Don’t Contain Me, Bro!

Containment of a WLAN is the act of shutting it down! We discuss how you can find out if you’re being contained.

This episode is sponsored by Metageek

WLAN containment is not a situation you want to deal with. The symptom you’ll see are devices dropping from your WLAN. When they are disconnected, they often stay disconnected. Sometimes those devices won’t be able to connect at all to your WLAN.

What is happening? Another network is containing your WLAN. This happens by sending deauthentication frames to devices connected to your WLAN or by sending broadcasted deauthetication frames.

You can troubleshoot this issue using the following tools:

• AirTool
• Wireshark
• WiFi Explorer
• NETSCOUT AirCheck G2 (optional)

Troubleshooting WLAN Containment

How do you know if containment is happening? Using Airtool, capture frames on your operating channels. After 5 minutes of capturing, open up the pcap in Wireshark.

Use this filter to show all deauthentication frames:

wlan.fc.type_subtype == 0x000c

Take note of the source BSSID. You may get lucky and find out who is containing your WLAN. Copy the BSSID and paste it into WiFi Explorer. If that same BSSID is broadcasting beacons for its own WLAN you will see it.

That’s how I used Airtool, Wireshark, and WiFi Explorer to find the source of containment. By looking at the RSSI within the frames in Wireshark, you can get close to the source AP of the offending frames.

Another option is to plug the BSSID into the AirCheck G2 and use the Locate feature to find the AP.

Here are some screenshots from my lab performing containment on one of my APs. Remember your regulatory laws regarding containment!

This Week In Wireless

• Get 25% off CWNP WiFi Trek with coupon code: CTS17
• Ekahau Product Announcement
• FCC Regulations