Capturing wireless frames is a must know skill for any Wi-Fi network engineer.
Capturing Wireless Frames with a Mac
The Macbook Pro is an excellent tool for capturing wireless frames. The built-in wireless adapter can be used to sniff wireless frames in the air. As I like to say, the best troubleshooting tool you can have is the one that’s with you. Since I have my Mac with me all the time I tend to capture frames wherever I go.
There are many pros with capturing frames. It’s a great way to learn how Wi-Fi works. This is how I got started. Understanding how Wi-Fi communication works through frame captures gives you an upper-hand. One example is learning about the 802.11 State Machine.
When it comes to troubleshooting complicated issues, frames don’t lie. Not too long ago, my laptop had a difficult time connecting to public Wi-Fi. It frustrated me so much I decided to capture some frames. Within minutes I found out why. Just take a look at the screenshot below.
Containment of a WLAN is the act of shutting it down! We discuss how you can find out if you’re being contained.
This episode is sponsored by Metageek
WLAN containment is not a situation you want to deal with. The symptom you’ll see are devices dropping from your WLAN. When they are disconnected, they often stay disconnected. Sometimes those devices won’t be able to connect at all to your WLAN.
What is happening? Another network is containing your WLAN. This happens by sending deauthentication frames to devices connected to your WLAN or by sending broadcasted deauthetication frames.
You can troubleshoot this issue using the following tools:
How do you know if containment is happening? Using Airtool, capture frames on your operating channels. After 5 minutes of capturing, open up the pcap in Wireshark.
Use this filter to show all deauthentication frames:
wlan.fc.type_subtype == 0x000c
Take note of the source BSSID. You may get lucky and find out who is containing your WLAN. Copy the BSSID and paste it into WiFi Explorer. If that same BSSID is broadcasting beacons for its own WLAN you will see it.
That’s how I used Airtool, Wireshark, and WiFi Explorer to find the source of containment. By looking at the RSSI within the frames in Wireshark, you can get close to the source AP of the offending frames.
Another option is to plug the BSSID into the AirCheck G2 and use the Locate feature to find the AP.
Here are some screenshots from my lab performing containment on one of my APs. Remember your regulatory laws regarding containment!
Let’s face it, we enjoy our Wi-Fi tools and apps. This episode talks about the apps we use in macOS. So if you’re a Mac guy, this episode is for you.
This episode is happily sponsored by Metageek
Wi-Fi Apps for macOS
Being a Mac user meant not having enough apps to do your job. As a Wi-Fi professional, we rely on many apps to help get our jobs done. Fortunately, we have developers who hear the cry for professional Wi-Fi apps on macOS. Here’s a list of apps Francois and I use on a daily basis. This is in no particular order.
Great app developed by Adrian Granados who was interviewed back on 007. Double 007! This is an excellent Wi-Fi network scanner that is simple to use and updated regularly. It has built-in search functionality so you can find the network you’re looking for. You have the ability to add different columns to fit your troubleshooting needs and you can see advanced details such as information elements. This is a paid application.
Another powerful app from Adrian Granados. It’s a menu bar application capable of capturing Wi-Fi frames using the Mac’s built-in Wi-Fi network card. From the app you select a channel to capture frames from, select the channel width, and you’re off to the races. It can be used with Wireshark, Cloudshark, and Mojo Packets. This is the fastest way to capture frames using a Mac. One of my favorite apps to use. Also, it’s Free!
Adrian Granados strikes again! This is a menu bar application used to easily check the status of the Wi-Fi network you’re connected to. It can display information such as quality of the received signal, signal in dBm, noise, SNR, and current channel. It can send notifications of when you connect/disconnect to a Wi-Fi network and even if you roam.
We interviewed the developer, Thomas Baudelet, in episode 70. This is a great app with a wireless module which displays details of Wi-Fi networks, displays statistics such as retry rate and Tx and Rx throughput. This app makes it easy to analyze other clients’ performance. This is a paid app.
Currently in beta, Metageek has a macOS application that can scan Wi-Fi networks around you. It contains a search functionality to get through all the networks on the list. If you plug in a WiSpy dBx you can get a lite version of Chanalyzer. This is a paid app.
Can operate as a server or a client. The server can be ran from macOS or Windows. The client can operate on macOS, Windows, Android, and iOS. It’s very easy to use and provides a visual throughput tester. You have the ability to set QoS and perform TCP or UDP tests.
What tools are you using on macOS? Which are your favorite? Let us know in the comments below.
Hey what’s up everyone. In today’s episode we talk about TP-Link discovering what it’s like to ignore DFS, Google Fiber going Wireless?, Data frame slicing with Airtool, and CWAP exam gets updated and so does the study guide.
TP-Link Settles $200k with FCC for ignoring DFS and power limits
FCC reaches settlement of $200k with TP-Link for selling Wifi routers that ignore DFS requirements and power limits. This sounds very careless for a networking company. Is this what we accept now as hardware from these companies. Maybe TP-Link thought they could get away from it, or maybe an engineer wasn’t aware of the FCC regulations. But is this what we expect with inexpensive hardware? I don’t think so. Along with the fine, TP-Link has agreed to work with the open-source community to allow consumers to install third-party firmware on TP-Link routers.
This is a good move in my opinion but unprecedented from the FCC. This is a great way to move our wireless industry into embracing open-source.
Google Plans to Extend Fiber Into Wireless
CFO, Ruth Porat, said that Google Fiber would be exploring wireless due to the acquisition of Webpass. This was mentioned in Alphabet’s 2nd quarter earnings call. Why in the world would Google Fiber go into wireless? The main obvious reason I can think of is cost. It’s much cheaper to use hardware that costs a fraction of the cost of digging up fiber. Not to mention the labor costs of doing the work.
I think this is an interesting turn of events as Google Fiber now becomes fiber over the air. I can see the marketing lingo now….
Latest Airtool Update Gives Us Data Frame Slicing
Airtool is one of my favorite apps on OSX. It allows me to capture wireless frames using my built-in wireless adapter. But in doing so, some of these captures can take up precious hard disk space.
What Adrian Granados has done is enabled a feature to just grab the beginning of the frame and discarding the rest. What you have left is the 802.11 MAC headers.
Troubleshooting processes is a very small chunk of the exam at 5%.
Focuses on a troubleshooting methodology. Mentions of industry and vendor recommended processes. Not sure how vendor neutral this sounds.
But with any troubleshooting process, OSI Model is mentioned. Just remember that Wireless is at the Data Link and Physical Layer.
May mention of Wireshark and Omnipeek as well as the tools baked into OS such as command line using ping and traceroute.
At 25% is 802.11 Communications.
This sounds like the MAC Layer Frame Formats and Technologies AND 802.11 Operation and Frame Exchanges from the previous exam. Looking at 802.11 communications from a troubleshooting perspective. Understand the frame exchanges when a device tries to join a BSS. Getting as detailed as finding out why a device would fail to join a BSS. Learn the different frame formats – management, control, and data. Learn the PHY header and preamble and why a device would have issues on a BSS because of the header and preamble.
15% is WLAN hardware.
Troubleshooting client devices and their issues connecting to wifi which includes dealing with drivers, security settings, and other configuration settings available on different drivers. There’s troubleshooting via protocol analysis using a tool such as wireshark. Do you know how to set up that application and look at wireless frames. There’s troubleshooting the spectrum using a spectrum analyzer. Do you know how to identify common interference sources. Other troubleshooting aspects include why APs can’t power up so we’re looking at PoE.
35% for Protocol and Spectrum Analysis.
Beginning with the basics of hardware and software protocol analysis, features of protocol analyzers, how to install and configure them, capture traffic and analyze them. On the spectrum analyzer side, again going over hardware and software spectrum analyzers, terminology that is used amongst different spectrum analyzers, features included in applications such as Spectrum XT and Chanalyzer, creating reports from your findings, and how spectrum analyzers integrate with your wifi adapter. Of course you should know how to use a spectrum analyzer by finding different forms of interference.
20% reserved for Troubleshooting Common Problems
This one is new for the CWAP. An obvious focus on troubleshooting. It may sound funny on a wireless analysis exam but you will need to know some wired issues with DNS, DHCP, switch configurations and WLAN controller access. These issues relate to services wireless clients use. Other common issues tackled are co-channel and adjacent channel interference, noise, hidden nodes, and more.
Just reading through the objectives it sounds like this may be an easier exam than the previous version but we’ll see how people react. Version 2 objectives are a lot more shorter than the previous.
CWNP Releases New CWAP Material
With the latest revision of the CWAP exam now comes the latest study guide. The author is Tom Carpenter of CWNP. The technical review is Lee Badman who I interviewed on the podcast back on Episode 13.
It’s available on Amazon in print and on Kindle. If you’d like to support the podcast, you can purchase this book on Amazon.
There’s a total of 8 chapters:
Common WLAN Issues
It would be beneficial to do a lot of packet captures with wireshark to help follow along with the book and get hands on. If you can, get ahold of a spectrum analyzer as well.
I use the Metageek Chanalyzer with the dBx dual-band adapter. Another popular spectrum analyzer that can be used alongside this study guide is AirMagnet Spectrum XT.