I was on a plane that had wifi for the first time. I think a 777-200 or something like it.
I didn't have much battery power left on my laptop and I didn't want to pay USD16 for just a few minutes; but I did have a poke around the network.
My laptop could see 2 access points with ESSID
United_Wi-Fi and 10 with a blank ESSID.
I connected to one of the
They used NAT (I expect) and allocated me an RFC1918 address in subnet with about 500 usable IPs.
inet addr:172.19.248.97 Bcast:172.19.249.255 Mask:255.255.254.0With each passenger carrying at least one wifi device, I wonder if they'll get near address space exhaustion. A 777 is supposed to be able to carry up to about 450 passengers in some configurations.
The default gateway is down at 172.19.248.1
There is a suggestion that DNS paywall tunnel hacks might work, though I didn't try - some hostname lookups gave me an IP address, and some gave an NXDOMAIN which suggests there is some off-plane communication happening even though the paywall was still in place.
$ host www.google.com www.google.com has address 188.8.131.52 [...] $ host blahfkskfdhs.com Host blahfkskfdhs.com not found: 3(NXDOMAIN)
http GETs were all redirected to www.unitedwifi.com, hosted on-plane at 172.19.248.2.
An nmap of the 172.19.248.0/23 subnet gave 19 addresses responding to pings - I guess mostly passengers, but I guess crew too, and servers/routers.
The three interesting nmap results were:
Nmap scan report for ns.unitedwifi.com (172.19.248.1) Host is up (0.0020s latency). Not shown: 997 filtered ports PORT STATE SERVICE 53/tcp open domain 80/tcp open http 443/tcp closed https MAC Address: 00:0D:2E:00:40:01 (Matsushita Avionics Systems) Nmap scan report for www.unitedwifi.com (172.19.248.2) Host is up (0.0014s latency). Not shown: 993 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 8080/tcp closed http-proxy 16001/tcp closed fmsascon 16012/tcp closed unknown 16016/tcp closed unknown 16018/tcp closed unknown MAC Address: 00:0D:2E:00:00:A8 (Matsushita Avionics Systems) Nmap scan report for 172.19.248.3 Host is up (0.0019s latency). Not shown: 999 filtered ports PORT STATE SERVICE 53/tcp open domain MAC Address: 00:0D:2E:00:40:01 (Matsushita Avionics Systems)
I didn't probe any more as my battery had run out.