

To setup a static IP, we will need to follow Section 2.2.2.2 of this Guide.

To get the DS connected in our example setup, enter the following information:

SSID
     LINUX_AP

IP Address
     192.168.2.2

Gateway
     192.168.2.1

Primary DNS/Secondary DNS
     For these, you will need to input the IP's of your ISPs DNS servers.

After entering this data, save the configuration and let it run the Connection 
Test. If everything has gone well so far, it will pass.

Congratulations, you have just setup a basic software AP, and avoided having 
to buy a proprietary device! Hooray for open source!

--------------------------------------------------------------------------------
- 4.1.3.4  DHCP                                                                -
--------------------------------------------------------------------------------

To use DHCP, you will need to have the DHCP server installed on your machine.
The easiest way to check this is to run "which dhcpd", which should give a 
response like:

bash# which dhcpd
/usr/sbin/dhcpd

If you get that message, your system already has the DHCP server installed. If
you get an error, then you will need to install it. The installation process
will depend on what distro you are running, so consult it's documentation to
find out how to install the DHCP server package.

Now that we have the DHCP server, we will need to feed it a configuration file
so it can setup a DHCP pool to use.

Take a look at the following section to see the complete DHCP configuration
file.

--------------------------------------------------------------------------------
- 4.1.4  The Complete DS_AP Script                                             -
--------------------------------------------------------------------------------

So here it is, the complete script that will automatically give you a AP that
you can connect to with your DS.

The reason I give this last and detail everything first, is that I want you
to understand what is going on here, so that you can fix any problems that
may come up. I also want you to understand the requirements for this script
to work (see Section 4.1.1, "WiFi Options in GNU/Linux").

If you think you have everything you need, then copy the following text to a
file named "DS_AP.sh"

#!/bin/sh
# 
# DS_AP
VER="Version 2.1"
# A script to startup a software AP for the Nintendo DS
# Written by TJ Nardi for the DS Wireless Networking Guide
# Send bugs, questions, and comments to MS3FGX@gmail.com

#-CHANGELOG-
# v2.1, Backported features and fixes from Wii_Route
# v2.0, Moved to modular design, complete code overhaul
# v1.2, Checks to make sure user is root before running
# v1.1, Added DHCP client support for NIC
# v1.0, First Release

#--------------------------User Configuration Section--------------------------#

# DHCP Configuration:

# Disable/enable DHCP server (0 = disable, 1 = enable)
#    Enable this if you want to automatically configure your DS with correct
#    TCP/IP information.
USEDHCP=1

# DHCP configuration file
#    If you want DHCP support, you need this file. You need to give both the
#    path and file name. The default is "DS_DHCP.conf", located in the current
#    directory.
CONFFILE=./DS_DHCP.conf

# Hardware Configuration:

# WiFi Interface
#    This is the WiFi card that you will use to share the connection to the
#    DS. It must be capable of going into Master mode. Use the test mode to
#    make sure your hardware is compatible.
WLAN="wlan0"

# Source Interface
#    This is the interface connected to the Internet. It can be any interface
#    on your machine, but will usually be eth0 (the primary Ethernet card).
SRC="eth0"

# Bring up source with DHCP before starting AP  (0 = disable, 1 = enable)
#    Enable this if you want the source interface to be configured with DHCP
#    before the script runs. Usually you don't need to do this.
SRCUP=0

# DHCP hostname (only used if above is enabled)
#    If you want DS_AP to configure your source interface with DHCP, this will
#    be the hostname it sends to the DHCP server. Useful if you want to see
#    this machine in your router's DHCP logs.
DHCPHOST="LINUXAP"

# WiFi Configuration:

# SSID
#    The name that your new wireless network will go by. If you don't see this
#    come up when you are searching for an AP, something is probably wrong.
SSID="LINUX_AP"

# Channel
#    6 should be a safe default, but if you get interference, you might want
#    to change it to something else.
CHANNEL=6

# IP
#    This is the IP address given to the WiFi Interface. The default should be
#    fine, you shouldn't change this unless you know what you are doing.
IPADDR="192.168.2.1"

#-------------------------No need to edit past this line-----------------------#

# Values for debug
MODE="Master"
RATE="2M"
DHCPTIME=20

ErrorHandler ()
{
# Takes two arguments. The first is the form of error, the second is
# the actual error text to display to the user.
# Error text must be 52 characters long.
if [ $1 == ERR ]; then
# This is a critical error, game over.
echo ""
echo "+----------------------------------------------------+"
echo "|                      ERROR!                        |"
echo "|                                                    |"
echo "|$2|" 
echo "|                                                    |"
echo "| This is a critical failure. The script must abort. |" 
echo "+----------------------------------------------------+"
# Bail out
exit 2
fi
if [ $1 == WARN ]; then
# This is only a warning, we can continue after this, but things might not
# work right.
echo ""
echo "+----------------------------------------------------+"
echo "|                      WARNING!                      |"
echo "|                                                    |"
echo "|$2|" 
echo "|                                                    |"
echo "|   This is a non-critical failure. The script will  |" 
echo "|   continue, but may not operate properly.          |" 
echo "+----------------------------------------------------+"
fi
}

VerifyCommand ()
{
# Checks to see if given command exists
# First argument determines if it will print message, second is the
# command to check
if which $2 > /dev/null 2>&1; then
if [ $1 == 1 ];then
echo "OK"
fi
return 1
else
if [ $1 == 1 ];then
echo "FAILED"
fi
return 0
fi
}

ConfigSrc ()
{
# Bring up source interface with DHCP
VerifyCommand 0 ifconfig
if [ $? == 1 ];then
echo "Setting up ${SRC}..."
echo "    Checking if DHCP is running..."
# Check if PID file exists, hopefully this catches all distros
if [ -f /var/run/dhcpcd-${SRC}.pid -o -f /etc/dhcpc/dhcpcd-${SRC}.pid ]
then
# If dhcpcd has already been run on this interface, don't run it again
ErrorHandler WARN "     Interface already appears to be configured!    "
else
# If dhcpcd has not been run, then run it now
echo "    OK, DHCP not running on ${SRC}"
VerifyCommand 0 dhcpcd
if [ $? == 1 ];then
echo "        Starting DHCP on ${SRC}..."
# Get DHCP IP
dhcpcd -t ${DHCPTIME} -d -h ${DHCPHOST} ${SRC}
else
# If dhcpcd is not found, print error message
ErrorHandler ERR " dhcpcd not found! Please install it and try again. "
fi
fi
else
ErrorHandler ERR " ifconfig not found! Make sure /sbin is in your path"
fi
}

ConfigWiFi ()
{
# Setup the WiFi hardware
VerifyCommand 0 iwconfig
if [ $? == 1 ];then
echo "Setting up ${WLAN}..."
echo "    +---------------------+"
# Set mode
if iwconfig ${WLAN} mode ${MODE} > /dev/null 2>&1; then
echo "    | Mode    | ${MODE}"
# Set SSID
iwconfig ${WLAN} essid ${SSID}
echo "    | SSID    | ${SSID}"
# Set channel
if iwconfig ${WLAN} channel ${CHANNEL} > /dev/null 2>&1; then
echo "    | Channel | ${CHANNEL}"
else
# Show a warning if card failed to change channels
ErrorHandler WARN "  Failure while attempting to change WLAN channel!  " 
fi
# Set data rate
if iwconfig ${WLAN} rate ${RATE} > /dev/null 2>&1; then
echo "    | Rate    | ${RATE}"
else
# Show a warning if card failed to change rate
ErrorHandler WARN "   Failure while attempting to change WLAN rate!    " 
fi
echo "    +---------------------+"
# Set IP for AP
echo ""
echo "Configuring TCP/IP..."
VerifyCommand 0 ifconfig
if [ $? == 1 ];then
ifconfig ${WLAN} up ${IPADDR}
echo "    Interface ${WLAN} given IP of ${IPADDR}"
else
ErrorHandler ERR " ifconfig not found! Make sure /sbin is in your path"
fi
else
# Show an error if card failed to go into master mode
ErrorHandler ERR " This WLAN device will not work with DS_AP, sorry.  " 
fi
else
ErrorHandler ERR "  iwconfig not found! Is wireless-tools installed?  "
fi
}

StartNAT ()
{
# Enable NAT through IPtables
VerifyCommand 0 iptables
if [ $? == 1 ];then
echo "Setting up Network Address Translation..."
iptables --table nat --append POSTROUTING --out-interface ${SRC} -j MASQUERADE
iptables --append FORWARD --in-interface ${WLAN} -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
else
ErrorHandler ERR " iptables not found! Make sure /sbin is in your path"
fi
}

StartDHCP ()
{
# Configure and start the DHCP server, if it has been enabled by the user
VerifyCommand 0 dhcpd
if [ $? == 1 ];then
echo "Setting up DHCP Server..."
# Make sure the server isn't already running
if [ -f /var/run/dhcpd.pid ]; then
ErrorHandler WARN "              dhcpd is already running!             "
else
# Check that config file is where it is supposed to be
if [ -f ${CONFFILE} ]; then
# Start dhcpd with WLAN interface and DS config file
dhcpd ${WLAN} -cf ${CONFFILE} 2> /dev/null
else
ErrorHandler ERR "   DS_DHCP.conf not found! Cannot configure DHCP!   "
fi
fi
else
ErrorHandler ERR " dhcpd not found! Please install dhcpd and try again"
fi
}

SystemTest ()
{
# Run some basic tests to verify and hardware capability and system sanity
clear
echo "DS_AP Diagnostic Mode"
echo
echo "Hardware Configuration"
echo "---------------------------------"
echo "Source Interface: ${SRC}"
echo "Destination Interface: ${WLAN}"
echo -n "Checking for Master mode on ${WLAN}: "
if iwconfig ${WLAN} mode master > /dev/null 2>&1; then
echo "OK"
else
ErrorHandler ERR "  This WLAN device will not work with DS_AP, sorry. "
fi
echo
echo "System Checks"
echo "---------------------------------"
echo -n "Checking for ifconfig: "
VerifyCommand 1 ifconfig
if [ $? == 0 ];then
ErrorHandler ERR " ifconfig not found! Make sure /sbin is in your path"
fi
echo -n "Checking for iwconfig: "
VerifyCommand 1 iwconfig
if [ $? == 0 ];then
ErrorHandler ERR "  iwconfig not found! Is wireless-tools installed?  "
fi
echo -n "Checking for iptables: "
VerifyCommand 1 iptables
if [ $? == 0 ];then
ErrorHandler ERR " iptables not found! Make sure /sbin is in your path"
fi
echo -n "Checking for dhcpcd: "
VerifyCommand 1 dhcpcd
echo -n "Checking for dhcpd: "
VerifyCommand 1 dhcpd
echo -n "Checking for DHCP Configuration: "
if [ -f ${CONFFILE} ]; then
echo "OK"
else
echo "FAILED"
fi
}

# This is where execution actually starts.

# Make sure the user is running with root permissions
if [ "$UID" -eq "0" ]
then
# OK, the user has root permissions, let's get rolling...

# Determine operating mode based on the argument used to start DS_AP
case "$1" in
'start')
# This starts DS_AP
# Print the boilerplate
clear
echo "Nintendo DS WiFi Access Point Script, ${VER}"
echo "-----------------------------------------------------------"
echo "Starting..."
echo 
# If enabled, setup source interface
if [[ ${SRCUP} = "1" ]]; then
ConfigSrc
else
echo "Skipping Source Interface Configuration..."
fi
# Setup WLAN
echo
ConfigWiFi
# Start NAT
echo
StartNAT
# If enabled, setup DHCP
echo
if [[ ${USEDHCP} = "1" ]]; then
StartDHCP
else
echo "Skipping DHCP Configuration..."
fi
echo
echo "DS_AP Started!"
exit 1
;;
'stop')
# This stops DS_AP
# Print the boilerplate
clear
echo "Nintendo DS WiFi Access Point Script, ${VER}"
echo "-----------------------------------------------------------"
echo "Stopping..."
echo 
echo "Setting ${WLAN} to sane defaults..."
iwconfig ${WLAN} mode managed channel auto rate auto 2>/dev/null
echo "Done!"
echo
echo "Shutting down ${WLAN}..."
ifconfig ${WLAN} down 2>/dev/null
echo "Done!"
echo
echo "Shutting down DHCP server..."
# Kill it, then remove PID, since it doesn't seem to do so on it's own
killall dhcpd 2>/dev/null
rm /var/run/dhcpd.pid 2>/dev/null
echo "Done!"
exit 1
;;
'test')
SystemTest
;;
*)
echo "usage: $0 start|stop|test"
esac
# If the user doesn't have root permissions, they end up here
else
echo "Sorry, you need to have root permissions to run this script."
echo "Either login as root, or run this though sudo. If using sudo,"
echo "make sure /sbin is in your path."
fi

# EOF

Now, you will want to make the file executable, so run the following command in
the directory where DS_AP is saved:

bash# chmod +x ./DS_AP.sh

Now, for the DHCP section to work, you will need to have a DHCP configuration
file.

Paste the following lines into a file named "DS_DHCP.conf" and save it in the
same directory as DS_AP (the location of the DHCP file can be changed in DS_AP
if you wish).

# DS_DHCP.conf
#
# A simple DHCP configuration file to go
# with the DS_AP script.
#
#-CHANGELOG-
# v1.1, Changed to public DNS servers, instead of Verizon's
# v1.0, First Release
#
# Global Options
# This line defines the DNS servers the DS will use
# feel free to change these to those of your ISP
option domain-name-servers 4.2.2.2, 4.2.2.3;
ddns-update-style none;   

# IP Range
subnet 192.168.2.0 netmask 255.255.255.0
{
	# This will allow for 50 clients
        range 192.168.2.100 192.168.2.150;
        option routers 192.168.2.1;
}
# EOF

You will want to read over the top section of DS_AP and make sure those
settings are correct in relation to your hardware and LAN setup. You have to
make sure the AP IP is in a different IP range than your current network. I
wrote the scripts to use the 192.168.2.x network, since I know of know home
router that uses this network (they mainly use 192.168.1.x, and some use
192.168.0.x). If anyone has a home router that uses the 192.168.2.x network,
please send me an email so I can modify the scripts to use something else.

The top section of the script also lists a few optional features that you might
want to use. The comments explain them pretty well I think, so just read what
I have written before each setting, and you should be able to understand
everything.

Generally speaking, the default settings for both the IP ranges and features
should work in most situations.

Also, as with most things involving system configuration in Linux, you will
need to run the DS_AP script as root, or at least though sudo. The script will
warn you if you don't have the proper permissions to be running it. If you are
using sudo, make sure that /sbin is in your path, as most of the system
configuration programs needed are in there.

As for the actual operation of DS_AP, there are three arguments that it will
take which make it do different things. If you run DS_AP.sh without any
arguments, you will get output that looks like this:

bash# usage: ./DS_AP.sh start|stop|test

Going over each mode briefly:

Start:
This starts the software AP with the settings defined inside of the DS_AP.sh
file.

Stop:
This will return the WiFi card to normal operating mode, turn it off, and stop
the DHCP server if you enabled it in the first place.

Test:
Handy for troubleshooting, this will run through some basic tests to see if you
have all of the required programs installed, and if your hardware is configured
properly. This will also test if your WiFi card supports Master mode.

After you have the files installed and you think everything is correctly setup,
run "DS_AP.sh" and see if you have any errors. You should also verify that the
interfaces it is using are correct.

If everything looks good there, run "DS_AP.sh start" and hope for the best.

--------------------------------------------------------------------------------
- 4.1.5  Introducing linux_ics                                                 -
--------------------------------------------------------------------------------

Since I originally wrote the "DS Wireless Networking Guide", my skills in both
Linux and Bash scripting have increased many times over. While DS_AP is
functional, it leaves a lot of room for improvement and falls a bit short in
terms of usability.

I wanted to make this brief addition to the Guide to mention the evolution of
the DS_AP concept, linux_ics. With linux_ics, I tried to simplify the entire
setup as much as possible and make it a little less intimidating. I will still
leave all the info for DS_AP here in the Guide, but I invite anyone reading
this document for the sake of setting up a soft AP on their Linux machine to
give linux_ics a try. It can be found on my new website, DigiFAIL, at the
following address:

http://www.digifail.com/software/linux_ics.shtml

As with all of my projects, any thoughts, comments, and input is greatly
appreciated.

--------------------------------------------------------------------------------
- 4.2  Configuring a Software AP in Windows                                    -
--------------------------------------------------------------------------------

The Windows soft AP section has proven to be quite an adventure.

Originally, I had intended to find some method of using any garden variety WiFi
adapter as a soft AP under Windows, like I had worked on for Linux. But as time
went on, and the more research I did, I realized this was just not going to be
possible.

Microsoft, in their infinite wisdom, decided that including a comprehensive
system for setting up WiFi cards was not important enough to include in
Windows. Windows contains no built in method to put a card into Master mode, or
setup a software AP even if it let you switch modes on the card.

Instead, Microsoft just let the hardware manufacturers handle advanced setup in
their own drivers. Not surprisingly, most manufacturers did not bother to
include advanced features, and just went with the bare minimum. Most didn't
even bother to create a configuration program for the card, and instead left it
all to Wireless Zero Config.

So after all my searching, I present you with the soft AP Guide for Windows,
such as it is.

--------------------------------------------------------------------------------
- 4.2.1  Supported Devices                                                     -
--------------------------------------------------------------------------------

The Windows soft AP section will focus on devices using the RT2500 chipset,
which is arguably the most popular soft AP capable device on the Windows
platform.

I can't even say that all cards with a RT2500 chipset work out of the box with
these methods. In actuality, GigaByte created some advanced drivers and
configuration programs for their own line of cards, one of which happened to be
based on the RT2500. It is possible to take these drivers and configuration
program and use them with other cards that are based on the RT2500 chipset.

To find if your card uses the RT2500 chipset, or you are looking for a model
to buy which has it, take a look at this list:

http://ralink.rapla.net

Any card that is listed under PCI or PCMCIA should work, but not USB.

Luckily, the RT2500 chipset is pretty popular, and many cards use it. It is
also used in a lot of budget priced hardware, so even if you don't have one,
you can get one starting at about $15.

In addition, in line with my original goals for this Guide, RT2500 devices can
be used on every version of Windows from 98 SE upward. This section will focus
on Windows XP, but the steps to configure a Windows 98 or 2000 machine will be
very similar, and you should have no problem adapting the instructions here.

Even though this section is only going to be discussing a single type of
device, there are a few other chipsets that can be put into Master mode under
Windows. I can't give you an exact number of cards out there that can do this,
nor can I give you any way to tell for sure if the card will support it before
you buy it. I do at least know that there are a few popular chipsets and
adapters out there that are capable of it, such as Centrino.

The best way to find out is to Google the model number of the adapter, and see
if any mention of it being used as a soft AP comes up. Some sites also list
soft AP capability on the product page for the adapter, so you might get lucky
there.

As I do more research and hear from people on the Internet, I will add any more
compatible devices I find to Section 7.2, "Software AP Compatible WiFi Hardware
and Drivers".

If you do find a generic WiFi device capable of operating as a soft AP, all you
should need to do is follow Section 4.2.3.2, "Configuring ICS".

--------------------------------------------------------------------------------
- 4.2.2  RT2500 Driver Installation                                            -
--------------------------------------------------------------------------------

Assuming you have already confirmed your device is using the RT2500 chipset,
you can now continue on with the driver installation and system setup.

The first thing you need to do is uninstall the current drivers. It doesn't
matter which drivers are currently installed, you need a completely clean slate
to perform the rest of the installation steps.

Windows will likely ask you to restart after the installation, so go ahead and
let it do so.

When the machine starts back up, you need to download and install the GigaByte
soft AP drivers. At the time of this writing, they can be located here:

http://tw.giga-byte.com/Support/Communication/Driver_Model.aspx?ProductID=955

In the event that the above link is no longer valid, then simply search the
Gigabyte website for the "GN-WPKG" adapter, and navigate to their support page
for it.

Inside of the zip archive you will find a directory called "WPKG vx.xx", where
"x" is the current version number (at the time of this writing, it is version
1.14). Extract this directory to your desktop; open the folder, and double
click the "setup.exe" file inside to start the installer.

The installation is fairly straight forward, there are no special adjustments
you need to make or anything, so just let it go through with the defaults. As
usual, Windows will tell you to reboot after the driver installation is done.

After the computer has booted back up, you should see a new icon in your
system tray. It will be a blue "G" with a signal indicator underneath. There is
going to be a red "X" over the icon at this point.

If you see that icon and Windows does not throw up any error messages, then
the hardware setup for your RT2500 device is complete. Next we will need to
configure the soft AP settings (using the software from the Gigabyte drivers)
and then setup ICS, which will allow devices to connect to the Internet through
your computer.

--------------------------------------------------------------------------------
- 4.2.3  Software Configuration                                                -
--------------------------------------------------------------------------------

There are two phases to the software configuration in the Windows soft AP
setup.

The first phase is actually configuring the soft AP itself so that devices
can connect to it. This includes the channel, operating mode, SSID, etc. This
is the most basic part of the setup, if this is not done properly, your client
devices may not even be able to see the soft AP, let alone connect to it. This
part of the setup is also completely focused on the RT2500 line or devices, or
more accurately, the software Gigabyte provides in their drivers for those
devices. If you are using another soft AP compatible chipset, then you will
need to adapt the information here to work with the software provided with your
drivers.

The second phase of the setup is installing and starting the ICS service. This
is a basic form of routing and NAT which allows your computer to host an 
Internet connection for other devices to use. The configuration for ICS is very
simple, and will work pretty much the same way on any Windows version since
Windows 98 SE. The ICS configuration is also generic in the sense that it will
work with any soft AP device you are using and is not dependant on the RT2500.
If you are using a different device, then the ICS configuration is probably the
only really useful thing here for you.

--------------------------------------------------------------------------------
- 4.2.3.1  RT2500 Soft AP Setup                                                -
--------------------------------------------------------------------------------

Again, just to be clear, this section works only for devices using Gigabyte's
soft AP drivers. While the general information here will be applicable to other
devices, the actual configuration options and settings will likely be totally
different.

To begin the soft AP setup for RT2500 devices, we start by right-clicking on
the wireless device's icon in the system tray. You will be presented with a
menu asking how you want to configure the device. Select "Switch to AP Mode".
If you don't have that option, go back to Section 4.2.2, "RT2500 Driver
Installation", and verify you performed the driver installation properly.

Once you have selected "Switch to AP Mode", a new window will come up called
"Gigabyte SoftAP Utility". This is the program that you will be using for the
rest of this section. It is how you configure every aspect of the RT2500 soft
AP setup. There are a considerable amount of options in this program, but for
the purposes of this simple setup we will only be going over the minimum
settings required to get a connection working. If you want to explore more
advanced options such as MAC filtering, then consult the Gigabyte documentation
and Section 5, "Network Security" for details and more in-depth explanations. 

The first option you need to configure is "Wireless Mode". You need to set this
to at least "802.11 B/G Mixed" for it to work, but if your device supports it,
setting it to "B Only" would be a better choice.

Next you will have the option for "TX Rate". You can leave this on "Auto" if
you like, but setting it to "2 Mbps" would be better for device compatibility.
If you set this to "Auto" and experience problems establishing or maintaining
a connection, try changing it.

You then have the option "Channel", which obviously changes the channel your
soft AP will operate on. For the most part this doesn't matter, as long as
there isn't interference or existing WiFi traffic to congest the channel you
are trying to run on. To be safe, you should set this to either channel
1 or 11. These are rarely used by other devices, and don't overlap other
channels in the WiFi spectrum.

The final option you need to set is "SSID". This is important, as it is the
name you are going to be looking for when searching for this network to connect
to. The name itself does not matter, as long as it is something you can easily
remember.

Once you have made these changes, click "Apply" and then "Close".

That completes the basic soft AP setup for the RT2500 device. This is not a
secure setup by any means, only the minimum required to get a reliable
connection to your device. If you want to enable more security on your soft AP,
then take a look at the Section 5, "Network Security", which gives details on
the various WiFi security mechanism's available to you, and their proper
implementation.

--------------------------------------------------------------------------------
- 4.2.3.2  Configuring ICS                                                     -
--------------------------------------------------------------------------------

If you have made it this far, you should have already installed the correct
soft AP drivers for your device, and configured it properly.

To begin the configuration, you need to get to the "Network Connections" screen
on your computer.

Click "Start" then "Control Panel". When it opens up, click on "Network and
Internet Connections". Finally, click on "Network Connections" down on the
bottom. Here you will see all of the networking devices on your computer.

The first thing you need to figure out is which network connection you are
going to setup ICS on. This connection can be anything, a NIC connected to a
router, a USB modem, it could even be a dialup connection. Any interface that
is able to properly connect to the Internet can be used. Once you have
determined which interface you are going to use, it is helpful to rename it to
something you can easily remember, but it is not required to do so.

Select the device you determined to be the one connecting you to the Internet,
right click on it, and click on "Properties", then click on the "Advanced" tab.

On this page you should see a heading called "Internet Connection Sharing".
Under it, you will want to click the box next to "Allow other network users to
connect through this computer's Internet connection".

There is also an option that says "Establish a dial-up connection whenever a
computer on my network attempts to access the Internet". If you are sharing out
a connection from a dial-up modem, you will want to enable this. It allows your
computer to automatically dial out and connect to the Internet whenever a
device wants to get online. If you don't have this enabled, you will need to
manually connect up to the Internet on the computer running ICS before you try
to get online with a device connected to the soft AP.

Now click on "OK". A message should pop up telling you that the NIC will take
the IP of 192.168.0.1. Just click "Yes".

This completes the soft AP configuration. Assuming your hardware device is
working properly and you setup ICS correctly, you should now be able to connect
to the Internet through your computer with any WiFi-enabled device.

--------------------------------------------------------------------------------
- 4.3  Configuring a Software AP in Mac OS                                     -
--------------------------------------------------------------------------------

You know, it is actually pretty funny now that I think about it. Prior to this
Guide, I had no experience with OSX. The last version of Mac OS I had used was
around 7. But as I got more serious about the Guide, I realized that I could
not write about Mac OS without having some hands on time with it...so I bought
a Mac. Not a brand new one, mind you, but one new enough to run OSX. Still, the
machine cost me more than the DS did in the first place, ironically enough.

At any rate, setting up a soft AP in Mac OS is very easy. Without a doubt the
easiest of the three operating systems covered in this Guide. You literally
just need to click a few mouse buttons, and you are there.

Still, there are some specifics you need to be aware of. Even though it seems
simple, you will want to follow this section closely.

--------------------------------------------------------------------------------
- 4.3.1  WiFi Options in Mac OS                                                -
--------------------------------------------------------------------------------

Let's face it, you didn't buy a Mac for the plethora of hardware the OS
supports. But even so, Apple always seems to have a way of providing for the
needs of it's users, and this situation is no exception.

To create a soft AP in Mac OS, you need a computer that is equipped with an
Airport card. My thoughts are a bit mixed on this stipulation.

On one hand, you can only use a single card. Even Windows manages to do better
than that. But on the other hand, it seems almost every new Mac built in the
last few years ships with one of them. So there is a very good chance that if
you bought your Mac within the last year or two, it already contains the needed
Airport card.

So while I am not happy about this hardware limitation, it ends up that a good
deal of the people reading this Guide may already have everything they need. So
perhaps it really isn't a limitation after all.

--------------------------------------------------------------------------------
- 4.3.2  Configuring Internet Sharing                                          -
--------------------------------------------------------------------------------

To enable "Internet Sharing", you first go to the "System Preferences" menu,
then click on "Sharing", under "Internet & Network".

You should now see a bar with three sections: "Services", "Firewall", and
"Internet". For the time being, we are only interested in the "Internet" tab,
so click that.

You will now be on the "Internet Sharing" page. You will see a box that lists
the networking devices on your Mac. You should see at least two entries here,
one probably being "Built-in Ethernet", and the other should be "AirPort". You
may or may not have more devices listed, but in most cases you need to have at
least these two.

Now, there will be a line saying "Share your connection from:", followed by a
drop down box. Set this to "Built-in Ethernet" if it is not already. This is
the source interface for "Internet Sharing". We assume you are connected to the
network or broadband modem through Ethernet; but if you are connected to the
Internet through some other device, then set that as the source instead.

You will now want to click the box next to "AirPort" in the box on the bottom.
This links your source interface with the AirPort card, and establishes routing
between them.

That is all for the "Internet Sharing" configuration.

Clicking "Start" would activate "Internet Sharing", and begin routing packets
between the two interfaces. However, it won't do us any good until we configure
the AirPort card itself.

--------------------------------------------------------------------------------
- 4.3.3  Configuring AirPort Options                                           -
--------------------------------------------------------------------------------

On the "Internet Sharing" page, click on the button "AirPort Options...".

The first option you will see is going to be "Network Name". This is the SSID
of the WiFi network you are about to create. Set this to whatever you like, but
just make sure you remember it.

Next you will see "Channel". Leaving this on "Automatic" should be fine, but if
you experience problems with interference you might want to try setting the
channel manually.

Moving on, you will see the section dealing with encryption. If you want to
enable WEP on your new soft AP, this is where you would configure it. After
clicking the box next to "Enable encryption (using WEP)", you would then enter
a key to use. If you are planning to use 128 bit WEP then enter in a 13
character key, and if you want to use 40 bit WEP then enter a 5 character key.
If it is not obvious, you should use 128 bit encryption, but the choice is
yours.

After you have made these settings, click "OK". You have now configured the
AirPort card. If you are following this Guide exactly, you should now be back
on the "Internet Sharing" page that you started from. Everything should be
setup correctly now, so click on "Start" to enable "Internet Sharing".

--------------------------------------------------------------------------------
- 4.3.4  Connecting the DS                                                     -
--------------------------------------------------------------------------------

Yes, I imagine you had figured the whole process had been too easy thus far.

I suppose it is some sort of cosmic irony that while the soft AP setup on the
MAC itself was as simple as you could possibly hope for, the DS just decides
not to behave with it.

The problem here is that the DS does not seem to work with the OSX DHCP server,
which means it can not automatically configure itself against your newly
created soft AP.

I am working on a way around this problem, but for the time being, you will
need to configure your DS manually. Luckily, this is not very difficult.

Here is the key thing to remember though. As there are two interfaces involved
in this setup (whatever you are using to connect to the Internet, and the
AirPort card itself) you need to make sure you are basing the DS's static IP
off of the AirPort, and not the other device. Since the DS is connecting to
the AirPort directly, that is the IP scheme you need to follow.

By default, the AirPort interface should have an IP address of 10.0.2.1, with
the subnet mask 255.255.255.0. So the appropriate settings for the DS would be
as follows:

+--------------------------------------------------+
| IP Address                  | 10.0.2.2           |
|--------------------------------------------------|
| Subnet Mask                 | 255.255.255.0      |
|--------------------------------------------------|
| Default Router              | 10.0.2.1           |
+--------------------------------------------------+ 

You will still need DNS servers however, which you can find by following
Section 7.3.3.

If that doesn't work, then you need to manually find the AirPort's TCP/IP
settings. Go to "System Preferences", click "Network", then select "AirPort"
from the device listing. Click on the "TCP/IP" tab, and you will be presented
with an easy to understand listing of the relevant TCP/IP information. You can
then follow Section 7.4 to base a static IP configuration off of this
information.

Once you have determined the proper IP settings to use, follow section 2.2.2.2,
"Manual Configuration". You will then enter the SSID of your AirPort card (did
you remember it like I told you?), followed by the IP information you got from
your system. You will also need to enter in your WEP key if you chose to
enable encryption under the "AirPort Options" menu.

After that, run the "Connection Test" and hope for the best.

--------------------------------------------------------------------------------
- 4.4  Hacking the Nintendo Wi-Fi USB Connector                                -
--------------------------------------------------------------------------------

While the Wi-Fi USB Connector is designed to make getting online as easy as
possible for people without being too technical, there are still some advanced
things you can do with it, though completely unintentional on Nintendo's part.

--------------------------------------------------------------------------------
- 4.4.1  Using the Nintendo Wi-Fi USB Connector with AOL                       -
--------------------------------------------------------------------------------

It seems like a lot of people are asking this same question, so I decided to
add it to the Guide.

Keep in mind, this is for AOL High Speed (with a true broadband connection),
not dialup. It is possible to get on the WFC with dialup, but I do not plan to
cover it in this Guide. Dialup users slow down the game for everyone else; I
am sorry, but it is the 21st century, if you don't have broadband, for whatever
reasons, you shouldn't be playing online with those that do.

The key to using the Wi-Fi Connector (and any other soft AP) with AOL is to not
use the official AOL software to connect. You must create a new connection, and
use that to log in.

To do this in Windows XP, you will first click "Start", then "Control Panel",
then "Network and Internet Connections", finally, click on "Network
Connections".

You will now see a screen that shows your current Ethernet connections. On the
top left hand corner of this window, you should see a small box that says
"Network Tasks". Within that box there is an option that says "Create a new
connection", click it to start the "New Connection Wizard".

The first page of the wizard describes what it can help you do. Click "Next",
and it will ask what kind of connection you want to make. Make sure the radio
button next to "Connect to the Internet" is selected (by default, it is). Then
click "Next".

Select "Set up my connection manually", and click "Next".

Select "Connect using a broadband connection that requires a username and
password", and click "Next".

The wizard will then prompt you for the name of this new connection. You can
use anything you like, but it is probably a good idea to make it something
you will remember later. Naming it "AOL WFC" would not be a bad idea. After you
have entered the name, click "Next".

Now you will need to enter your AOL username. Enter your username, with the
aol.com suffix (I.E. username@aol.com). You can then either enter your password
here to have it saved, or leave the box blank so that you will be prompted for
the password every time it tries to connect. It doesn't matter either way for
the purposes of the Wi-Fi USB Connector, so do whatever you feel comfortable
with.

After entering in your credentials, then remove the check for "Make this the
default Internet connection", but leave the other two options enabled. Then
click "Next".

On the final screen, you will see an overview of the setup for the connection
you just made. Look over it to see if it appears correct, if not, go back and
check everything. There is also an option to "Add a shortcut to this connection
to my desktop". Selecting this would probably save you some trouble down the
line. If you are happy with everything, click "Finish".

Now, when you want to use this new connection, you would either click the
shortcut the wizard made, or select it from the "Network Connections" screen.
After you have signed into AOL with this new connection, go ahead and install
the Nintendo Wi-Fi USB Connector, and all should be well.

A little note, I said to make sure to disable "Make this the default Internet
connection" so that you could still use the AOL software to get on the internet
normally. If you would like to bypass the AOL software completely, keeping that
option enabled will make that your primary internet connection, and allow you
to use the internet without the AOL software.

--------------------------------------------------------------------------------
- 4.4.2  Nintendo Wi-Fi USB Connector Soft AP                                  -
--------------------------------------------------------------------------------

The Nintendo Wi-Fi USB Connector is a very strange device. It was created to
make setting up a wireless network easy for users who do not have a wireless
router and don't want to go through the trouble of setting one up; but at the
same time imposes a number of artificial limitations that are a bit strange.

First, perhaps some background information is in order. Nintendo did not design
or build the Nintendo Wi-Fi USB Connector. The Wi-Fi Connector is in fact a
Buffalo WLI-U2-KG54-AI adapter which simply has been branded with the Nintendo
logo. The WLI-U2-KG54-AI is based on the USB version of the RT2500 chipset,
which, if you have read the Windows Soft AP section, you will recognize as one
of the very few devices capable of creating a true wireless network under
Windows.

Nintendo was only in control of the software side of the product, which is
where they started making some strange decisions.

First of all, Buffalo provides drivers for Windows 98, Windows ME, and
Windows 2000 for the WLI-U2-KG54-AI adapter. Nintendo on the other hand,
decided to limit their OS support to Windows XP only. Nobody but Nintendo will
ever know why they decided to place this limit on the Wi-Fi Connector, but the
best guess I could hazard would be that they didn't want to have to support
users running older versions of Windows. This decision has garnered the Wi-Fi
Connector considerable criticism from many on the Internet.

The second, and more pressing, change to the original Buffalo installation is
limiting the types of clients that can connect to the device. Using an RT2500
device in soft AP mode would normally allow all WiFi devices to connect, but
Nintendo specifically limited the Wi-Fi Connector software to only communicate
with Nintendo's own hardware (at the time of this writing, those devices being
the DS and Wii).

At least this limitation can be justified; Nintendo designed the Wi-Fi
Connector software with security in mind, and indeed it does provide a very
secure wireless network. Many people have heard the horror stories of
improperly configured wireless networks allowing intruders access to their
computer and Internet connections, and it has generated a negative
predisposition in the minds of many consumers.

The Wi-Fi Connector however, being limited to only Nintendo's own products,
provides these gun-shy users with wireless access for their game systems while
not compromising their network security.

Even so, there are many people who would rather be able to use their Wi-Fi
Connector with the rest of their WiFi equipment, and that is exactly what this
section of the Guide will allow you to do.

Be warned however, the process that is described in the following text is by
no means a simple installation. If you follow this Guide exactly you should
not have any problems, but if you are not an advanced computer user you may
want to read the rest of this section before actually making any changes on
your system, and then decide after you have read it all if you want to attempt
it yourself.

--------------------------------------------------------------------------------
- 4.4.2.1  Driver Modification and Installation                                -
--------------------------------------------------------------------------------

The first phase of the installation will require you to modify the official
drivers for the Buffalo WLI-U2-KG54-AI adapter to allow them to work with
Nintendo's rebranded version of the device.

Despite sounding a bit frightening, this is actually one of the easier steps of
the installation, in the grand scheme of things.

First you will need to go online and download the drivers from the Buffalo
website.

At the time of this writing, the required file can be downloaded at the
following URL:

http://www.buffalotech.com/support/getfile/?U2KG54_1-01-02-0002.zip

If that link is no longer valid, you will have to manually navigate to the
download page for the WLI-U2-KG54-AI and get the required file.

First, go to the Buffalo website located at:

www.buffalotech.com

Once you have selected your region, move your mouse over "Support" and click
on "Downloads". On the Download page, click on the drop-down box and select
"Wireless-G Keychain USB 2.0 Adapter with Auto Installation" under "Wireless".

This will then load the page for the WLI-U2-KG54-AI. Click on the "Download"
link under "Drivers", the current version is 1.01.02.002.

You should now have a file called "U2KG54_1-01-02-0002.zip" on your computer.
Inside of this archive you will find a directory called "U2KG54", and under
that, directories for the different operating systems the driver has versions
for.

I should say at this point that modification of the driver should work on any
of the supported operating systems. However, I am personally only able to test
on Windows XP. If you attempt this on an older version of Windows, I would be
very interested in hearing how it works out for you.

Extract the "Win2000" directory to your desktop, and open it up. Inside you
should see 5 files. The only one you need to touch is "NETU2G54.INF". This
file tells Windows which devices will work with the driver, and needs to be
modified in order for the rest of the setup to work.

Before we can make any changes to the file however, we have to make it
writable. Right click on NETU2G54.INF, then click on "Properties". At the
bottom of the window you should see a check in the box next to "Read-only".
Click on this box to remove the read-only attribute on the file, and then click
"OK".

You can now open up the file in Notepad by right clicking on it, selecting
"Open With...", and then choosing Notepad from the list of programs.

Near the top of this file you will see a section that has the heading,
[Adapters]. As you may of guessed, this is the list of devices that the
driver will associate itself with.

The section will look like this in the stock driver:

 [Adapters]
 ; DisplayName               Section               DeviceID
 ; -----------               -------               --------
 %rt2500usb.DeviceDesc% =       rt2500usb.ndi,           USB\VID_0411&PID_005E
 %rt2500usb_nai.DeviceDesc% =   rt2500usb.ndi,           USB\VID_0411&PID_0066
 %rt2500usb_ai.DeviceDesc% =    rt2500usb.ndi,           USB\VID_0411&PID_0067

All you need to do is add the following line:

%rt2500usb.DeviceDesc% =       rt2500usb.ndi,           USB\VID_0411&PID_008B

So the [Adapters] section should look like this when you are done:

 [Adapters]
 ; DisplayName               Section               DeviceID
 ; -----------               -------               --------
 %rt2500usb.DeviceDesc% =       rt2500usb.ndi,           USB\VID_0411&PID_005E
 %rt2500usb_nai.DeviceDesc% =   rt2500usb.ndi,           USB\VID_0411&PID_0066
 %rt2500usb_ai.DeviceDesc% =    rt2500usb.ndi,           USB\VID_0411&PID_0067
 %rt2500usb.DeviceDesc% =       rt2500usb.ndi,           USB\VID_0411&PID_008B

After you have added the correct line, save the file and close it.

Now that you have modified the driver itself, we can proceed with the actual
installation of the driver.

Before attempting the next steps, make sure you have completely removed the
Nintendo Wi-Fi Connector software and drivers from your system. Make sure you
have restarted your computer since removing the older drivers as well, to
avoid any conflict when you try and install the modified Buffalo drivers.

Once you are sure your system is clean of the old drivers, plug your Wi-Fi
Connector into the computer. In a second or two you should see a pop up saying
that it has detected the Nintendo Wi-Fi USB Connector.

The "Found New Hardware Wizard" will then start. It may ask if it can connect
to the Internet to search for drivers. Select "No, not at this time", and
click "Next".

It will then ask where you want to install the drivers from. Select "Install
from a list or a specific location (Advanced)", and click on "Next".

Make sure that "Search for the best driver in these locations." is selected,
and then click the box next to "Include this location in the search:". Then
click on "Browse". Navigate to the directory that your modified NETU2G54.INF
file is in, click "OK", then click "Next".

You will get a warning about the driver having not been tested for Windows XP
compatibility. Ignore it and just click "Continue Anyway".

After the installation, a bubble should come up at the bottom of the screen
saying that the installation was successful.

You should also notice you now have a new icon down in your system tray, which
will look like a computer with waves coming out of it with a red "X". This
indicates that you have a new wireless network device installed that has not
yet been configured.

At this point, your Nintendo Wi-Fi USB Connector is operating as a standard
wireless adapter. You can now use it to connect your computer to a wireless
network (such as a home router, or public access point) if you wish.

Read the next section to learn how to configure your modified Wi-Fi Connector
installation to work as a soft AP.

--------------------------------------------------------------------------------
- 4.4.2.2  Software Modification and Installation                              -
--------------------------------------------------------------------------------

At this point, you should have your Nintendo Wi-Fi USB Connector working as a
standard wireless adapter under Windows. From here, we will download the
appropriate software to configure a soft AP and make the required modifications
so that it will work with the Wi-Fi Connector.

As covered previously in this Guide, Windows does not include any inbuilt
method of configuring a soft AP like Linux and Mac OS do. Because of this, we
need to rely on the hardware manufacturers to develop their own software to
accomplish the task. The obvious problem there however, is that the hardware
manufacturers only develop software that works with their own devices, not any
hardware you pick up off the shelf.

That's the issue  we will be addressing in this section. We need to modify the
advanced WiFi configuration software from another manufacturer's device to work
with the Nintendo Wi-Fi USB Connector. This is going to be a bit more difficult
than the driver modification, and will require some software you may not have
on your computer.

Namely, you will need a hex editor to complete this part of the setup. For
those who are not familiar with the term, a hex editor allows you to modify
binary files, like computer applications. If you were to attempt to open a
computer application in a text editor, it would just come out as gibberish, but
a hex editor knows how to handle the data and makes it editable (to an extent).

If you do not already have a hex editor on your computer, I would suggest using
"XVI32", which can be downloaded for free from:

http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm

XVI32 is nice because it is small, capable, and does not require a full
installation on your computer, you just copy the folder to your computer, and
run it from there. Specifically helpful to us is that XVI32 features a very
advanced "Replace" function, which will make editing the files much easier.

The rest of this section will be written with XVI32 in mind, in terms of the
menus and options it presents. However, you should still be able to follow
along with any hex editor you are comfortable using if you chose to do so.

After you have gotten your hands on a hex editor, you will now need to download
the software that needs to be modified.

For this, we are going to be using the WiFi configuration software from the
ASUS WL-167g adapter. At the time of this writing, the software could be
located at the following URL:

http://dlsvr01.asus.com/pub/ASUS/wireless/WL-167g/Utility_2933.zip

If that is no longer valid however, you will have to manually navigate to the
download page for the WL-167g.

First, go to the ASUS website located at:

www.asus.com

Once you have selected your region, click on "Download", and in the search bar
type in "WL-167g". On the resulting page you should see a link that says
"WL-167g related files for download", click on it. On the next page, click on
the "Utilities" tab, then click on the "Global" link to begin the download.

You should now have the file "Utility_2933.zip" downloaded onto your computer.
Inside of this archive there will be a directory called "Utility", extract this
to your desktop. Run the "setup.exe" file inside of this directory to start the
"ASUS WLAN Card Utilities Setup".

You will first be asked to select your language. Make the selection and click
"Next" to proceed. On the Welcome screen, click "Next" again. It will then ask
where you want to install the files. The default is fine, but you can change it
if you wish.

After the installation, it will ask you if you want to restart your computer.
There is really no reason to, since we didn't install the ASUS drivers, but you
can go ahead and reboot if you like.

Now comes the fun part, actually modifying the individual programs to fool them
into working with the Wi-Fi Connector.

Start up XVI32, and click on the "Open" icon. Now navigate to where the ASUS
Utilities were installed. By default this should be:

C:\Program Files\ASUS\WLAN Card Utilities\

Inside this directory you are going to see a number of files. To start, click
on "AsAuthen.dll".

The main window of XVI32 is going to fill with data now. Don't worry about it,
you won't need to touch any of that.

Click on "Search", and then "Replace...". Under "Find", make sure that "Text
String" is selected, and paste the following line into the box:

USB\VID_0B05&PID_1706

Then click the top "Text -> Hex" button. The text you just copied should now
show up in the lower window in hex.

Go down to "Replace with", again making sure that "Text String" is selected,
and copy the following line into the box:

USB\VID_0411&PID_008B

Click on the lower "Text -> Hex" button. Again you should see the text
changed into hex.

Now click on "Replace All". You should get a pop up window telling you how
many occurrences were replaced, just click "OK".

Now click on the "Save" icon, and then "Open".

You have now completed the modification on the first file. You must repeat
these exact steps over for the remaining files. XVI32 will remember the text
you have entered to be replaced, all you need to do is click the appropriate
buttons to open the file, replace the line of text, save the file, and open the
next one.

You must edit the following files:

AsAuthen.dll
Center.exe
Mobile.exe
StMonitor.exe
TShoot.exe
Wireless.exe
Wizard.exe

We just edited AsAuthen.dll, so that leaves the 6 .exe files left.

Once you have edited those files, there is one final step left. Open "My
Computer" and navigate to the directory where the ASUS Utilities are installed,
and go into the "Driver" directory. Under "Driver", go into the directory named
"WinXP", and then "AP". Here you should find a single file called
"rt2500usb.sys".

You must copy the rt2500usb.sys file to:

C:\WINDOWS\system32\drivers\

You will get a prompt asking you if you want to overwrite the file, click
"Yes".

Make sure the Wi-Fi Connector is plugged in, and click on "ASUS WLAN Control
Center" icon on the desktop. You are likely going to get a number of error
and message windows popping up, but there is only one you need to worry about.
There should be a window named "Wireless Option", in this window you need to
make sure that option which says "Only use our WLAN utilities..." is selected,
and then click "OK". A wizard will now start, click on "Cancel", and then "OK"
on the message that will result.

Close any other wizards or messages that have opened themselves. You should now
see the "ASUS WLAN Card Settings" window, with the Buffalo WLI-U2-KG54-AI shown
as the current device.

This completes the modification of the ASUS WLAN Card Utilities. You now have
the required software to setup a soft AP using the Nintendo Wi-Fi USB
Connector.

--------------------------------------------------------------------------------
- 4.4.2.3  Soft AP Configuration                                               -
--------------------------------------------------------------------------------

In this section we will actually configure the soft AP, and get the Internet
running through it.

The ASUS software makes this very simple, and you should be up and running in
only a few clicks.

Open up the "ASUS WLAN Control Center", and click on the "Config" icon. On this
page you should see a tab that says "Soft AP", click on it.

Here you need to click on the bubble next to "Soft AP Mode". This will put the
device into Master mode. On the bottom of this tab, you should see a diagram of
a network, and on the bottom left there should be a window that says "Available
Network Connections". Select which one of those connections is currently
connecting you to the Internet, and drag that up to the box that is next to
"Internet". Make sure the box next to "Enable ICS" is checked.

Now click "Apply". After a moment you should get a warning about changing the
modes of the adapter, click "Yes". A few seconds later and you should get
another window popping up to tell you that enabling ICS may take awhile, click
"OK" again. Then wait, like the message said, this can take awhile.

You will know that it is finished when the green "Apply" icon becomes greyed
out again. Once this happens, click on the "Basic" tab.

On this tab you need to enter in the SSID your soft AP will use. Make sure that
"Hide SSID" is not checked, or else you won't be able to find your soft AP when
you search from your devices (though you could always manually configure it).

Then move down to the channel selection. You can use any channel you want, but
it would be a good idea to either use 1, 6, or 11.

Now down on the bottom, click "Advanced". On this new tab, go to the pull down
box next to "54g Mode:" and select "802.11b Only".

Click "Apply", then "OK".

Your Nintendo Wi-Fi USB Connector has now been converted to a standard soft AP.
You may now connect your client devices to it and begin using it as you would
any other WiFi access point.

However, I highly suggest you look at the "Encryption" and "Access Control"
tabs in the Control Center, and enable some form of security. Read Section 5,
"Network Security" for a more in-depth explanation of these features.

================================================================================
= 5. Network Security                                                          =
================================================================================

--------------------------------------------------------------------------------
- 5.1  WiFi Security                                                           -
--------------------------------------------------------------------------------

Wireless security is essentially a myth. The very concept of sending data over
the air using hardware that any consumer can purchase cheaply and without a 
license makes it a dangerous technology.

Of course there are many things you can do to increase the security of a
wireless network. The problem is, the DS doesn't really support any of them. We
will have to work around this, and do the best we can with the limited
abilities of the DS.

The following sections will give some tactics that can be used to make the best
of the limited security options Nintendo decided to arm the DS with. I will
explain what each security measure does, why it works, and at the same time,
why it doesn't.

--------------------------------------------------------------------------------
- 5.1.1  Cloaked SSID                                                          -
--------------------------------------------------------------------------------

Cloaking simply means that your WiFi device does not publicly broadcast the
SSID. This will cause general purpose WiFi devices and software to not list it,
essentially hiding it from people who did not know the network was there.

The problem with this feature is that it can make setting up new devices
difficult. The DS does not list networks unless their SSID is being broadcast;
so to configure it with such a network, you would either need to manually set
it up, or temporarily enable SSID broadcasting.

So how effective is this in the real world? Well, not very, unfortunately. It
doesn't do a whole lot more than make configuring your own devices a bit more
complicated. 

If your goal is to block your neighbor from casually connecting up to your
network (perhaps by mistake), a cloaked SSID would have the same effect on
them, their hardware would not show the network. If you are dealing with a 
person that is not actually trying to access your network, but perhaps just
doesn't know any better, this would deter them. But to anyone more advanced, it
is nothing more than a parlor trick.

The flaw with cloaked SSIDs is that every time a client device authenticates
or deauthenticates, the SSID is sent out in the 802.11 frames. Good software
like Kismet can pick up on this, and find the SSID even if you have enabled
cloaking.

If an attacker is running Kismet and you are not actively using the network, it
will still show up, but simply will have no name. This alone is all it takes to
confirm a network is there, and will draw the attacker's attention.

This makes cloaked SSIDs all but completely useless as a serious security
device.

But hey, it sounds cool, right?

--------------------------------------------------------------------------------
- 5.1.2  MAC Filtering                                                         -
--------------------------------------------------------------------------------

MAC stands for Media Access Control, it is a unique identity that all network
devices must have. MAC addresses are part of the second level of the OSI Model,
and are mapped to IP addresses on the third layer of the OSI Model via ARP. MAC
addresses are an essential element to TCP/IP, and it is vital that both the MAC
addresses and ARP tables are valid for TCP/IP to function properly.
 
By design, there can never be two devices with the same MAC address (though as
with everything, accidents do happen, I have heard about NICs shipping from the
factory with identical MACs in the past), so they can be used as a form of
physical security. Locking out all but specific MAC addresses can secure a
network from unauthorized access.

Well...in theory, anyway.

In concept, MAC filtering is a bulletproof approach to wireless security. In
the real world however, it is possible to "spoof" (fake) the MAC address of the
network card in a computer. That means an attacker can gain access to a MAC
filtered AP simply by sniffing the network traffic for an allowed MAC and
cloning it to his own network card.

To the AP, the attacker's computer would appear to be one of those allowed to
access the network, and therefore get full access. At first glance, it would
appear that MAC filtering is almost completely useless against a knowledgeable
attacker.

But, not all is lost. As TCP relies on sane MAC addresses to function properly,
two MAC addresses cannot exist on the same network without serious problems
coming up. Because of this, a MAC can only be reliably spoofed when the card
that actually owns that MAC address is not active. This obviously limits the
attacker's access, and needs to be circumvented if their goal is to setup a
long-term connection to the network.

To do this, the attacker would either have to disable MAC filtering, or add
the real MAC of his network card to the list of authorized devices. Either
action will not only make his presence known, but would also require the
attacker to get access to your router or AP's configuration (more on that in
Section 5.2, "Securing your WiFi Router").

Also, if the only WiFi device accessing your MAC filtered router is the DS, you
are in a bit better shape, since you won't be authenticated with the AP nearly
as much with the DS as you would be with a computer. The attacker would have to
get lucky enough to be sniffing your AP at the same time you were playing a
game, to be able to get the MAC of your DS.

If the attacker can't sniff a MAC that is authorized to connect to the AP,
there is no way they can get though the MAC filtering.

So with the proper application, you can see a realistic benefit from MAC
filtering. Just make sure to keep an eye on the MAC filtering configuration on
the router, and limit the amount of time you spend authenticated to the AP, if
possible.

--------------------------------------------------------------------------------
- 5.1.3  WEP                                                                   -
--------------------------------------------------------------------------------

WEP stands for Wired Equivalent Privacy, which is a form of hardware based
encryption that is defined in the 802.11b standard. WEP operates on the MAC
layer of the OSI network model.

WEP uses a 40 bit RC4 PRNG shared key created by RSA. The key is combined with
a 24 bit random number known as the "Initialization Vector" (IV). This yields
an apparent 64 bits of encryption.

Manufacturers later amended more features to WEP, including 104 bit keys. This
combined with the 24 bit IV, gives us what people refer to as 128 bit WEP. It
is important to remember, as these features were added after the 802.11b
standard was created, it is not mandatory for devices to support them.

For a client to connect to a WEP protected AP, they must have the encryption
key. However, any WiFi device in range can sniff the packets as they go though
the air. But the packets are encrypted, so the data itself is not visible
without first decrypting it.

WEP was the first attempt at adding security to WiFi technology. As common with
first attempts, WEP was not nearly as effective as was originally intended. A
number of weaknesses were eventually found, and WEP is today viewed very
negatively by many users.

The primary shortcoming of WEP is that the IV is sent in the clear. An attacker
can sniff the wireless traffic and analyze the IVs to eventually find the
original key. Once the key has been found, the attacker then has complete
access to the wireless network.

To capture enough IVs to crack a WEP network takes time, and a considerable
amount of data transferred over the network (usually 500+ MB). Even so, it is
now well within the reach of a moderately skilled user to crack even a strong
WEP key in a matter of hours given the proper conditions.

But every cloud has a silver lining. Knowing the faults of WEP is the best
defense against having those faults exploited at your expense.

While nothing will ever make WEP as a secure as a wired network, or even WPA
for that matter, the following tips can greatly reduce the risk of a successful
attack on your AP.

--------------------------------------------------------------------------------
- 5.1.3.1  Use a Strong Key                                                    -
--------------------------------------------------------------------------------

A universal truth with all passwords or keys is that anything in the dictionary
is inherently insecure. Such passwords can be quickly cracked with so called
"dictionary attacks", which (as the name implies) go though all of the words in
a predetermined dictionary file to attempt to guess the correct password.

Dictionary attacks are many many times faster than actually cracking the key
by decrypting it. If you can successfully protect yourself from such attacks, 
you will instantly make your network more difficult to compromise.

There are a number of tips to protect yourself from dictionary attacks:

Be sure to never use a word that can be found in the dictionary. This includes
names of people or places.

Obfuscate your key with alternating capital letters and numbers.

To really create a secure key, add in some symbols or even non-printable Hex
characters.

Using these tips will help you create a key that is much more secure than just
plain text. For example, rather than using "password", you could use
"\[P4$5W@r|)]/". 

Try finding that in Webster's.

--------------------------------------------------------------------------------
- 5.1.3.2  Use the Highest Encryption Possible                                 -
--------------------------------------------------------------------------------

This one is fairly obvious. Use the highest encryption that your hardware
supports.

If you are using 64 bit WEP, you are a much easier target for an attacker, as
it can be cracked in literally minutes.

But as I mentioned before, since 128 bit WEP is not actually in the 802.11b
specification, support for it is completely optional. So be sure that any
hardware you are buying actually has support for it.

The DS itself supports 128 bit WEP, so just be sure your router, AP, or soft AP
device supports it as well.

--------------------------------------------------------------------------------
- 5.1.3.3  Limit your Bandwidth                                                -
--------------------------------------------------------------------------------

As covered previously, a lot of data needs to be sniffed out of the air to
successfully crack WEP. If you can limit the amount of data you transfer, you
can make it that much more difficult to crack the encryption.

Unless your devices really need to be wireless, connect them via Ethernet. If
you can get it down so that only your DS is connected to your AP, then you will
sharply reduce the amount of data you are sending though the air.

Consider this, if the only device that ever uses your WEP protected AP is a
single Nintendo DS playing WFC games, it would take a very, very long time to
generate a significant amount of data.

How long? Well, let's see:

On average, it takes about 700 MB worth of sniffed traffic to crack a 128 bit
WEP key. 

Meanwhile, Tetris DS with 2 players generates about 6 MB (3 up, 3 down) per
hour of actual time spent in a match.

Doing some simple math, you would have to play Tetris DS for about 117 hours,
or just shy of 5 days, to generate 700 MB of traffic.

If you play for a half hour a day, then it would take about 233 days for you to
pull 700 MB though that AP. Even if you played for 3 hours a day, every day, it
would still take over a month to generate enough traffic to crack the key.

Clearly, no casual attacker is going to sniff your connection for months just
to get online. After a day or two, he is going to move on to an easier target.

--------------------------------------------------------------------------------
- 5.1.3.4  Rotate your Key                                                     -
--------------------------------------------------------------------------------

As covered in the previous section, cracking a WEP key requires significant
data to be transferred over the network for the attacker to sniff and analyze.
Because of this, the process of cracking the key can take a long time,
depending on the rate of data being transferred over your network.

Therefore, you can conceivably change the key often enough that it isn't
possible to generate sufficient IVs to successfully crack it before it is
changed again.

Going back again to the previous section, we know it could take the better part
of a month to send the required amount of data over the wireless link, even
with a considerable amount of WFC gaming. If you were to change out your WEP
key every 25 days or so, by the time an attacker had collected an appreciable
amount of data, you would already be using a new key, making his collected data
completely useless.

--------------------------------------------------------------------------------
- 5.1.3.5  Combine Forces                                                      -
--------------------------------------------------------------------------------

Even with the steps above, WEP can still be a liability. That is why you should
not rely on it as the only method of security for your network. You need to
have a comprehensive plan that covers multiple vectors.

It is important to pair smart WEP practices with other techniques, such as MAC
filtering, cloaked SSIDs, and firewalls.

By combining all of these security features, you can create a network that is
simply not going to be worth the effort for a casual attacker.

No WiFi network is completely safe from attack, and if there is an attacker
that has for whatever reason specifically targeted you, with enough effort,
they will get in.

But if the only threat to your network are leachers and WarDrivers, 9 times out
of 10, if they see a network that is using multiple security measures, they
will simply move on a bit down the street to the next network, which will
almost certainly have little to no protection.

--------------------------------------------------------------------------------
- 5.1.4  Is it Safe?                                                           -
--------------------------------------------------------------------------------

While I have outlined some tactics that will make breaking into your wireless
network harder, by no means will they make your network invulnerable. At the
end of the day, WEP is very exploitable, and the software and information to do
so is easily available.

I have also neglected to mention a serious threat to WEP, one which completely
undermines any attempts to make it more difficult to crack.

Up until now, we have assumed that to capture enough data to crack WEP, the
attacker must sit and wait for data to literally float past him. While this is
true, it is also possible for an attacker to use a technique called
"replaying", which forces the AP to send out data by replaying recorded data
transmissions back to it. Using this technique, it is possible to force an AP
to send out hundreds of megabytes of data in only a matter of minutes, speeding
up the cracking process exponentially. With replaying, it is now possible for
and experienced attacker to crack a 128 bit key in as little as 10 minutes.

There is essentially nothing you can do to stop such an attack.

However, there is one glimmer of hope. While many WiFi cards are capable of 
sniffing data, relatively few are capable of the packet injection that is
required for a replay attack. Unless the attacker is fairly serious about
breaking into other people's networks, there is a good chance he only has
sniffing capability, and has not spent the time and money to track down a card
that can handle injection. I know that is not exactly comforting, but it's the
only positive thing I can say, really.

It essentially comes down to the skill and determination of the attacker. If
your biggest threat is your next door neighbor jumping on your network to
download porn, then I can tell you with confidence that following the advice in
this Guide will keep him out. However, if you are dealing with an experienced
cracker that has specifically targeted you, with enough time and equipment,
your network will be compromised. Sorry.

--------------------------------------------------------------------------------
- 5.2  Securing your WiFi Router                                               -
--------------------------------------------------------------------------------

An important aspect of wireless security, one which many people forget, is
properly securing the wireless router itself.

If you are using a soft AP, including the Nintendo Wi-Fi USB Connector, there
is not much to worry about. Granted the security of your computer is very
important, but you are not going to have a browser-based configuration system
just sitting out in the open on your computer, like you do on a standard WiFi
router.

Though this configuration page on your router, it is possible to do all sorts
of nasty things, including locking you out of your own router, and even
destroying it by doing an improper firmware flash on it.

Also, as mentioned in Section 5.1.2, "MAC Filtering", the router configuration
also holds the MAC filtering information, and can be used to allow an attacker
to add his MAC to your router's authorized list, and get full access to the
network.

It is vitally important to lock down your router to prevent anyone else but
yourself from accessing it. There are number of things you can do to secure
your router, but not all hardware will support all features, so just do the
best you can with whatever the router supports.

--------------------------------------------------------------------------------
- 5.2.1  Use a Strong Password                                                 -
--------------------------------------------------------------------------------

The same rules for password creation apply as they did in Section 5.1.3.1, "Use
a Strong Key", except here, the risks are even higher. It is much easier to
guess, brute force, or dictionary crack the password on a router than a WEP
encrypted network.

It is possible to detect the manufacturer of your router by it's MAC OUI, and
many sniffing programs will automatically show the attacker what brand router
you are using. From there, it is a simple Google search to find the default
username and password that company uses. If you never changed your password
from the default one, you have just been compromised in a matter of seconds.

If you changed your password, but made it something simple, like "secret"; you
aren't in much better shape. The web authentication that most home routers use
can be dictionary cracked very rapidly. Running tests on my own routers, it
only took a few minutes for a dictionary cracking program to run though a list
of over 3000 common passwords, and find the simple password I had set for the
test. Again, it was very easy, and very quick, to get into the router.

Now, let's say that you follow the guidelines I talked about in Section
5.1.3.1, "Use a Strong Key". Such a password would not be discovered with a
dictionary attack, so the only option for the attacker would be to attempt a
brute force attack. In a brute force attack, the software is set with the
minimum and maximum length of the password, and what characters to use (for
example, numbers only, alphanumeric, capital letters only, etc), the software
will then attempt every possible password combination within the given
parameters.

As you could imagine, this would take a massive amount of time to complete.

Take for example the password I gave in that section, "\[P4$5W@r|)]/". To have
a 100% chance of cracking the password, the brute force software would need to
be configured to go up to 13 characters, and use full ASCII key-space.

That gives us 2,812,901,617,993,870,347 possible combinations. Go back and read
that again. 

At best, you are only going to be able to try 5 passwords per second or so
against the router, given the speed of the connection and the response time of
the router itself.

As if it had to be said, that would take many, many, many, many, years to
complete.

But to be precise, it would take about 17,839,305,000 years to crack that
password using a brute force attack.

--------------------------------------------------------------------------------
- 5.2.2  Disable Wireless Management                                           -
--------------------------------------------------------------------------------

Wireless Management allows users connected to the router via WiFi to access the
router's web configuration.

This is almost certainly not what you want to do. If your computer is connected
to the router over Ethernet, then you will absolutely want to disable this
option.

All this does it makes it possible for an attacker to get into your router
configuration from outside of your home.

If your router supports it, and it won't effect your usage of the device, then
disable this immediately.

--------------------------------------------------------------------------------
- 5.2.3  Disable Remote Management                                             -
--------------------------------------------------------------------------------

Remote Management is a feature on some routers that allow the web configuration
page to be accessed over the Internet, with the idea that you could manage your
router from anywhere on the planet.

Obviously, this is almost completely useless in every way, and should be
disabled.

There are few good reasons you would ever need to access your router from
outside your home, and they certainly don't outweigh the considerable risk of
having your configuration open up to all of the Internet to see.

--------------------------------------------------------------------------------
- 5.2.4  Disable Remote Upgrade                                                -
--------------------------------------------------------------------------------

Remote Upgrade allows your router to be flashed with a firmware sent to it over
the Internet.

This is a disastrously stupid option, and should be disabled and completely
forgotten about.

--------------------------------------------------------------------------------
- 5.2.5  Enable HTTPS                                                          -
--------------------------------------------------------------------------------

Some routers will allow you to chose HTTP or HTTPS for the web administration
page. HTTPS is more secure than HTTP as it encrypts data sent to and from the
site. In this case, the data you want to secure is your password.

If you are using just HTTP, it would be possible for a attacker connected to
your network to sniff your router password as you login. If this happens, it
doesn't matter how good your password is, he will have it. 

--------------------------------------------------------------------------------
- 5.3  Nintendo Wi-Fi USB Connector                                            -
--------------------------------------------------------------------------------

While it might not have been Nintendo's initial goal when creating the Wi-Fi
Connector, the device does manage to offer considerable security. 

As I have covered, pretty much every security technology the DS supports can
be easily overcome by a moderately skilled attacker. The Wi-Fi Connector, on
the other hand, offers a security model that is not only the highest available
to the DS, but perhaps on any WiFi device.

Each DS is identified by the Connector though the player's nickname, rather
than the MAC address of the device. While it is very easy to sniff the MAC of
the DS with even the most basic software, capturing the nickname is another
story entirely. It is possible, but well out of the realm of standard WiFi
cracking.

Not only that, but each DS needs to be interactively authenticated by the user
from the computer with the Wi-Fi Connector. There is no way for a device to
sneak onto the Wi-Fi Connector.

In fact, the Wi-Fi connector doesn't even show up as a standard WiFi network to
standard computer hardware.

Bottom line is, there is currently no known way to spoof an authenticated
DS and connect up to a Wi-Fi Connector. It is the best security you can get
with the DS, given the lack of WPA encryption.

--------------------------------------------------------------------------------
- 5.4  Firewalls                                                               -
--------------------------------------------------------------------------------

The firewall is the key element in network security. Essentially, a firewall is
anything that blocks incoming or outgoing traffic to a computer or network
based on a set of predefined rules. Firewalls can protect your internal network
from attacks from the Internet, or keep users from sending out information that
they are not allowed to.

On the same note, firewalls also tend to be a big source of trouble for
non-technical users. The same protection that keeps attackers from accessing
your computer from the Internet can also block your computer games from
connecting to other players, or your file transfers from completing.

A common, and very unfortunate, mistake that many users make is to simply
disable the firewall if it blocks a protocol they are trying to use. This is a
very bad idea, you should never disable your firewall. Instead, make the effort
to find out what ports and protocols your program needs, and allow them in the
router configuration. This way your software will continue to work, and you
will still be protected.

In the following sections, I will cover some general firewalling principles,
and then the different types of firewalls available; both hardware firewalls,
and software firewalls in Linux, Windows, and Mac OS.

--------------------------------------------------------------------------------
- 5.4.1  General Firewall Concepts                                             -
--------------------------------------------------------------------------------

Firewalls can be deployed in many different ways and configurations. Certainly
more than I could possibly cover here.

I will simply cover the most common forms of firewalling, which is enough for
the purposes of this Guide.

--------------------------------------------------------------------------------
- 5.4.1.1  Inbound Firewalling                                                 -
--------------------------------------------------------------------------------

In this configuration, the firewall filters inbound traffic based on rules the
user sets up. This is often required to play online games, use Bittorrent, and
other services that require traffic to be able to reach your computer.

An inbound firewall will also allow traffic in that was requested by a machine
from within the protected zone. 

For example: when you perform a FTP download, you first would connect out to
the server though the firewall, then when the download actually starts, the
traffic would come back in though the firewall. 

This works without the user having to explicitly allow the FTP protocol,
because the firewall knows a machine within the protected zone initiated this
connection, and therefore traffic should be allowed back in though the firewall
to the machine that requested it.

This form of firewalling will protect a home user from most threats on the
Internet. It will block any attackers that attempt to connect to your computer,
as well as automated attacks like worms and viruses.

However, an inbound firewall is only effective if it's rules are correctly
configured. If you have not made sure all protocols that you don't need are
blocked, the protective capability of the firewall will be negated.

--------------------------------------------------------------------------------
- 5.4.1.2  Outbound Firewalling                                                -
--------------------------------------------------------------------------------

Outbound firewalling filters traffic that is coming out of the protected zone.

This type of firewalling addresses the primary weakness of inbound
firewalling, which is that any communication that was initiated from inside
the protection of the firewall is assumed to be safe.

Under normal circumstances, this is a perfectly acceptable assumption. However,
in the event that a rogue connection is made out to a waiting server without
the user's knowledge, the inbound firewall will do nothing to stop it.

This can happen if the computer is infected with a virus, or more accurately, a
Trojan horse. In the case of a large network, this could also be the result of
an attacker connecting his own computer up to the network and connecting out.

By connecting out though the firewall to a waiting server, an attacker can
create an open path into the target network or machine, and through this get
control of the target.

This is where the concept of outbound firewalling comes in. An outbound
firewall is able to block connections out to the Internet based on the protocol
being used or the software program that initiates the connection.

For example: an outbound firewall could be configured to block all outgoing
instant messenger protocols, to keep users of the network from chatting online
instead of doing their work.

As you can imagine, an outbound firewall takes a lot more configuration to
effectively protect the network while not impeding the use of it. While an
inbound firewall only needs to know what protocols to always allow through and
then allow everything else the user actually requests for, an outbound firewall
will block everything going out by default, and needs to know exactly what you
expect to be sending out when you are using the computer.

--------------------------------------------------------------------------------
- 5.4.1.3  Network Segmentation                                                -
--------------------------------------------------------------------------------

While the home user can get all the protection they need from an inbound and
outbound firewall, more complicated networks demand a more robust system of
protection.

Enter the concept of segmentation. Basically, this is the process of separating
a network into multiple segments, each with their own firewalls and rules for
filtering traffic. 

For example: in a corporate network, the servers may be allowed full access out
to the Internet, while the staff's machines could be configured to only allow
connections out.

Obviously, such a setup can be very difficult to configure, and hard to manage
if something goes wrong. But for maximum security in an environment with
multiple computers, the importance of keeping traffic separate demands it.

--------------------------------------------------------------------------------
- 5.4.2  Types of Firewalls                                                    -
--------------------------------------------------------------------------------

There are many types of firewalls available, each with it's own strengths and
weaknesses. It is up to the user to decide which one is right for them, based
on their needs and budget.

Here I will cover the two main types of firewalls, hardware firewalls, and
software firewalls.

--------------------------------------------------------------------------------
- 5.4.2.1  Hardware Firewalls                                                  -
--------------------------------------------------------------------------------

A hardware firewall is any dedicated device that filters traffic into a
network. I say network, rather than computer, because hardware firewalls are
almost always used when there is more than a single client to protect (though
hardware firewalls designed to be used with a single computer do exist).

When talking about hardware firewalls for the home user, you are going to be
dealing with SOHO routers, which almost all include a basic firewall.

These small firewalls are almost all inbound firewalls. I know of no consumer
router that offers outbound firewalling from the factory. Though more advanced
hardware firewalls are capable of it, however.

Hardware firewalls are a good deal for the user that has their own small LAN
they want to protect, as they can protect all of the machines equally. However,
they are likely overkill for a user that simply has one computer connected up
to the Internet.

To allow traffic into a network, hardware firewalls will generally have
multiple rules which you can configure to forward specific traffic to a
predetermined IP address within the network. Most consumer hardware firewalls
also include a DMZ function, which allows all traffic from the Internet to
access the IP address specified. While it is never a good idea to place your
personal computer in the DMZ, it is occasionally necessary to place a device
there that needs access to multiple ports at once, like a game console.

As hardware firewalls work on the physical layer (meaning, the computers it
protects are physically plugged into it), hardware firewalls have the advantage
of working seamlessly with any operating system or device capable of connecting
to it.

--------------------------------------------------------------------------------
- 5.4.2.2  Software Firewalls                                                  -
--------------------------------------------------------------------------------

A software firewall is actually a program that runs on the computer it is
protecting, and actively monitors and filters all traffic on that computer.

Software firewalls can act as both inbound and outbound firewalls. Outbound
firewalling is easy to do in a software firewall, since the firewall is running
on the computer right along side the programs that need to access the Internet.

Some software firewalls will interactively notify the user when an inbound
connection has been blocked, or when a program is requesting an outbound
connection. While helpful, these messages and requests for confirmation tend to
annoy some users.

The exact opposite of a hardware firewall, the software firewall is a good
choice for protecting a single computer, but is not suitable to protect an
entire network. Software firewalls also tend to require more configuration than
their hardware counterparts.

Since a software firewall is just that, a piece of software, each operating
system uses a different software firewall program. Some operating systems
include this ability, while others might require the user to install their own
software firewall.

--------------------------------------------------------------------------------
- 5.4.2.2.1  GNU/Linux                                                         -
--------------------------------------------------------------------------------

Linux includes it's own firewall system built into the kernel. In 2.2 kernels,
it uses IPChains, and in 2.4+ kernels, IPTables is used. As every standard
distribution is using at least a 2.4 kernel, you only need to worry about
IPTables.

IPTables is capable of nearly any form of firewalling or NAT possible, so the
sky is the limit when it comes to configuration.

IPTables is generally configured from he command line, or more accurately, by
putting commands into a script, and having that run at boot time.

If a GUI is your thing, there are some good front-ends for IPTables, such as
Firestarter, Guarddog, Firewall Builder, and Knetfilter.

--------------------------------------------------------------------------------
- 5.4.2.2.2  Windows                                                           -
--------------------------------------------------------------------------------

Windows has not had a built-in firewall included until very recently, not until
Windows XP Service Pack 2, to be specific.

Also, not surprisingly, the Windows firewall is not very advanced, and can only
do inbound firewalling, not outbound firewalling (very unusual for a software
firewall). This limitation is due to Microsoft's concept of computer security,
and that the firewall's only duty is to protect a computer from infection, not
protect a computer that is already infected with a trojan. Right or wrong, this
behavior is confirmed to be in the Vista as well.

Configuration of the Windows firewall is essentially selecting which services
will be open on a specific interface, and which ones will be blocked.

As the Windows firewall is very basic, it is advised to download and install an
alternate software firewall (if you don't already have a hardware firewall
upstream, that is).

I would recommend Kerio Personal Firewall 2.1.5 (the last freeware version of
Kerio's firewall product). Besides being free and more advanced than the
Windows firewall, Kerio PF also has the advantage of working on
Windows 98/ME/2000.

--------------------------------------------------------------------------------
- 5.4.2.2.3  Mac OS                                                            -
--------------------------------------------------------------------------------

OSX includes a fairly complete firewall that is built into the kernel, not
unlike IPTables in Linux, known as ipfw. IPTables and ipfw are pretty similar
in their operation. They both use individual rules to build the firewall, can
be setup though scripts, and support detailed logging.

Like IPTables, ipfw does not have any GUI in and of itself, but OSX does
include a GUI for it by default. However, ipfw is capable of much more than
it's fairly simplistic GUI can present to the user.

Many of the more advanced capabilities of the OSX firewall cannot even be
accessed from it's GUI, they need to be enabled from the Terminal. This
includes the ability to block outbound traffic, as by default, the OSX firewall
only blocks inbound traffic like the Windows firewall.

Having to use the Terminal to configure the more advanced aspects of ipfw has
always been a criticism of the OSX firewall system. However, even when limited
to only the GUI interface, the OSX firewall is still more capable than the
Windows firewall. The GUI attempts to be a balance between the most commonly
used features, and ease of use. At least you are always open to using those
advanced features if you feel you need them, while the Windows firewall just
isn't capable of them in the first place.

An interesting note about the OSX firewall, it cannot be turned off. This is
part of Apple's security model, to help protect their machines by having the
firewall active from the very first time the computer is setup.

--------------------------------------------------------------------------------
- 5.4.3  Practical Application                                                 -
--------------------------------------------------------------------------------

All the information in the world is useless if you don't have a way to
practically apply it to your situation. In the following sections, I will cover
how you the user can implement some of the firewall technology previously
covered to help protect your network when opening it up to wireless access.

--------------------------------------------------------------------------------
- 5.4.3.1  Inbound Firewalling                                                -
--------------------------------------------------------------------------------

The easiest and most reliable way to setup inbound firewalling for your network
is though the use of a hardware firewall. As mentioned before, the primary form
of hardware firewall for the average consumer is a home router. This device
will include a inbound firewall capable of blocking all unsolicited requests to
the machines on your network, wired and wireless.

The firewall contained in the average home router is enabled by default, and
does not require any setup from the user. The moment you connect your computer
to it, you are under it's protection. This makes the hardware firewall the
easiest to deploy out of all the options available.

The only configuration you may need to do on your hardware firewall is allowing
traffic into your network that you specifically want. For example, if you want
to run an FTP server from your computer, you would need to forward that traffic
to the IP of your computer.

As I mentioned before, all of the software firewalls are also capable of
inbound firewalling. It is important to remember though, that this will only
protect the computer it is running on, and not the rest of the network. These
also will involve a bit more setup than the hardware firewall.

Speaking about the DS specifically, you generally will not have to make any
adjustments to an inbound firewall to get online and in a game.

However, on some routers there are bugs or inconsistencies in the way it
handles NAT and forwarding, and it might be necessary to do some additional
setup for you to connect to the WFC service.

If you are getting errors when connecting to the WFC though a router, check the
error number online to see if it is a firewall error. If so, you might want to
setup port forwarding to the DS, or place it in the DMZ. In either event, it
would help if you setup the DS with a static IP to make the configuration
easier.

If your DS is connecting to the Internet though your computer, either via
the Wi-Fi Connector or other soft AP, the incoming firewall may need to be
adjusted to allow all traffic into the DS if you are experiencing errors while
playing.

--------------------------------------------------------------------------------
- 5.4.3.2  Outbound Firewalling                                                -
--------------------------------------------------------------------------------

As I mentioned previously, consumer hardware firewalls generally do not posses
any outbound firewalling capability. For that reason, they will not be
mentioned in this particular section. This section is only concerning software
firewall products.

I won't go into a lot of detail here. As the software firewall setup is going
to be completely different for every platform, it is better than I go into
specifics in each operating system's individual section.

I am just going to give a brief overview of how you can deploy an outbound
firewall in relation to the Nintendo DS and WFC games.

The concept here is that you can limit how a device can connect out to the
Internet, in an effort to only allow legitimate traffic through. Speaking about
the DS specifically, you can use outbound firewalling on the computer that is
sharing it's Internet connection to the system.

This has a very real benefit, especially if you are running a standard soft AP
that any device can connect to. You can limit outbound connections from the
wireless side to only connect to Nintendo's WFC servers, blocking everything
else. This will prevent somebody from connecting up to your soft AP and using
your Internet connection. Unless of course they were connecting up with a DS
and were looking to play WFC games...well, nothing is perfect.

Again, I will go into more detail on this method elsewhere; but the basic idea
is to allow outgoing traffic to Nintendo's servers, which are located at
"nintendowifi.net". The destination URL is always going to contain this bit of
information, for example, Tetris DS will attempt to connect out to
"tetrisds.master.gs.nintendowifi.net". So if you block any URL that doesn't
contain "nintendowifi.net", it should allow your games to work properly while
blocking all other traffic.

--------------------------------------------------------------------------------
- 5.4.3.3  Network Segmentation                                                -
--------------------------------------------------------------------------------

While this is certainly the most effective way to make sure people connecting
to your wireless access point don't get full access to the network, it is
without a doubt the most difficult to implement.

For this to work, you need to have a machine that is more or less dedicated to
being an access point. Not only should traffic from this machine be limited as
to what it can connect to on the Internet (see the previous section), it should
also be limited in it's connectivity to computers on the LAN.

In short, this computer should ONLY be able to connect out to Nintendo's WFC
servers and nothing else.

Clearly, this is not practical for the average person. Still, I will attempt to
cover this at a later date. A lot of the information in this Guide is of
limited use to the average person anyway, so I guess that shouldn't be a reason
to stop me now.

================================================================================
= 6. FAQ & Troubleshooting                                                     =
================================================================================

This Guide covers a lot of ground. From the basic functions of the DS, all the
way to doing NAT in the Linux kernel.

At the same time, finding answers in a large document like this can be
difficult, especially if you have a very specific bit of information you are
looking for.

This section of the Guide aims to address that exact situation. Here I will
break down information into smaller sections, to answer specific questions or
detail the resolutions to common problems.

Obviously, this section will be in a constant state of revision, as more
problems are sent into me, or more resolutions are found.

To that end, if there is a specific problem or question that you don't see
answered here, contact me so that I can work on adding it in.

--------------------------------------------------------------------------------
- 6.1  FAQ                                                                     -
--------------------------------------------------------------------------------

This section will try and answer some common questions that I get emailed, or I
see being asked on the boards.

--------------------------------------------------------------------------------
- 6.1.1  Nintendo Wi-Fi Connection                                             -
--------------------------------------------------------------------------------

These are some common questions about the Nintendo Wi-Fi Connection in general.

--------------------------------------------------------------------------------
- 6.1.1.1  Transferring WFC ID                                                 -
--------------------------------------------------------------------------------

There is a lot of confusion about the WFC ID, so I hope to clear it up here.

The WFC identifies you by a unique ID that is created the first time you sign
in with an online game. If you get a new DS, or want to play an online game in
a different DS than the one it was originally played in, you are supposed to
transfer the WFC ID to the new DS.

If you don't, you will lose both your old Friend Code, and any Friend Codes
that were given to you from anyone else. Some games will also wipe your online
record. You would also need to link your DS with your "My Nintendo" account
again.

However, it is not required for the games to operate, so if you are unable to
transfer your ID from the old DS to the new one, you shouldn't worry about it
too much.

For instructions on transferring your WFC ID, see Section 2.4.3, "Transfer
Nintendo WFC Configuration".

--------------------------------------------------------------------------------
- 6.1.2  Routers                                                               -
--------------------------------------------------------------------------------

There are a lot of questions about the use of the DS with standard WiFi
routers. Here are some of the most common questions going around out there.

--------------------------------------------------------------------------------
- 6.1.2.1  Will My Router Work?                                                -
--------------------------------------------------------------------------------

The best answer I can give is, "probably".

While it is true that there are a few routers that simply do not work at all
with the DS, the majority should either work out of the box, or in the worst
case, with need a few adjustments.

Take a look at Section 6.2.2, "Routers" for some tips on getting your router to
work if you are having a problem connecting up to it.

--------------------------------------------------------------------------------
- 6.1.2.2  Suggested Routers                                                   -
--------------------------------------------------------------------------------

A lot of people ask me if there is a particular brand or model they should look
for when going out to buy a new wireless router.

I always suggest the Linksys WRT54G, as it is easily the best consumer router
on the market today.

However, it isn't quite as easy as all of that. Linksys recently decided to
fork the WRT54G product line; as of version 5 of the WRT54G, the hardware and
software have been changed radically. By all accounts, these routers are simply
not nearly as capable as the original versions. The pre-version 5 WRT54G was
rebranded as the WRT54GL (the "L" standing for "Linux", which is what the
original WRT54Gs run), and sold primarily online (and at a slightly higher
price tag).

So if you want to buy the best, look for a pre-version 5 WRT54G, or go online
and buy a WRT54GL. It is definitely worth the trouble to get the real deal
rather than the imitation.

That said, the limited version of the WRT54G is still better than most of the
low-end routers on the market. If you can't, or don't want, to go through the
trouble to find the Linux version, you could still do a lot worse than the
current WRT54G.

Speaking of a lot worse, definitely stay away from all D-Link hardware. Not
only are they poor products, but the company as a whole has been known for some
very shady business practices in the past.

As for the rest, you get what you pay for. If you don't want to spend the money
for a good router, at least go online and checkout the router compatibility
list on nintendowifi.com before you buy it.

--------------------------------------------------------------------------------
- 6.1.3  Nintendo Wi-Fi USB Connector                                          -
--------------------------------------------------------------------------------

The Nintendo Wi-Fi USB Connector is a device surrounded by confusion. I have
seen more questions about the Connector than any other aspect of the DS's WiFi
capabilities.

Maybe this section will help that. Probably not though.

--------------------------------------------------------------------------------
- 6.1.3.1  Does the Wi-Fi Connector Only Work with the DS?                     -
--------------------------------------------------------------------------------

Yes, using the standard drivers, the Nintendo Wi-Fi USB Connector only works
with the Nintendo DS.

*NOTE*

Nintendo has also confirmed that the Wi-Fi USB Connector will work with the
upcoming Wii console as well.

--------------------------------------------------------------------------------
- 6.1.3.2  How Many Consoles Can Play on the Wi-Fi Connector?                  -
--------------------------------------------------------------------------------

The Nintendo Wi-Fi USB Connector can support up to five Nintendo DS units
connected to it at once. Presumably it is limited to five Wii consoles as well.

It is worth mentioning, however, that with that many players connected, lag can
become a problem if you don't have a fairly fast Internet connection.

--------------------------------------------------------------------------------
- 6.1.3.3  What is Needed to Run the Wi-Fi Connector?                          -
--------------------------------------------------------------------------------

You will need a computer that has at least one free USB 2.0 port and is
running Windows XP, and an Internet connection.

The USB Connector does not work with other versions of Windows, such as Windows
98, Windows ME, or Windows 2000.

See Section 3.2, "Using the Nintendo Wi-Fi USB Connector" for all of the
details.

--------------------------------------------------------------------------------
- 6.1.3.4  Will the Wi-Fi Connector Work with Dial-Up?                         -
--------------------------------------------------------------------------------

Yes

While not officially supported by Nintendo, the Wi-Fi Connector (as well as any
soft AP setup, for that matter) will work with a dial-up connection.

However, due to the high latency of dial-up, you are likely going to experience
considerable lag in most games.

If you can only use dial-up, I would suggest you stick to games that do not
require fast action or a lot of data to be transfered. For example, Animal
Crossing or Tetris DS.

--------------------------------------------------------------------------------
- 6.1.3.5  Is the Wi-Fi Connector a Good Value?                                -
--------------------------------------------------------------------------------

Personally, I would say no. At the time of this writing, the USB Connector
costs $40. For that much money, you could get a complete wireless router that
is much more capable.

--------------------------------------------------------------------------------
- 6.1.4  GNU/Linux                                                             -
--------------------------------------------------------------------------------

This section will cover questions on the setup and use of a soft AP under
GNU/Linux.

--------------------------------------------------------------------------------
- 6.1.4.1  Will Any WiFi Adapter Work?                                         -
--------------------------------------------------------------------------------

No, not all cards will work with DS_AP.

While many native Linux drivers support Master mode, not all of them do. In
addition, cards that are being used though Ndiswrapper will not support Master
mode.

The web page for your card's driver should tell you if the card supports Master
mode or not, as open source driver projects tend to be pretty descriptive on
their pages.

--------------------------------------------------------------------------------
- 6.1.4.2  How Can You Test If an Adapter will Work?                           -
--------------------------------------------------------------------------------

An easy way to test if your card supports Master mode is to run the following
command as root (Assuming wlan0 is your WiFi card):

bash# iwconfig wlan0 mode Master

If you get an error along the lines of "Operation not supported", then your
drivers don't support Master mode.

If you get nothing back, and it just returns to a new line on the console, then
your card is now in Master mode, and DS_AP should work fine for you.

DS_AP can also test the capabilities of your your wireless card by running it's
testing mode. Check Section 4.1.4, "The Complete DS_AP Script" for more 
information.

--------------------------------------------------------------------------------
- 6.1.4.3  Can You Use the Wi-Fi Connector Under Linux?                        -
--------------------------------------------------------------------------------

The answer to this is: "eventually".

Currently, the Linux drivers for the RT2570 devices (of which the Wi-Fi
Connector is), don't support Master mode. However, I have spoken with the
developers directly about the issue, and it is planned for the future.

So right now, the Wi-Fi Connector cannot be used to share an Internet
connection with the DS, though it will be possible to do so at some point in
the future.

However, that doesn't mean the Wi-Fi Connector is without use under Linux. It
can be used as a standard WLAN device to get your computer online, and it can
also be used for WMB/WiFiMe. WMB lets you broadcast official DS demos with your
computer, and WiFiMe lets you send DS homebrew programs.

If you are interested in DS development, then WiFiMe may interest you, as you
can send software you are working on right to the device, rather than having to
put it onto a flash card first.

The official Linux drivers for the Wi-Fi Connector can be found here:

http://rt2x00.serialmonkey.com

If you are looking to do WMB/WiFiMe, you will need the hacked version of the
above drivers written by masscat:

http://masscat.afraid.org/ninds/rt2570.php

--------------------------------------------------------------------------------
- 6.1.5  Windows                                                               -
--------------------------------------------------------------------------------

There are a lot of Windows questions, so I will probably be adding to this one
constantly, but for now, I will just cover the basic points.

--------------------------------------------------------------------------------
- 6.1.5.1  Will Any WiFi Adapter Work?                                         -
--------------------------------------------------------------------------------

No, not even close.

Only a fraction of the WiFi cards available in Windows will be able to go into
Master mode with their standard drivers.

For the most part, if you don't know if your card is capable of Master mode,
you should just assume it isn't.

--------------------------------------------------------------------------------
- 6.1.5.2  How Can You Test If an Adapter will Work?                           -
--------------------------------------------------------------------------------

If your adapter actually supports Master mode, then you should be able to set
it as such under the "Device Manager".

--------------------------------------------------------------------------------
- 6.1.6  Mac OS                                                                -
--------------------------------------------------------------------------------

I have received very little email about OSX, or have seen many questions asked
about it, so I will just put questions that seem logical.

--------------------------------------------------------------------------------
- 6.1.6.1  Will Any WiFi Adapter Work?                                         -
--------------------------------------------------------------------------------

At this time, the only type of wireless adapter I can confirm working on OSX is
the AirPort line.

It is unfortunate that only this one type of adapter appears to work, but on
the bright side, many Macs ship with the AirPort installed, so if you have a
new Mac you likely have the required equipment.

--------------------------------------------------------------------------------
- 6.2  Troubleshooting                                                         -
--------------------------------------------------------------------------------

Problems, problems, problems. It seems like half the people talking about the
WFC are having some problems with the service, or the act of connecting up to
it.

I rather think that covering all problems is impossible; but there are
certainly a couple of very definite trends that I can follow, which should
cover the most common of the problems at least.

--------------------------------------------------------------------------------
- 6.2.1  Nintendo Wi-Fi Connection                                             -
--------------------------------------------------------------------------------

The WFC itself is pretty stable. There isn't a whole lot that can go wrong with
it, but there are a few sticky subjects which should be addressed.

--------------------------------------------------------------------------------
- 6.2.1.1  Error Messages 50000 to 59999                                       -
--------------------------------------------------------------------------------

These error messages indicate that the DS was not able to connect to the
Nintendo Wi-Fi Connection service.

This is generally caused by a software firewall running on the computer hosting
the Wi-Fi Connector. You will want to allow the Wi-Fi Connector software in
your firewall's configuration, or disable the software firewall while you are
playing.

You usually won't see this error when connecting to a router, as the router
shouldn't be blocking any outbound connections. But if you do see this message
when using a router, then read Section 6.2.2.3, "DS Connects to Router But
Cannot Connect to Internet".

--------------------------------------------------------------------------------
- 6.2.1.2  Error Messages 80000 to 89999                                       -
--------------------------------------------------------------------------------

These error messages indicate that the DS was able to connect to the Nintendo
Wi-Fi Connection service, but was able to make or maintain a connection with
other players.

If you find you are never able to connect to a full game, or get these errors
once you connect up to the other players, you might want to look into putting
your DS into your router's DMZ.

If you are using the Wi-Fi Connector, this problem is probably caused by a
software firewall on the computer that is sharing it's Internet connection. You
need to allow the Wi-Fi Connector software or forward the required ports. If
all else fails, you can just disable the software firewall on the computer when
you want to play online.

--------------------------------------------------------------------------------
- 6.2.2  Routers                                                               -
--------------------------------------------------------------------------------

As there are a number of compatibility issues with some standard routers, this
issue comes up quite a bit. A lot of people have problems initiating or
maintaining a connection with their wireless routers, so this section will
address ways to work around the hardware incompatibilities and get you online.

Luckily, in the majority of cases, router incompatibility can be overcome with
adjustments to the settings and configuration options. It is rare that a router
is completely incompatible with the DS, though it is possible.

--------------------------------------------------------------------------------
- 6.2.2.1  DS Does Not Detect Router                                           -
--------------------------------------------------------------------------------

If your DS doesn't detect the presence of your router, there are a number of
things you will want to check.

First of all, verify that the wireless functionality of the router is switched
on. Most routers have an option to disable their wireless access point, and it
is possible that yours has simply been switched off. Though it is unlikely that
this is the default setting, if your router was configured by someone else, it
might be worth checking.

If the wireless function of the router is indeed on, then the second thing you
should check (if possible) is if other devices can detect the router. If they
can, then you know that the problem is DS-specific, and you will need to
continue on with the troubleshooting process. If the other device cannot see
the router either, you might want to check that "SSID Broadcast" is not turned
off.

Now, if we are sure that the router is actually broadcasting and other devices
can see it; we need to figure out why the DS can't.

A number of routers have had firmware updates since the release of the DS to
enable them to properly communicate with it. As such, the first thing you
should check is if there is a firmware update available. Running the latest
firmware is always a good idea.

The issue could also be due to interference with other nearby devices. This is
unlikely if other WiFi devices are able to connect alright, but it is worth a
shot to change the channel your router is running on to see if that helps any.

Lastly, you want to make sure you are in range of the router. The best way to
test connectivity with the DS is by attempting to connect when you are only a
few feet away from it, then move on from there.

In addition, some of the tips in the next section will also resolve this issue,
to take a look at those as well if you are still having problems.

--------------------------------------------------------------------------------
- 6.2.2.2  DS Cannot Establish Link with Router                                -
--------------------------------------------------------------------------------

If your DS was able to detect the router, but just not connect, then there is a
whole other set of configuration options you will want to check.

The first thing you want to check is the most obvious, the security settings.
Is the router using MAC filtering? If so, you need to add the DS's MAC to the
allowed list. If you are using WEP, have you entered the key correctly? The DS
can't use WPA, so make sure you don't have that enabled.

If the problem isn't something obvious, then you will want to move on to some
more advanced troubleshooting.

You should check to make sure you are running the most recent firmware on your
router, as that is a very common cause for incompatibilities.

If that doesn't help, then drop the TX rate of the router down to 2 Mbps. The
DS only works at 2 Mbps, and some routers have problems automatically setting
their speed. Setting it manually can help if this is the case. While in the
wireless settings, you should also set the transmit mode to "B Only", if you
are using a 802.11g router. Try switching the channels if you think you might
be getting interference from other devices or WiFi networks.

--------------------------------------------------------------------------------
- 6.2.2.3  DS Connects to Router But Cannot Connect to Internet                -
--------------------------------------------------------------------------------

There are two main causes for this situation.

Most likely, the issue is a DHCP failure. The DS's TCP/IP stack has problems
getting an IP from many DHCP servers. To resolve this issue, you will want to
setup your DS with a static IP and DNS settings, as described in Section 7.4,
"Correctly Configuring a Static IP".

It could also be a firewall problem, where the firewall is blocking the DS from
connecting out to the Internet. This doesn't happen too often, as the firewall
in the router should be smart enough to allow the WFC traffic. But if not, you
can get around this by putting your DS's IP into the router's DMZ. This will
allow all traffic though the firewall, and should resolve the problem.

It is much easier to put the DS into the DMZ when it is setup with a static IP,
so these two solutions are very complementary to each other.

--------------------------------------------------------------------------------
- 6.2.2.4  None of that Worked!                                                -
--------------------------------------------------------------------------------

If you are in the relatively unlikely situation in which none of the previous
tips worked, you might just have yourself an incompatible router. This is rare,
but it is within the realm of conceivability.

You only have a few options at this point. You can either get a new router or
setup a soft AP (either with the Wi-Fi Connector or something else).

Beyond that, the only thing you can hope for is that an updated firmware is
released to resolve the issue. But I wouldn't put too much faith in it at this
point in time.

--------------------------------------------------------------------------------
- 6.2.3  Nintendo Wi-Fi USB Connector                                          -
--------------------------------------------------------------------------------

The Wi-Fi Connector is a very problematic device. Not necessarily because it is
poorly designed, but because of the wealth of configuration options it needs
to contend with on the average computer. Each computer has a different network
configuration, and writing software that can anticipate all possible situations
is simply not possible.

Here are a few common problems, and their respective solutions. Keep in mind
that even here, these solutions may or may not resolve the issue, depending on
your unique system configuration.

One final note, before you do any troubleshooting, make sure you are using the
very latest Wi-Fi Connector software. Nintendo does fix bugs in the software
occasionally, and there is a fair chance that the problem you are having might
have been resolved in a newer version of the software if you are using the
version that came on the CD.

--------------------------------------------------------------------------------
- 6.2.3.1  Wi-Fi Connector Not Detected by Installer                           -
--------------------------------------------------------------------------------

If the installer is unable to detect the Wi-Fi Connector, the most common
problem is that you plugged it in before you were told to by the software.

If you plugged the Wi-Fi Connector in before you were instructed to, Windows
will attempt to install it's own device drivers for it. These drivers will not
work with Nintendo's software, and you will be unable to complete the
installation.

To resolve this, go under the "Device Manager" and make sure all drivers
Windows has installed for the actual Wi-Fi Connector device have been removed,
then reboot your computer and start the installer again. This time, make sure
to only plug the Wi-Fi Connector into the machine when the installer tells you
to.

Occasionally you will get this error even if you didn't plug the Wi-Fi
Connector in too early. It is unclear why this happens, but the following seems
to help some people who are receiving this error.

Open "Network Connections" and select the interface you are currently using to
connect to the Internet (for example, "Local Area Connection 1"), right click
on it and select "Properties".

In the middle window, under "This connection uses the following items:", see if
you have "QoS Packet Scheduler" enabled. If it is, remove it by first clicking
on it to select it (a blue bar will appear) and then clicking on the
"Uninstall" button below it.

Restart the Wi-Fi Connector installation software, and see if it works. For
some people, removing the QoS Packet Scheduler is enough to get the installer
working, though there is no guarantee it will do anything.

After the installation works (or fails, depending on your luck) you can either
leave the QoS Packet Scheduler disabled (most people will not need it) or
reinstall it if you want to be safe.

--------------------------------------------------------------------------------
- 6.2.3.2  Internet Connection Sharing Error                                   -
--------------------------------------------------------------------------------

The "Internet Connection Sharing" (ICS) error is very common, easily the most
common problem people have in setting up the Wi-Fi Connector.

The most common resolution to this issue (but not the only possible one) is
that ICS has already been enabled on one of the other network devices. Since
Windows can only handle ICS on one device at once, this prevents the Nintendo
software from initializing it's own ICS setup.

To resolve this, you need to disable ICS on whatever device is currently using
it.

Open up the "Control Panel", and click on "Network Connections".

Here you will see the list of network devices in your computer, you will need
to make sure ICS is disabled on every device besides the Wi-Fi Connector
itself.

To do this, right click on the device and select "Properties". Then go to the
"Advanced" tab. Make sure that every option under the ICS section is disabled
here.

Repeat those steps for every other network device you have installed beyond the
Wi-Fi Connector.

After you have disabled ICS, uninstall the Wi-Fi Connector software and
drivers, and reboot the computer.

Once the computer starts back up, try the Wi-Fi Connector installation again
from the beginning.

================================================================================
= 7. Reference                                                                 =
================================================================================

Here is some general information that may be of use to people reading this 
Guide, I will add more to this as the Guide expands.

--------------------------------------------------------------------------------
- 7.1  Networking Glossary                                                     -
--------------------------------------------------------------------------------

These are simple definitions for some of the terms used in this document.

Access Point

   An Access Point (often referred to simply as an "AP") is the central hub in
a WiFi network. All devices connect through the AP to reach the Internet, each
other, etc. For most people, the AP will be contained in their wireless router,
though stand-alone APs are also available for those who have existing wired
networks.

DHCP

   DHCP is system that allows the automatic assignment of IP addresses to 
devices on a network. Almost all home routers have a DHCP server, and the 
majority of people connected to home routers, wired or wireless, are using 
DHCP. DHCP is advantageous as it makes adding new devices to the network very
simple.

DNS

   If the IP address is to be compared to a phone number, then DNS could be 
compared to the phone book. A DNS server holds records that equate hostnames 
to IP addresses. This is used to convert human-friendly addresses, like 
Nintendo.com, to IP addresses. A device is generally configured with the
addresses for two different DNS servers, a primary and a secondary. This allows
for a backup in the event the primary DNS server is not responding.

Gateway

   A gateway is another term for a router. In this case, the gateway is
generally a home router of some sort, though in the case of one of the advanced
connections, the gateway is actually the computer sharing out the Internet
connection. 

ICS

   ICS stands for "Internet Connection Sharing". This is Microsoft's term for
NAT, and while it is fairly limited in scope and capability (as are most
Microsoft products), it is effective enough for the home user.

IP Address

   An IP address is the human-readable address used to define a device on the 
network. The easiest way to think of an IP address is like a phone number. 
Everyone with a phone has a phone number and that number is unique to that 
person but not necessarily to that phone. A phone can have it's number changed, 
just as a device on the network can have it's IP changed.

MAC Address

   The MAC address of a device is built into it's networking hardware. Every 
network-enabled device has a unique MAC address that can be used to identify 
it.  

NAT

   NAT stands for "Network Address Translation". It is the method in which an
Internet connection can be shared to other devices. This allows you to connect
multiple devices to the Internet without each device needing a dedicated
connection.

Proxy

   A proxy is best described as an intermediary between two networks. A client
connects to the proxy server, and then the proxy connects to the destination
server or network on the client's behalf. This is used for a number of things,
such as making your Internet activity anonymous or connecting through a
encrypted tunnel rather than on the open network. This is not something the
average home user needs, or even understands, but may be required on more
advanced networks.

SSID

   "Service Set Identifier", or SSID, is the method by which wireless networks
are identified by users. The SSID is embedded in every packet transfered by the
wireless network. Every device that wishes to be part of the network must know
the proper SSID. The SSID can contain 32 alphanumeric characters, and can
usually be "hidden" or "cloaked" to provide a minimal level of security for
your network.

WEP

   WEP is an outdated method of WiFi encryption. It contains numerous
vulnerabilities which allow it to be circumvented very rapidly. Whenever
possible, a higher form of encryption than WEP should be used. This is not
always possible however, as not all devices support higher forms of encryption,
such as the Nintendo DS.

WPA

   WPA was designed to replace the flawed WEP encryption system. While WPA is
certainly not without it's faults, it offers much more secure operation. At
this time, circumvention of a WPA network is not enough of a threat for the
average person to even consider.

--------------------------------------------------------------------------------
- 7.2  Software AP Compatible WiFi Hardware and Drivers                        -
--------------------------------------------------------------------------------

The following lists hardware and drivers that either I have personally verified
to be working, or at least have on good authority should work, with a software
AP setup.

--------------------------------------------------------------------------------
- 7.2.1  GNU/Linux                                                             -
--------------------------------------------------------------------------------

+-------------------------------------------------+
|      Device      | Interface |      Driver      |
+-------------------------------------------------+
| Realtek RTL8180  |  PCMCIA   | rtl8180 + sa2400 |
| Linksys WM11     |  PCMCIA   | HostAP           |
| AmbiCom WL1100C  |  CF Card  | HostAP           |
| Centrino         | Mini-PCI  | IPW2100          |
+-------------------------------------------------+

--------------------------------------------------------------------------------
- 7.2.2  Windows                                                               -
--------------------------------------------------------------------------------

+-------------------------------------------------+
|      Device      | Interface |      Driver      |
+-------------------------------------------------+
| Centrino         |  Mini-PCI | Offcial Drivers  |
| RT2500           |  PCI      | Gigabyte SoftAP  |
| ASUS WL-167g     |  USB      | Official Drivers |
+-------------------------------------------------+

--------------------------------------------------------------------------------
- 7.2.3  Mac OS                                                                -
--------------------------------------------------------------------------------

+-------------------------------------------------+
|      Device      | Interface |      Driver      |
+-------------------------------------------------+
| AirPort          |  PCI      | AirPort Drivers  |
| AirPort Extreme  |  PCI      | AirPort Drivers  |
+-------------------------------------------------+

--------------------------------------------------------------------------------
- 7.3  Finding the Current TCP/IP Information                                  -
--------------------------------------------------------------------------------

I have noticed that many people seem confused as to how to check their current
TCP/IP information in order to input manual settings into the DS. The following
sections will cover how to find your current TCP/IP information (IP, subnet,
gateway, and DNS servers) in Windows, Linux, and Mac OS.

Do note, that for all of the operating systems listed, the first DNS server
listed is always the primary, and the next server listed is the secondary. In
reality, the order that the DNS servers are queried does not really matter
for most home users, so don't worry too much about the order in which you enter
them on the DS. In fact, some users might find they don't even have a secondary
server listed.

If you are unclear as to the meaning of any of the information below, consult
Section 7.1 "Networking Glossary".

--------------------------------------------------------------------------------
- 7.3.1  Under GNU/Linux                                                       -
--------------------------------------------------------------------------------

Under Linux, there are a few commands you will want to run to get all of the
TCP/IP information.

The first command we will look at is "ifconfig", which will show you the IP
settings for any interface on the system.

The output of "ifconfig" will look something like this:

bash# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0A:E6:D0:17:93  
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2763 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2986 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1543179 (1.4 MiB)  TX bytes:390496 (381.3 KiB)
          Interrupt:11 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6708 (6.5 KiB)  TX bytes:6708 (6.5 KiB)

Your system may have more interfaces than this, but the one you are most likely
going to want to look at is eth0, your primary Ethernet adapter. The entry for
"inet addr" is your machine's IP, and the entry for "Mask" is your subnet.

Now that we have the IP information, we will now look for our default gateway.
To find the default gateway, run the command "route".

The output of "route" will look something like this:

bash# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

Here, the last line is the important one. This shows the default router your
machine is using to connect out to the internet.

Finally, we will find the DNS servers the machine is using to resolve hostnames
to IP addresses. To find the current DNS servers, we will look in the file
"/etc/resolv.conf".

To read the file, we will use the command "cat /etc/resolv.conf". The contents
of the resolv.conf file will look similar to this:

bash# cat /etc/resolv.conf
# Generated by dhcpcd for interface eth0
nameserver 151.204.0.84
nameserver 151.197.0.39

--------------------------------------------------------------------------------
- 7.3.2  Under Windows                                                         -
--------------------------------------------------------------------------------

Under Windows, there is really only one command you need to know to find out
the current TCP/IP information for your machine. First, you will want to open 
up the command interpreter. To do this, click the "Start" button, then click on
"Run" and in the dialog box, type in "cmd". Then hit enter.

You will be presented with the command interpreter window, in this window, you 
will type the command "ipconfig /all".

The output will look similar to this:

Windows IP Configuration
       Host Name . . . . . . . . . . . . : MyComputer
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Generic Ethernet Controller
       Physical Address. . . . . . . . . : 00-XX-00-XX-00-XX
       Dhcp Enabled. . . . . . . . . . . : Yes
       IP Address. . . . . . . . . . . . : 192.168.1.100
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 151.204.0.84
                                           151.197.0.39

This command shows all of the information you should need to fill in the IP 
information on your DS.

--------------------------------------------------------------------------------
- 7.3.3  Under Mac OS                                                          -
--------------------------------------------------------------------------------

Like Linux, Mac OS uses the "ifconfig" tool to set and view TCP/IP options.

The output of "ifconfig" will look something like this:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet 127.0.0.1 netmask 0xff000000 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet6 fe80::20a:95ff:fed4:3456%en0 prefixlen 64 scopeid 0x4 
	inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
	ether 00:0a:95:d4:34:56 
	media: autoselect (10baseT/UTP <half-duplex>) status: active
	supported media: autoselect
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 2030
	lladdr 00:0a:95:ff:fe:d4:34:56 
	media: autoselect <full-duplex> status: inactive
	supported media: autoselect <full-duplex>

Here, the primary Ethernet adapter is "en0". The entry after "inet" is the IP
for the machine.

Again, as in Linux, you will view the contents of /etc/resolv.conf to see the
DNS servers:

To read the file, we will use the command "cat /etc/resolv.conf". The contents
of the resolv.conf file will look similar to this:

nameserver 151.204.0.84
nameserver 151.197.0.39

The method to view the default gateway is different in Mac OS than Linux. To
find the default gateway under Mac OS, run the command "netstat -m".

The output of "netstat -r" will look something like this:

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGSc       17       35    en0
127                127.0.0.1          UCS         0        0    lo0
127.0.0.1          127.0.0.1          UH         12   323181    lo0
192.168.1          link#4             UCS         1        0    en0
192.168.1.1        0:20:78:ce:c0:ec   UHLW       16        0    en0   1158
192.168.1.100      127.0.0.1          UHS         0       10    lo0

Here, the top line is the important one. This shows the default router your
machine is using to connect out to the internet.

--------------------------------------------------------------------------------
- 7.4  Correctly Configuring a Static IP                                       -
--------------------------------------------------------------------------------

I think that given my profession and general interest in the subject, I tend
to take some things for granted.

Specifically, I just assumed that people were aware how to properly configure
a device to use a static IP without causing an IP conflict or other such
problem. But looking at user's comments on the Internet, I can see that is
clearly not the case. So in this section I am going to cover the proper way, or
at least the easiest way, to give a device a static IP address.

The first thing you need is the current configuration from one of the devices
already connected to the network, namely your computer. To find the relevant
information on your computer, consult section 7.3, "Finding the Current TCP/IP
Information". Once you have taken note of all the information, proceed on.

Most of the information should be directly copied into the DS's static IP
configuration. This includes the subnet mask, gateway, and both the primary and
secondary DNS servers.

The only thing that needs to be changed is the IP. Two devices cannot have the
same IP address, so you have to make sure that the IP you set for the DS is not
currently in use, or will be in the future.

The problem here is that if the computers on your network are using DHCP, it
could eventually cause a conflict if the IP you have setup for the DS is pulled
from the DHCP server.

Thankfully, most routers will assign a specific DHCP range, allowing for many
IP addresses that can be used without fear of the DHCP server ever trying to
give it out. These are generally the lower IPs, so we will continue on with
that assumption.

Let's say that the IP address of your router is 192.168.1.1, and your computer
is 192.168.1.100. Now, if you were to give the DS the static IP of
192.168.1.101, there could be a conflict if another computer using DHCP came
onto the network

To avoid this, we are going to use an IP address that is lower than the DHCP
server is going to use. Taking again the example router IP of 192.168.1.1, we
can assume that the IP 192.168.1.10 would be safe to use for the DS. It is low,
so DHCP probably won't use it, and it is high enough that you could still add
other static devices below it.

Of course, this is going to change depending on your network setup, which is
going to be determined by your router.

But the concept is simple. You take the IP of your router, and increase the
last digit by about 10. So if the router is 192.168.0.1, then use 192.168.0.11.

The important thing to remember, aside from making sure the IP you chose is not
already in use, is to make sure you change only the last digit. If you change
any of the other ones, you will put your DS out of the network, and you won't
be able to establish a connection.

--------------------------------------------------------------------------------
- 7.5  Tips for Increasing WiFi Range                                          -
--------------------------------------------------------------------------------

A common complaint of WiFi technology is the relatively short useful range. The
DS is especially susceptible to this fault due to the extremely simplistic
antenna it employs (imagine a one inch strip of tin foil on a bit of plastic,
that should give you a pretty good idea of what we are dealing with).

Luckily, there are quite a few things you can do to increase the useful range
of your WiFi hardware. Note that none of these tips are DS-specific. These will
work with any WiFi devices you might have.

--------------------------------------------------------------------------------
- 7.5.1 Transmission Rate                                                      -
--------------------------------------------------------------------------------

The easiest way to improve signal strength in fringe areas is to decrease the
tranmission rate of the hardware. This seems counter-intuitive at first, to
slow down the link in order to increase it's performance. To understand this
concept, you first have to understand how radio's communicate with each other.

To put it simply, the worse the signal is between two radios, the slower data
has to be transmitted to ensure it is properly transferred. Because of this,
WiFi hardware automatically changes the transmission rate as the signal strength
goes up and down.

However, this can be a problem in some situations. Let's say that the WiFi card
you are using is designed to go from 11 Mbps to 5.5 Mbps when the signal drops
below 50%. Now, what happens when you are using this device in an area where
the signal strength wavers between 45% and 55%?

Every time the signal drops below the specified rate, the card will request
that the AP communicate with it slower, and when the signal goes back up, it
will then request that the AP speeds up again.

If you are in an area where the signal is constantly shifting around, the
devices can spend a good deal of their time just trying to decide how fast they
should be communicating. In the process, data can be needlessly lost, requiring
it to be retransmitted, bringing down the overall speed of the link even more.

Clearly, this is a vicious and pointless cycle. The design of the hardware
itself will slow down communication more than the low signal will.

Luckily, the solution is very simple. Just manually lock the sync rate of your
hardware to a low speed if you do not have a strong signal. While you will be
taking the hit in bandwidth, you will be making up for it in the long run by
not having to deal with the problems associated with rate autonegotiation.

--------------------------------------------------------------------------------
- 7.5.2  Antennas                                                              -
--------------------------------------------------------------------------------

While the weak antenna on the DS is a constant (well, technically it could be
modified with an external antenna connector, but that is a bit out of the scope
of this document), the antennas on your WiFi router can usually be changed out
for ones of higher gain. Linksys, for example, makes a set of 7 dB high-gain
omnidirectional antennas that connect right up to many of their routers.

You can also fit your router (or even some PCI and PCMCIA cards) with
directional antennas. These can dramatically increase range, and can be
purchased inexpensively (in fact, you can even build your own). However, the
problem with directional antennas is just that, they focus the signal from the
device's transceiver in a single direction, rather than equally spreading it
around as an omnidirectional antenna does. Unfortunately, to see any benefit
from a directional antenna, you would need to always keep the client device
in-line with the antenna. For a mobile device like the DS, this is obviously
not what you want.

So, try to find some high-gain omnidirectional antennas for your hardware,
either official products from the manufacturer, or a third party product.

--------------------------------------------------------------------------------
- 7.5.3  Router Firmware                                                       -
--------------------------------------------------------------------------------

Not only will the latest official firmware for a router often fix problems you
might be having and increase performance, some routers have third party
firmwares available that radically change the abilities and performance of the
router. Namely, it is possible to increase the radio power much higher than 
it's stock configuration allows

When talking about third party firmware for routers, you are mainly going to be
dealing with the Linksys WRT54G. The WRT54G is not only considered the best
consumer router available, but it is also easily the most flexible router on
the market, as it runs the Linux operating system. Since Linux is licensed
under the GPL, Linksys had to make public their version of Linux built for the
WRT54G. This allowed other developers to build their own customized versions of
the operating system.

It is important to note however, that as of version 5 of the WRT54G, it no
longer runs Linux, and instead uses a simplified firmware, along with less
powerful hardware. Linksys has forked the development of the WRT54G, there is
now the standard consumer version, and the WRT54GL, which is the Linux version.
If you want to experiment with alternate firmwares, you need either a pre-5
WRT54G, or the WRT54GL. In fact, many people have been reporting problems with
the v5 WRT54Gs, so you might be better off getting a WRT54GL even if you never
plan on hacking it.

There are many replacement firmware's for the WRT54G, many more than I can
cover here, but you may want to check out HyperWRT or DD-WRT to start with.

Likewise, the installation of third party firmware is out of the scope of this
document, so you will have to look on the website for the firmware you are
looking to install.

Take a look at the Wikipedia page on the WRT54G to get more information on it's
hardware revisions and third party firmware.

http://en.wikipedia.org/wiki/WRT54G

================================================================================
= 8. Thinking Out Loud                                                         =
================================================================================

In this section, I will share my observations, thoughts, and experiments in 
reference to the Nintendo DS and it's WiFi capabilities.

--------------------------------------------------------------------------------
- 8.1  Rate Autonegotiation                                                    -
--------------------------------------------------------------------------------

Rate autonegotiation is probably one of the biggest faults with the Nintendo
DS, and is the cause of many (if not most) of it's hardware incompatibilities.

To understand the problem, you first need to understand what rate negotiation
means. When two network devices (wired or wireless) first begin to communicate,
they complete what is known as a "handshake". This process allows the two
devices to learn a bit about each other so that they can reliably establish
communication. One of the most important details that is conveyed in the
handshake process is the maximum rate at which both of the devices can
communicate. The speed at which the devices are to communicate is then set to
the highest supported speed between them, or in other words, the network can
only go as fast as the slowest device that is currently connected.

Unfortunately, unlike essentially every other modern WiFi device released, the
DS supports a maximum transmission rate of 2 Mbps. This is rather unusual in
itself, as even 802.11B devices will generally transmit at their maximum of
11 Mbps, and only fall back to 2 Mbps if there is a bad connection. But, this
is what Nintendo gave us, so this is what we need to deal with.

Now, the principle problem here is not that the DS can only communicate at 2
Mbps (for the purposes of the DS, this is more than enough bandwidth) but the
fact that the DS seems largely incapable of properly negotiating this fact with
the access point it is connecting to. This can cause significant problems in
some cases.

For example, the first time I played Mario Kart online I noticed differences
when setting the DS up against my Linksys WRT54G and BEFW11S4. When connecting
to the routers, the time taken for both the connection test and the actual
login to the Nintendo Wi-Fi Connection took considerably longer when
authenticating against the WRT54G than the BEFW11S4.

Looking at the setup for both routers, the WRT54G's rate was set as Auto, while
the BEFW11S4 was locked at 2 Mbps. Setting the rate on the WRT54G to 2 Mbps
cleared up the problem, and my login times were the same on both routers.

This was a relatively minor problem, but on some hardware autonegotiation
doesn't just take longer, it completely fails. D-Link and Belkin routers, for
example, often fail when trying to autonegotiate with the DS. This can be a
difficult problem to diagnose if you don't already know about the issue, as
there is no error message that will directly blame a failed connection on the
transmission rate of the router. It will just cause a general error message
about not being able to connect.

Because of the delays involved in autonegotation and the possible connectivity
failures on some hardware, I strongly suggest everyone sets their router's TX
rate to 2 Mbps from the start if at all possible.

Many complain that doing this would cause the other wireless devices on the
network to slow down to 2 Mbps as well, which is completely true. But on the
other hand, the same thing will happen whenever you allow the DS to
automatically configure the router's speed anyway. If you use the Wi-Fi
Connection often, there is functionality no difference between setting the rate
to Auto and manually capping it at 2 Mbps.

--------------------------------------------------------------------------------
- 8.2  WiFi vs. NiFi                                                           -
--------------------------------------------------------------------------------

Here is the first thing you need to know; every wireless function on the DS
uses WiFi. This alone confuses many people, as local wireless multiplayer is
neither online nor easily tunneled (unlike the PSP), which would seem to
indicate it is using some different wireless technology, but that just isn't
the case.

WiFi is a standard for wireless networking defined by the IEEE 802.11
specification. That means that WiFi is a general term for many different
products and technologies.

For it's local multiplayer, the DS uses WiFi only as a transport medium. The
OSI Network model defines 7 layers of network connectivity. Without getting 
into very technical detail, the IEEE 802.11 specification only defines layers 1
and 2. TCP/IP (what people commonly use WiFi for) does not start to emerge
until layer 3, where IPv4/IPv6 are defined, and then TCP/UDP on layer 4.

Instead of using TCP/IP over WiFi for local multiplayer, Nintendo has
developed their own communication protocol that is specifically designed
for gaming. It is faster, more efficient, and much simpler than TCP/IP or UDP.
This protocol doesn't come into play (like TCP/IP) until after layer 2. So
while it is not TCP/IP, what we all associate WiFi with, it is certainly still
within the IEEE 802.11 specification, and therefore, is WiFi.

Think of the DS's WiFi hardware as a blank sheet of paper. It lays down all the 
rules for WiFi connectivity, but it is up to individual developers to decide 
what that WiFi hardware is going to be used for. Nintendo's proprietary 
protocol for local wireless, or TCP/IP for online games.

For games using the Nintendo Wi-Fi Connection, a TCP/IP stack is included in 
the game software itself. So with a designated game, the DS can work with normal
WiFi networks.

This is in contrast with the PSP, which uses TCP/IP over WiFi for both it's 
online and local multiplayer games. It uses Infrastructure mode for online
games, and Ad-Hoc mode for local multiplayer games. This is an easy way to go,
but does lack the advantage of being specifically designed for games. Perhaps
this is why we have not seen the local multiplayer features of the PSP used as
well as they have been on the DS (Download Play, 10 player single card multi,
Download Stations, etc).

So, what is this protocol that Nintendo created called? Thankfully for me, as
I have no creativity, somebody has already named it for us. The usual term for
the DS to DS protocol in the homebrew world is NiFi, a play on Nintendo and 
WiFi.

I hope that clears up some of the confusion as to what NiFi refers to, and why
it is really WiFi, just in an unusual form.

--------------------------------------------------------------------------------
- 8.3  Nintendo Wi-Fi USB Connector vs. Software AP                            -
--------------------------------------------------------------------------------

The point of this Guide, at least originally, was covering the setup of 
software APs in Linux and Mac OS, since Nintendo had already provided a method
to do so for Windows users. However, many people are unhappy with the official
Nintendo option, and wish to create their own software AP in Windows. So the
question is, which is the better option?

Personally, I would have to advise most Windows users to just get the Nintendo
Wi-Fi Connector and be done with it, unless you already have a soft AP capable
WiFi device.

Make no mistake, it is certainly possible to create a software AP in Windows. 
But due to the needlessly restrictive nature of the Windows OS, and it's
drivers, it is frustratingly difficult. Both because of how poorly implemented
the feature is in Windows, and because of the poor hardware support.

But if we assume that you already own a compatible WiFi device, and have the
ability to configure a soft AP, then we can at least make a fair comparison
with the Wi-Fi Connector.

The Wi-Fi Connector does have the advantage of per-device access restrictions
out of the box, which improves the security of the installation a great deal.
With a soft AP you are limited to MAC filtering and WEP, neither of which are
considered secure at this point.

In favor of the soft AP, you can support many more devices, both in terms of
the amount of devices (the Wi-Fi Connector is limited to 5 concurrent
connections) and the variety of devices (any WiFi device for soft AP, only the
Wii and DS for Wi-Fi Connector). This is usually the deciding factor for most
people, as you will probably want to use some non-Nintendo devices at some
point.

Beyond that, there is little difference. Price does come up, since you can get
a compatible card for less than the Wi-Fi Connector. Though most of the 
compatible cards are PCI or PCMCIA, so that may be an issue for you if you want 
a USB solution. The soft AP should also work on any OS supported by the 
device's drivers, something that cannot be said for the Windows XP only 
Wi-Fi Connector.

Of course, now that the Wi-Fi Connector itself can be used as a standard soft
AP, most of this is moot. If you want the Wi-Fi Connector functionality, use
the original software; if you want soft AP functionality, follow Section 4.4.2.
It is really the best of both worlds. 

--------------------------------------------------------------------------------
- 8.4  What Happened to WPA?                                                   -
--------------------------------------------------------------------------------

A major complaint about the DS's WiFi implementation is the lack of WPA 
support. While this is minor or non-existent to some users, others value the
security of their wireless network and would rather not compromise it.

To those who value their "security" I would have to point out that WiFi, by 
design, is an insecure system in the first place. Even WPA can be cracked with 
relative ease with current software. If you are that concerned with network 
security, I would advise you to stop using WiFi completely.

But regardless, there is hope. As the TCP/IP implementation and WLAN API is
included in each game card, and not on the system itself, it is completely
possible for Nintendo to add WPA support in software with later game releases.
It would not be possible to add WPA support to existing WFC games, however.

The problem is, the DS is probably not powerful enough to handle the overhead
that would be involved in handling WPA in software without an unacceptable drop
in performance.

For this reason alone, I would not put too much hope in an eventual update to
support WPA.

--------------------------------------------------------------------------------
- 8.5  A Tale of Two Consoles                                                  -
--------------------------------------------------------------------------------

While researching the for the Guide, I noticed a odd behavior when two systems
connected to the same AP and played on the WFC.

Testing with Animal Crossing: Wild World, I would connect my DS (DS A) to a
friend's DS (DS B) though local wireless, and begin wandering around his town.

If I then took a second DS (DS C) and connected to DS A though WFC, I would
start to have problems. It would work fine for the first few minutes, but
invariably, within the first 10 minutes, all of the systems would crash, and
give various error messages about losing contact with the host, or problems
with lag.

I can confirm this behavior on the Linksys WRT54G 100% of the time during my
tests. I also tested the same situation with my soft AP created for this
Guide, and while it lasted longer than the WRT54G, it too would crash after
awhile.

I have not found an exact cause for this, I will have to take a look at the
network traffic going between the 3 with a sniffer to find out what is
actually happening.

One theoretical solution (I have not tested this) is to use static IP on one
of the two systems connecting to the same AP, and putting that static IP in
the DMZ of the router. This would ensure there is no collisions at the router
when it tries to route packets to the same devices on the same ports (one
theory I have as to why they crash).

I'll update this section as I learn more, and hopefully find a fix.

--------------------------------------------------------------------------------
- 8.6  Ad-Hoc on the DS                                                        -
--------------------------------------------------------------------------------

One of the very first things I looked into when starting this Guide, and 
really, even before I started the Guide, was getting the DS online though an 
Ad-Hoc connection.

Normally, the DS (as do most devices) connects to the internet in 
Infrastructure mode. That is, there is a single dedicated access point, which
serves as the gateway between the local network and the internet.

I was looking into the exact opposite, getting the DS online by connecting to
an Ad-Hoc network. In this situation, there would be no dedicated access point,
and instead, all of the devices connect to each other on a peer to peer basis.

The reason getting the DS online though Ad-Hoc would be advantageous is because
almost every WiFi device on the market can operate in Ad-Hoc mode, while only
some can operate in Master mode (which is required for it to act as an access
point to facilitate Infrastructure mode). This would allow you to use almost
every WiFi adapter ever made as a soft AP, under every OS.

So the very first experiments I did with my Linux test setup was to create some
Ad-Hoc networks, and try to connect to them. When doing "Search for an Access
Point", The DS showed the Ad-Hoc networks with full signal and unlocked but
when trying to connect to them, the signal indicator on the "Connection Test"
would stay at red, and I would eventually get the error 51302 (can't connect to
AP).

Despite my best efforts, I am always stalled at this error. Unfortunately, at
this point, it seems like it is just not possible for the DS to connect to an
Ad-Hoc network. I will continue experimenting with it, and update if I make any
progress.

--------------------------------------------------------------------------------
- 8.7  Monkey See, Monkey Don't                                                -
--------------------------------------------------------------------------------

One of the most interesting things I have noted about the WFC setup utility,
and the most aggravating thing as well, is the unreliability of the "Search for
Access Points" function (Section 2.2.2.1, "Automatic Configuration").

The utility will show networks that the DS cannot even connect to, such as 
Ad-Hoc networks, G-Only networks, and WPA encrypted networks (though at least
for WPA, it indicates right off the bat that it can't connect to it). You can
usually tell when it has listed an incompatible network, since when you try to
connect to it, the signal indicator will immediately go to red, with no signal
bars, even though it probably showed full signal a split second ago.

It also has a tendency to show APs that have low signal as having full signal
strength. This can cause a very confusing situation, in which the DS will show
an AP will a good signal, but every time you connect, you will get an error
message.

So, just because the DS shows it listed under "Search for Access Points", don't
assume you can actually do anything with it.

--------------------------------------------------------------------------------
- 8.8  Escaping Captivity                                                      -
--------------------------------------------------------------------------------

The DS has no problem connecting to open WiFi APs that are scattered around in
stores, libraries, malls, etc. However, it is increasingly common for APs to be
locked down with what is known as a "captive portal".

A captive portal is a proxy system that does not let client systems inside the
network connect out to the Internet until they have been authenticated. These
systems are often found in schools or coffee shops. The goal of the captive
portal is to keep people from using the wireless network without authorization,
or often more accurately, without paying.

The mechanism though which the captive portal works is fairly simple. When the
client connects to the network and tries to access the Internet, traffic must
go though the proxy server on the network. This proxy server will put up a
login screen in the client's web browser when they attempt to access a website.
The user must put in their login information, or (in the case of a pay AP)
their payment information, to continue. Once the proxy server has accepted the
information they have entered, the MAC address of the machine the user logged
in from is then allowed full access to the Internet.

In the case of the DS, there are a few ways around this.

--------------------------------------------------------------------------------
- 8.8.1  Nintendo Wi-Fi USB Connector                                          -
--------------------------------------------------------------------------------

The first, and most troublesome, is to bring a laptop and the Nintendo Wi-Fi
USB Connector to the AP. You can then login with the laptop, and share that
connection out to the DS though the Connector as described in Section 3.2,
"Using the Nintendo Wi-Fi USB Connector".

This is the method Nintendo suggests, but is obviously not ideal for a number
of reasons. You may not have a laptop capable of operating with the Wi-Fi
Connector, and even if you do, you probably don't want to be carrying it around
all the time just to play online with the DS.

However, if you already have a laptop with WiFi capabilities, there is a less
convoluted way to get through.

--------------------------------------------------------------------------------
- 8.8.2  MAC Cloning                                                           -
--------------------------------------------------------------------------------

While the MAC address of the DS cannot be changed by the user, the MAC address
of the wireless card in your laptop generally can be (not all drivers
support this, but it is usually a good bet that they do). You can use this to
your advantage to get the DS online though a captive portal.

The first thing you need to do is check the MAC address of your DS. Take a look
at Section 2.4, "Wi-Fi Connection Options Menu" for information about how to
find it on your system.

Once you have the MAC address of the DS, set it as MAC of your laptop's
wireless card. To the network, your laptop and DS will now appear to be the
same device.

After you have cloned the MAC of the DS, connect to the wireless network with
your laptop, and login though the captive portal system.

Then, turn off the wireless card in your laptop, and configure your DS with
the AP using "Automatic Configuration" (see Section 2.2.2.1).

If done correctly, the DS should be able to connect to the Internet
successfully.

--------------------------------------------------------------------------------
- 8.8.3  Nintendo DS Browser                                                   -
--------------------------------------------------------------------------------

With the release of the Nintendo DS Browser, it is now very easy to get though
captive portal systems with just the DS itself. Of course, you will need to
purchase the DS Browser, which is an added expense, but if you were interested
in the Browser in the first place, then it isn't really a big deal.

All you need to do is to use the "Automatic Configuration" to setup the DS with
the AP, then start up the Browser. You will then be presented with the captive
portal login, at which point you would proceed as you would on your laptop.

When you are logged in and can access the Internet normally, turn off the DS,
put in the game you want to play online, and start it up. The proxy should
still have your DS's MAC authenticated, so the game will be able to get though
without any problem.

================================================================================
= 9. Misc.                                                                     =
================================================================================

--------------------------------------------------------------------------------
- 9.1  Version Information                                                     -
--------------------------------------------------------------------------------

Changes for 1.3:
Updated licensing info
Added DigiFAIL link
Added Section 4.1.5, Introducing linux_ics -Evolution of DS_AP

Changes for 1.2:
Rewrote Section 8.1, "Rate Autonegotiation" -This needed updating badly
Updated Section 8.9.3, "Nintendo DS Browser" -Browser is released in US now
Removed Section 8.8, "The Cisco Kid" -Nothing useful. Was a good name though...
Updated Section 8.3, "Nintendo Wi-Fi vs. Software AP" -Almost total rewrite
Renamed Section 7.5.1, "Sync Rate" to "Transmission Rate" -Continuity
Changed all instances of "guide" to "Guide" - I demand capitalization
Updated Section 7.1, "Networking Glossary" -New entries added, now alphabetical
Fixed typo in Section 5.4.2.2.3, "Mac OS" -Thanks, David
Removed Section 4.4.3, "Wi-Fi Connector on Vista" -Official drivers now out
Fixed typo in Section 5.1.3, "WEP" -Thanks, Rob

Changes for 1.1:
Fixed typo in Section 4.4.2.2, "Software Modification..." -Missing \
Updated Section 6.2.3.1, "Wi-Fi Connector Not..." -Added QoS Scheduler fix
Updated Section 7.1, "Networking Glossary" -Added SSID, should have had this...
Updated Section 4.3.4, "Automatic Configuration?..." -Added default TCP/IP info
Renamed Section 4.3.4, "Automatic Configuration?..." to "Connecting the DS"
Updated Section 7.4, "Correctly Configuring a Static IP" -Lots of little fixes
Updated Section 6.2.2.3, "DS Connects to Router But" -Added Sect. 7.4 reference
Updated Section 6.2.1.1, "Error Messages 50000 to 59999" -Sounds better now
Added Section 4.4.3, "Using the Nintendo Wi-Fi USB Connector with Vista"

Changes for 1.0:
Updated Section 7.2 -New hardware for Windows/Mac
Completed Section 4.2, "Configuring a Software AP in Windows" -Finally!
Added Section 9.3, "Disclaimer" -I probably should have this...
Updated Section 9.2, "Future Additions" -Reflect new long-term goals
Completed Section 4.4.2, "Nintendo Wi-Fi USB Connector Soft AP" -Finally!

Changes for 0.63:
Added driver URLs to Section 6.1.4.3.
Updated Section 9.2, "Future Additions" -Reflect new long-term goals
Removed Section 9.3, "Help Wanted" -Well, that was totally useless
Updated Section 4.2, "Configuring a Software AP in Windows" -Match Wii Guide

Changes for 0.62:
Added Wi-Fi Connector software download URL
Fixed typo in Section 2.2.2.1. Thanks, Grant.
Updated Section 4.3.1, "WiFi Options in Mac OS" -Looks like all AirPorts work
Fixed typo in Section 7.3.3. Thanks, Nick.

Changes for 0.61:
Added "bash#" prefix to all Linux commands
Fixed typos in Section 4.1, only took 8 months to catch them.
Fixed spacing in title of first section "Introduction". Wow, I missed that too.
Updated DS_AP to v2.1, a backport of features from Wii_Route

Changes for 0.60:
Added Section 7.4, "Correctly Configuring a Static IP"
Completed (for now) Section 5, "Network Security"
Fixed heading for Section 7.2.3/7.3.3
Made additions to Section 9.4, "Credits"
Changed name of Section 2 from "Setting up your DS" to "DS Configuration"
Completed (for now, anyway) Section 4.3, "Configuring a Software AP in Mac OS"
Updated DS_AP to v2.0, a total rewrite and redesign of the entire script
Updated Section 6, "FAQ & Troubleshooting" 

Changes for 0.43:
Fixed capitalization of Section names
Clarified Section 8.8, "Monkey See, Monkey Don't"
Clarified Section 7.3, "Finding the Current TCP/IP Information"
Cleaned up Section 7.2, "Software AP Compatible WiFi Hardware and Drivers"
Fixed up text in Section 2.2.2.1, "Automatic Configuration"
Fixed up text in Section 8.2, "WiFi vs. NiFi"
Rewrote much of Section 8.1, "Rate Autonegotiation"
Added Section 7.4, "Tips for Increasing WiFi Range"
Cleaned up Section 4.1.1, "WiFi Options in GNU/Linux"
Replaced "WMB/WiFiMe" with "FAQ & Troubleshooting", as it is more important
Added Section 3.3, "Nintendo Wi-Fi USB Connector Versus Wireless Router"
Rewrote Section 2.3, "Configuring a Connection with...Wi-Fi USB Connector"
Added Section 3.2, "Using the Nintendo Wi-Fi USB Connector"
Updated the current status of soft AP research for Windows and Mac OS
Removed Section 8.4, "Network Security", replaced by Section 5
Added Section 8.9, "Escaping Captivity"
Updated DS_AP to Version 1.2
Changed DNS servers in DS_DHCP.conf

Changes for 0.42:
Many small fixes, spelling, capitalization, etc
Extensive minor edits and changes
Created new framework for future sections, sections above 4 increased by 2
Created new Sections, "Network Security" and "WMB/WiFiMe"
Changed copyright in DS_AP (since Guide is not hosted only on GameFAQs)
Updated the current status of soft AP research for Windows and Mac OS
Updated Section 8.4, "Network Security"
Renamed Section 8.1, "Rate Autonegotiation"
Moved Section 1.2 to Section 8.2, since 1.2 made no sense where it was
Rewrote Section 1.2 to become "Why was this Guide Written?"
Rewrote Section 1.1
Rewrote intro to Section 4
Added Section 4.4, "Hacking the Nintendo Wi-Fi USB Connector"
Added Section 4.4.1, "Using the Nintendo Wi-Fi USB Connector with AOL"
Added Section 9.2, "Future Additions"
Edited Section 4.1 so I don't sound like a total tool
Added Section 8.7, "Ad-Hoc on the DS"
Added Section 9.3, "Help Wanted"
Added Section 8.8, "Monkey See, Monkey Don't"
Added Section 8.9, "The Cisco Kid"
Updated DS_AP to Version 1.1
Expanded Section 2.4.3, "Transfer Nintendo WFC Configuration"

Changes for 0.41:
Fixed incorrect DHCP configuration file
Reordered Section 7
Moved Section 5.2 to 5.3
Added Section 5.2, "Software AP Compatible WiFi Hardware and Drivers"
Changed order of 5.3 Sections
Changed information in Section 5.3 so IP setup is the same in each OS
Added note about running DS_AP as root
Swapped 4.2 and 4.3 to reflect OS order used though the rest of the Guide

0.40: Second release.
Changes for 0.40:
Completed Section 4.1 "Configuring a Software AP in GNU/Linux"
Added Section 2.4, "Wi-Fi Connection Options Menu"
Added Section 5.2, "Finding the Current TCP/IP Information"
Added Section 6.6, "A Tale of Two Consoles"

0.20: First release. Covers most of soft AP in Linux, and majority of DS 
configuration.

--------------------------------------------------------------------------------
- 9.2  Future Additions                                                        -
--------------------------------------------------------------------------------

I feel this Guide is fairly unique, as it can never really be complete. There
will always be new ideas to cover, and more observations to note. But even so,
here is a brief list of things I am working on, both in the short and long
term.

Long Term:
   Complete side investigations for "Thinking Out Loud" 

Short Term:
   Add new features to DS_AP   

--------------------------------------------------------------------------------
- 9.3  Disclaimer                                                              -
--------------------------------------------------------------------------------

Due to the nature of this Guide, or more specifically, some of the particular
sections of it, there is a high chance that you may encounter unexpected
problems with your setup that are not addressed in this document.

Please be aware that while all of the things in this document have worked for
me in my own testing, that they may or may not work as well in your
environment.

While I will try and help if there is a problem, I cannot be held responsible
for said problems. This Guide is provided for educational use only, and any
changes you make to your network or computer are done so at your own risk.

--------------------------------------------------------------------------------
- 9.4  Credits                                                                 -
--------------------------------------------------------------------------------

Thanks to:

My Wife, for supporting my madness wherever it may take me.

Phillip Sanders, for allowing me to use his general document format and ASCII 
appearance

Linus Torvalds, for creating the Linux kernel, and making the world happy

Patrick Volkerding, for creating Slackware, and making me happy

Andrea Merello, for writing the RTL8180 driver I use for my WiFi hardware

Christian Maas, for writing the excellent XVI32. www.chmaas.handshake.de

RGCDude, for doing an infinitely better job editing this than he did testing DW

Maxx, for guidance on submitting materials

ravuya, for general OSX information and screen shots. www.rav.efbnet.com

Ectospheno, for his invaluable experience, and assistance with the OSX section

NikeXTC, for confirming that standard AirPort cards are soft AP capable.

Prince_Valmont, for information on using the Wi-Fi Connector under Vista

All of the sites that graciously host this document.

Everyone I don't hate.

# EOF