Hacking Raspberry Pi (2014)
Part II. Software Foundations
Chapter 7. Networking Raspberry Pi
Basic Networking Concepts
Ethernet is the de facto networking standard nowadays. It’s a protocol (set of protocols, actually) that represents an agreed-upon set of rules that computing devices use to establish digital communications with each other.
The good news is that any self-respecting local area network (LAN) and certainly the Internet all use Ethernet, so there really isn’t anything more we need to discuss at that level.
More granularly, Ethernet hosts (that is to say, any device that has a network interface card [NIC] installed and is configured for Ethernet networking) must have a unique Internet Protocol (IP) address to be able to send and receive data meaningfully.
There are two versions of IP in use in the world today: IP version 4 (IPv4) and IP version 6 (IPv6). Because IPv4 is the current standard and the state of IPv6 remains somewhat in flux, this book focuses solely on IPv4.
An IPv4 address looks like this:
The IPv4 address is a “dotted decimal” representation of 32 binary digits, or bits. At base, you need to know that each of the four decimal numbers ranges from 0 to 255 and that each host on a network must have a unique IP address.
The other 32-bit number that is used in conjunction with the IP address is called the subnet mask. For instance, a typical subnet mask that is used on many home networks is
The “mask” in “subnet mask” is used to differentiate the shared network portion of the IP address from the computer-specific host portion. For instance, the IP address/subnet mask combination 192.168.1.204/255.255.255.0 means that this host resides on the 192.168.1.0 network, and the station’s unique identifier is 204.
Actually, it is useful to compare the network and host portions of an IP address to a street address. If my mailing address is 110 Smith Street, then “Smith Street” represents the shared network portion (on which other houses reside), and “110” represents my unique host ID.
The Raspberry Pi will in all likelihood receive its IP address automatically from a router or dedicated server running the Dynamic Host Configuration Protocol (DHCP) service. For instance, in my home office my Comcast Business Gateway (a fancy term for a combo cable modem and router) leases IP addresses to all of the hosts in my network. This all happens automatically and, usually, without any need for me to get involved.
Note: More on Hosts
Remember that any device with an installed NIC that communicates on an Ethernet network is known as a host. This includes PCs, Macs, network printers, “smart” switches, game consoles, Internet-capable TVs and DVD players, mobile devices—the sky is almost the limit. And being TCP/IP hosts, each host needs some method for obtaining a unique IP address.
Thus, it is possible to assign specific IP addresses to your Internet-enabled devices or to use dynamic IP configuration. By the conclusion of this chapter, you’ll understand how to use both IP addressing methods.
Configuring Wired Ethernet
If you have any interest in having your Raspberry Pi communicate with other hosts on your home network, or perhaps with Internet-based resources, then you need to know how to configure networking.
The Raspberry Pi (depending upon the revision, whether A or B), supports both wired and wireless Ethernet. To be a well-rounded Raspberry Pi power user, you should understand how each method works.
Let’s start with wired Ethernet.
Before you put down the Raspberry Pi Model A for not having an RJ-45 port to support traditional wired Ethernet, remember the purpose of the Model A: to provide a stripped-down computer with a minimal power footprint. If you need Ethernet on the Model A, you can pop in a USB Wi-Fi dongle and go about networking that way. I talk about Wi-Fi more in a little while.
For those who have a Model B, it’s time to plug in a standard Ethernet cable into the RJ-45 jack and power the device on. As I said earlier, the Pi should pick up an IP address that is valid for your network from a DHCP server. This DHCP server can be a wired router, a wireless router, or a dedicated server.
Take a look at Figure 7.1, which shows the TCP/IP configuration on my Pi. I use the ifconfig (pronounced eye-eff-config or ihf config) command for this purpose.
FIGURE 7.1 You can use ifconfig and route to view TCP/IP client configuration on your Raspberry Pi.
Using the annotations on Figure 7.1 as our guide, here’s what all that output means:
1: These are network interface IDs. The eth0 interface refers to the RJ-45 wired Ethernet interface on the board. The lo interface represents the loopback interface, which is used for testing and diagnostics. If you have a Wi-Fi interface, you’ll see an entry called wlan0.
2: The HWaddr refers to the network interface’s media access control (MAC) or hardware address. This is a unique identifier that is permanently “burned” into the network interface by the manufacturer.
3: The Mask, or subnet mask, is a string of binary zeros (255 when translated into decimal notation) that serves to separate the network portion from the host (unique) portion of an IP address. If you didn’t know that an IP address consists of two (and often three) parts, then I guess you just learned something new!
4: The Up or Down status notifications are useful for troubleshooting purposes.
5: This is Send/Receive metadata that is most useful when tuning network performance or undergoing diagnostics.
Besides the IP address proper and subnet mask, another important IP address you should know is the default gateway. This is the IP address of your router; the router is the device that gets your Pi out from your local area network (LAN) to the Internet.
You can view your Pi’s current default gateway by issuing the route command from a Terminal session. You can see the route command output in Figure 7.1 as well; specifically, look for the IP address under the Gateway column.
Note: The Heart of Pi’s Wired Networking
Be careful to differentiate the RJ-45 “ice cube” port on your Raspberry Pi and the actual network interface circuitry. The Ethernet engine on the Model B board is the LAN9512 IC that is located on the PCB directly behind the USB port stack.
Another way to view your Pi’s TCP/IP configuration information is to issue the command ip addr show. The ip command is pretty robust; run man ip to view the man page.
Let’s set a static IP address for the wired Ethernet interface on the Pi just for grins.
Task: Setting a Static IP Address on Your Raspberry Pi
To set a static IP address, you need to edit the interfaces configuration file.
Note: nano Not Required
Please know that you are perfectly free to use any Linux text editor when you edit configuration files. The only reason I use the nano editor in this book is because it is my personal favorite. Your mileage might vary—for instance, you could have a strong preference for vi. It’s all good!
1. Run sudo nano /etc/network/interfaces to open the interface’s configuration file for editing.
2. Change the line that reads:
iface eth0 inet dhcp
iface eth0 inet static
3. Below the changed line, add the following lines; in this example I am supplying “dummy” data just to show you what a typical configuration looks like:
A comprehensive discussion of network addresses, broadcast addresses, and default gateways is well outside the scope of this book. Suffice it to say that you need to have at least a good solid knowledge base in networking before you undertake static IP configuration.
One more thing before you switch gears from wired Ethernet to wireless Ethernet—remember that the Pi board contains status LEDs. Pay particular attention to the FDX, LNK, and 100 lights. The FDX and 100 LEDs should glow solid, and the LNK light should flash as data is sent from and received by the Ethernet interface.
Configuring Wireless Ethernet
The wired Ethernet capability of the Model B board is all well and good. However, what if your Raspberry Pi project won’t work with a network cable? For instance, what if you want to mount a security camera in your driveway? Do you really want to run Ethernet cable from your router out to the Pi? I don’t think so.
Thus, you can configure wireless Ethernet (Wi-Fi) for both the Model A and Model B boards. You can find tiny USB Wi-Fi dongles all over the Internet; I recommend purchasing yours from Adafruit (I own this dongle, and it works great). You can see what it looks like in Figure 7.2.
FIGURE 7.2 Adafruit sells very reasonably priced USB Wi-Fi dongles. Regarding the annotations: 1 shows the Raspberry Pi in a nice case; 2 shows the two USB ports on the Model B board; 3 shows my Adafruit Wi-Fi dongle.
1: Raspberry Pi
2: USB ports
3: Wi-Fi dongle
Note: What Is a Dongle?
A dongle is a small piece of hardware that plugs directly into a computer, usually via USB. The dongle typically provides either copy protection for software or access to Wi-Fi networks.
Typically, configuring Wi-Fi under Linux is a nightmare. The good news is that the Raspberry Pi Foundation knows all about this problem and includes the wonderful WiFi Config utility for Raspbian. Without any further ado, let’s set up Wi-Fi!
Task: Setting Up Wi-Fi on Your Pi
Even though the Raspberry Pi Foundation has done their best to simplify Wi-Fi setup, I think it best to walk you through the procedure step-by-step.
1. Turn off your Pi and plug your Wi-Fi dongle into your powered USB hub or Pi board’s USB port. Although USB is technically a hot-pluggable technology, which means that you should be able to plug and unplug your dongle at will, Pi enthusiasts (myself included) have had problems with that. Thus, your best bet is to plug in the dongle prior to starting up the Pi.
2. Boot the Pi and launch the LXDE desktop.
3. Double-click WiFi Config, the interface for which is shown in Figure 7.3. Click Scan and then click Scan again in the Scan results dialog box. Find your preferred Wi-Fi network (the network must be configured to broadcast its SSID, unfortunately) and double-click it to specify your authentication and encryption options.
FIGURE 7.3 You can set up Wi-Fi easily by using the WiFi Config utility.
4. If your target Wi-Fi network is secured (and I certainly hope that it is), then fill in the necessary encryption and key parameters. Click Add to complete the configuration.
5. In the wpa-gui dialog box, ensure that your Wi-Fi network appears in the Network: field and then click Connect. You are now online with Wi-Fi!
After you are connected, you can check your Wi-Fi status by right-clicking its icon in the LXPanel Application Launch Bar (see Figure 7.4).
FIGURE 7.4 The WiFi Config utility runs in the LXPanel app launcher for easy access.
Configuring “Headless” Raspberry Pi
I’ve used the term “headless” Raspberry Pi a few times in the book so far. Just what the heck do I mean? Well, here’s the deal: Computer monitors take up quite a bit of desk space. For instance, I have six monitors—big ones, too—in my home office! I don’t want to stand up a seventh monitor to fire up my Pi.
“Headless” simply means that you connect to the Pi remotely without the necessity of an external monitor or television screen. You can use a couple networking protocols to make the remote access happen:
Secure Shell (SSH): This protocol gives you secure (encrypted) remote access to the Pi command prompt.
Virtual Networking Computing (VNC): This protocol gives you unsecure (unencrypted) GUI remote access to your Pi.
Before we get to using SSH and VNC, here’s an initial prerequisite: You must have the Pi’s IP address. How can you obtain this address, though, when you don’t have a monitor available?
Your best bet is to download a freeware or shareware IP scanning tool. For Windows, I recommend the Advanced IP Scanner (http://is.gd/9qC1AI). This tool, which is shown in Figure 7.5, is extremely easy to use.
FIGURE 7.5 You can use an IP scanner to determine your Raspberry Pi’s IP address.
The Advanced IP Scanner Tool parses the firmware metadata of any detected network interfaces; thus you can easily spot the RPi by looking for the entry with the Manufacturer entry of Raspberry Pi Foundation as shown in Figure 7.5.
On Apple OS X systems (and Windows and Linux computers as well, for that matter), I recommend Nmap (nmap.org). The Nmap toolset does a whole lot more than simply scan IP addresses; you can actually perform a lot of information security tasks with these programs.
Nmap can be run either from a command line or by using the built-in Zenmap graphical interface (the latter is shown in Figure 7.6). Note in the figure that Zenmap shows us the Pi both as a Linux box (which it is) and the Manufacturer field of the Pi’s network interface.
FIGURE 7.6 The Nmap/Zenmap toolset is a comprehensive suite of TCP/IP utilities for Windows, OS X, and Linux.
Now let’s turn our attention to how you can actually use the SSH and VNC protocols to remotely connect to your Raspberry Pi.
Secure Shell (SSH)
Secure Shell (SSH) is a Unix/Linux client/server network protocol you can leverage with the Raspberry Pi to support secure command-line remote access. Raspbian includes an SSH server and enables it by default. You can verify the SSH server status by opening Raspi-Config and checking the ssh (Enable or disable ssh server) option.
So the Pi is already set up as an SSH server. Now to establish a remote connection to the headless RPi, you need to use an SSH client. Unfortunately, Microsoft has never included SSH software in their operating systems.
Most people use PuTTY for Windows (http://is.gd/ResYA2), which you can check out in Figure 7.7. PuTTY is really simple to use; just fire up the tool, pop in the Pi’s IP address in the Host Name field, and click Open.
FIGURE 7.7 On Windows systems, PuTTY presents a low-overhead way of connecting remotely to a “headless” Raspberry Pi.
Task: Using SSH to Connect to a Raspberry Pi Remotely
On OS X or Linux systems, you already have the SSH client built into the OS. Thus, you can fire up a Terminal session on your client system and perform the following procedure:
1. Assuming you are using the default user credentials of pi/raspberry and (in this example) the Pi is located at 192.168.1.11, you can issue the following command from the OS X or Linux terminal:
The previous command, when translated into conversational English, says that you want to use the SSH protocol to establish a remote connection to the SSH server listening at 192.168.1.11 and that you want to connect using the user account called pi.
2. Authenticate by providing the password for your local OS X or Linux account. You’ll then be asked to verify the authenticity of the Pi. Because we know that this is the correct box, you can type yes and then press Enter to add the SSH server’s public key to your system and automatically add the RSA thumbprint of the Pi to your /etc/.ssh/known_hosts configuration file.
3. Issue any RPi-specific commands (such as sudo raspi-config) to convince yourself that you are in fact remotely connected to your Pi. The entire SSH connection workflow from the perspective of OS X is shown in Figure 7.8. In the figure I highlighted the commands I used.
FIGURE 7.8 The SSH connection process to Raspberry Pi is straightforward.
The chief advantages to SSH-based remote access to the Pi are
The client-side setup is quick and easy.
You have full Terminal access to your Pi up to any restrictions that might be set on your connecting user account.
All data transmitted between your remote workstation and the Pi is encrypted.
On the other hand, SSH remote connections to the Pi have one chief downfall—no GUI access. If you need to display an X Server desktop remotely, you need to turn your attention to setting up VNC.
Virtual Network Computing (VNC)
VNC is a high-performance and convenient method for sharing GUI desktops across a network. The two downsides to using VNC for our purposes are as follows:
By default, VNC transmits all data between the client and the server in plain text. Therefore, if you have need for data confidentiality, you need to select an appropriate VNC server and client software package.
By default, Raspbian does not include a VNC server. I show you how to address this issue immediately, so don’t be overly concerned.
The VNC setup workflow consists of three steps: (1) installing a VNC server on the Pi; (2) installing a VNC client on your remote system; and (3) making the remote connection. Let’s do this!
Task: Using VNC to Connect to the Raspberry Pi
You will in all likelihood bookmark this page because using VNC to connect to your Pi is a procedure that you’ll use on a regular basis with your Raspberry Pi. I’m glad to help!
1. On your Pi, fire up a Terminal session and run the following command to download and install the TightVNCServer (http://is.gd/A6k1nD). There exist many different VNC packages; Tight is simply considered to be a good choice for the Pi.
sudo apt-get install tightvncserver
2. Now you need to start the VNC server. You’ll need to do this every time you boot the Pi unless you take steps to autorun the command. (You will learn how to set up the VNC server to run automatically in the next procedure.)
3. Now it’s time to start a VNC session. Again, you must do this manually every time the Pi is started unless you configure autolaunch:
vncserver :2 -geometry 1024x768 -depth 24
Here’s what each part of the preceding syntax means:
vncserver :2: This launches the VNC server session process and labels the session 2. Session 1 is started when you start the server. You can create additional sessions with different resolutions if you want. For instance, if you want the session to run in HD, try vncserver :3 -geometry 1920x1080 -depth 24.
geometry: This determines the pixel size of the session window. 1024x768 is standard 4:3 aspect ratio, and 1920x1080 is 16:9 widescreen HD aspect ratio.
depth: This number refers to the color bit depth for the VNC session. Twenty-four bits is the standard for the Pi.
Before you can test access from a remote workstation, you need to install a VNC viewer software. Again, lots of options exist here; I enjoy RealVNC (http://is.gd/EB07wO).
Start your VNC Viewer and specify the IP address and session number of your Pi. For instance, if my Pi listens for connections at 192.168.1.11 and I need VNC session number 3, I type:
Note there is no space between the IP address and the session number. You can see this in action in Figure 7.9.
FIGURE 7.9 VNC gives you a remote GUI session on your Raspberry Pi.
Let’s finish this section with a quick procedure on configuring your Pi to run the VNC server automatically at startup.
Task: Configure Your Pi to Start VNC Server Automatically
You probably don’t want to run the steps in the preceding task every time you boot up your Raspberry Pi. Therefore, let me show you how easy it is to configure VNC to start automatically during every system startup.
1. Start Raspi-Config and ensure that you set the GUI to start automatically at every startup. This is done by navigating to the Enable Boot to Desktop menu option and answering Yes to the question Should we boot straight to desktop?
2. After the Pi comes back from its reboot, issue the following Terminal command to change your focus to the /home/pi/.config directory. Any file or directory with a period (.) in front of it means that it is hidden from view by default.
3. Create a directory called autostart. Reasonably enough, you do this in Linux with the mkdir command.
4. Let’s now move the focus inside the new autostart directory.
5. You’re almost finished. Create a new configuration file named tightvnc.desktop.
sudo nano tightvnc.desktop
6. Add the following lines to the new, blank configuration file. You can see my copy of the file in Figure 7.10.
Type = Application
Name = TightVNC
Exec = vncserver :1
StartupNotify = false
FIGURE 7.10 For some users, it is convenient to autostart the VNC server on the Raspberry Pi.
7. Type Ctrl+X and then Y to save your changes and exit nano. Reboot the Pi, and you’re done:
On Browsing the Web with the Pi
Midori (http://is.gd/5ccfPn) is the default web browser that the Foundation included in Raspbian (see Figure 7.11). I’m sure that the Foundation selected Midori because it is known as a “lightweight, fast, and free” web browser.
FIGURE 7.11 Midori is a good choice for the Raspberry Pi due to its low system resources footprint.
Here are some of the specific advantages of Midori as a Pi web browser:
Highly adherent to web standards (although HTML5 support needs some work).
Emphasis on security and user privacy.
The Preferences panel allows you to suppress images and media from web pages, which improves browsing speed.
Extensions support—extensions are browser add-ons that can greatly expand the capabilities of a web browser.
Frankly, the main limitations to Midori aren’t really limitations of any web browser, but are more of a function of the Pi’s own limited hardware resources and ARM processor architecture.
For instance, take Adobe Flash. Love it or hate it, there is much multimedia online that is viewable only if your browser supports the Adobe Flash Player plug-in. Unfortunately, Adobe abandoned Flash support for ARM processors quite a while ago. Therefore, out of the box, you can’t view Flash (which includes YouTube) on the Pi. Bummer, right?
For hardcore Flash fans, you can try to hack around with the open source Gnash (http://is.gd/TvqqNI) player. You’ll find that Gnash enables you to play Flash versions 7, 8, and 9 media objects, although you might be disappointed at the performance.
If you are as big of a fan of YouTube as I am, you’ll be pleased to know that there are some Pi-specific options. Your best bet is to fire up your favorite search engine and perform a search for play youtube raspberry pi or something similar.
In Chapter 12, “Raspberry Pi Media Center,” you learn how to build a Raspberry Pi media center by using the wonderful Xbox Media Center (XBMC) software.
Finally, if you tried Midori and simply concluded that you don’t like it, you can certainly install an additional web browser. For the love of all that is holy, don’t install a “full-sized” web browser like Mozilla Firefox on your Pi—you will live to regret it, I assure you.
Chromium (http://is.gd/oWiKFh), the open source fork of Google’s Chrome browser, is a good choice for the Pi in my experience. Mozilla Firefox fans might want to take a look at Iceweasel (http://is.gd/cfmCHP); in fact, I’ll be using Iceweasel as the default browser for the remainder of this book.