metageek

CTS 066: Spectrum Analysis with Joel Crane

Joel Crane is our special guest on CTS and he has a lot of knowledge bombs on spectrum analysis. Be sure to listen to this episode.

Interference. The invisible killer of your spectrum. It creates a terrible user experience and your network is to blame for it. Spectrum analysis is how you’re going to identify what is kicking your Wi-Fi to the side.

I’ve used this process to find issues the users are experiencing. Often times the fault is placed on the WLAN but it is either done unintentionally or on purpose. You will usually find out that there is a misbehaving device or a consumer level hardware causing issues with the WLAN.

In this episode, Rowell and François ask Joel Crane questions about what spectrum analysis is and why is it useful.

Spectrum Analysis with Joel Crane

  • Detecting, identifying, and locating non-WiFi interference
  • Gauging co-channel/adjacent interference
  • Who uses it
  • Cool stuff to know about
  • The troubleshooting process
  • Duty cycle vs. utilization
  • Real-time FFT vs Swept-Tuned

Resources Mentioned

Sample Spectrum Captures

This Week In Wireless

CTS 064: Wi-Fi Roundtable 1 – Part 1

This is a new series on the podcast where we bring together a group of Wi-Fi professionals for a roundtable discussion of industry topics, casual banter, and camaraderie. Insults are on the house 😉

Office table

A couple of us Wi-Fi professionals had the idea of getting together in virtual space to discuss anything and everything happening in Wi-Fi. This is the first time we have formed a roundtable, let alone an interview, with more than 3 people.

In this roundtable, which is split out into two episodes, we have Rowell Dionicio, François Vergès, Robert Boardman, Steve McKim, Brennan Martin, Samuel Clements, and Stewart Goumans.

Roundtable Discussions

  • Trolls
    • How to respond to trolls
    • Ignore trolls
    • Support each other
  • CCIE Wireless program from Cisco
    • Is it worth pursuing?
  • Recruiters
    • How to work with them
    • What to expect
  • CWNP Program
    • The reach of CWNP
    • The differentiator with CWNEs
  • Vendor bugs
  • Latest trends
  • What’s in your lab

This Week In Wireless

Datto acquires Open Mesh

British Telecom launches the UK’s first mesh network for whole home Wi-Fi

  • Home mesh now being offered by ISP in UK.
  • Read more.

Metageek Chanalyzer Updated

  • Latest update brings Chanalyzer to 5.8.9.
  • Read the release notes.

Jeeva Wireless raises 1.2M to develop a low-power Wi-Fi transmission technology

  • Low power.
  • Passive Wi-Fi.
  • Read the article.

CTS 054: 4 Scary Things Lurking in Your Wi-Fi

In the spirit of Halloween I wanted to go into a theme of scare and fright. While these may not make the hair on your neck stand, I don’t know maybe they do, these issues can lead to managing a scary wireless network. Scary because of end user complaints and because these can be running on newer wireless networks.

Those four scary things are

  1. Low data rate clients
  2. WPA2, even WEP
  3. 2.4 GHz Zombies
  4. Non Wi-Fi Interference

But before we jump into those 4 things, I wanted to update everyone on my journey to CWNE. This weekend I decided to take the CWDP exam. After a little under a month of studying I successfully passed.

The biggest resource I used was the official study guide by Tom Carpenter. It covered all the objectives of the exam. I felt this one was easier for me than the CWNA or CWAP. The topics were straight forward and common sense. This is probably because of my experience coming from designing some wireless networks but it came natural for me.

Now I plan on tackling the CWSP. Probably my weakest area but I look forward to learning from the Sybex book that was released in September 2016. I also plan on doing quite a few labs to get the security topics down.

4 Scary Things Lurking In Your Wi-Fi

Low data rate clients

Low data rate clients take longer to communicate over the air. They slow down devices trying to communicate on faster data rates. This makes it an inefficient wireless network.

An easy solution is to disable lower data rates such as 1, 2, 5.5, 6, and even 9 Mbps.

Keep in mind that this will shrink your cell size. So design properly!

WPA2, even WEP

I’ve seen some networks still utilizing WEP. There’s no use for this anymore. It’s been proven to be insecure and newer devices support much stronger encryption. WPA2 is also now crackable so it’s time to use stronger security.

Both security methods are a management nightmare because a passphrase has to be changed on every device.

The best solution here is to use RADIUS as much as possible. Keep WPA2 only devices on a separate SSID.

2.4 GHz zombies

The IoT band. The land of interference. A place where all single band clients get together. 2.4 GHz is a crowded spectrum.

Move your clients to 5 GHz as much as possible to avoid the congestion seen on 2.4 GHz. To troubleshoot issues on 2.4 spectrum use a protocol and spectrum analyzer.

Non Wi-Fi Interference

This also relates to the previous item. Non Wi-Fi interference causes high retransmissions on the network. This leads to low throughput.

End users characterize this as slow Wi-Fi, unusable, and poor performance.

Start looking into causes of anything over 15% retry rate. You can use tools such as Wireshark or Metageek’s Eye P.A.

Check out this previous episode around Spectrum Analysis while you’re at it.

CTS 052: How To Validate Wi-Fi Infrastructure

In this episode, I talk with Francois Verges of Semfio Networks about how to validate the Wi-Fi infrastructure.

Validating a Wi-Fi network involves many steps. This is not isolated to a new deployment but also to an existing Wi-Fi network. Francois and I talk about what to validate, look out for, and what resources are available to assist on the job.

Validate Physical Installation

  • Walk through the facility
  • Validate
    • AP installation
    • Antenna orientation
    • With the customer
    • Telco room location

Post Deployment Survey

  • Use your survey laptop and try to use a business critical business device as well (VoIP phone, handheld scanner…)
  • Connect to the infrastructure. Use the most business critical SSID.
  • Use Ping or iPerf to test connection, roaming, throughput.
  • Things to look at while performing the exit survey:
    • What band is the survey laptop using?
    • What band is the client device using?
    • Am I roaming as expected
    • RSSI of both your laptop survey and the client device
    • If you use ESS, you can also connect 1 or 2 dBx antenna to perform a parallel spectrum analysis. (Detect noise and major interferences)

Things to look at after the survey:

  • Coverage
  • Channel distribution / Channel re-use
    • See if some Tx Power need to be adjusted
    • See if some radios need to be disabled (2.4GHz)
    • See if more 5GHz channels are needed
    • Making sure that all the configured channels are being used.

Spectrum Analysis

  • Study both bands: 2.4GHz is usually where you will find the most external interferences
  • Stay still at one location. If you see something unusual, move around to pin point the exact location of the source. (might not be easy). – Plan for a little extra time.

Packet Capture

  • Get a better idea of the RF environment (using Eye P.A.). Thing to look at:
    • Retry rates
    • Channel airtime utilization
    • Data rates
    • How the neighbours can be affecting some channels
  • Being able to see more advanced radio configurations such as:
    • data rates
    • AP capabilities
    • Client capabilities (Big one)
    • Being to spot unusual behaviours
    • Being able to troubleshoot some client issues

Analyze Client Behavior and Configuration

  • Make sure all the client devices of the same model have the same Wi-Fi NIC drivers
  • Make sure all the client devices of the same model have the same Wi-Fi configurations
  • Make sure they manage to connect to the Wi-Fi network (Check delays, does it take a long time to connect?)

Perform Functional Validation Testing

  • Grab a client device, roam around the facility (especially where the device will be used)
  • Validate how the client roams
  • Validate on what band the client connect to
  • Try to ping the application server and see if you lose any pings (make sure it does not affect production)
  • Validate voice quality if it’s VoIP
  • Validate throughput if the requirements need it (try to use the same applications as the one what will be used on the Wi-Fi)

Links and Resources

CTS 047: Troubleshooting WiFi With Wireshark

It’s that time, a new episode about WiFi! Our main topic is Troubleshooting WiFi with Wireshark.

I saw this get shared on Twitter which is an article from The Guardian. Apparently, AirBnb WiFi is a security threat for travelers. This shouldn’t be a surprise to anyone but it is possible that the owner could be spying on your traffic, collecting information on you or even stealing your passwords. The best thing to do is not use the WiFi. I know, hard to do. From another perspective, a maliciuos hacker could break into your access point and install a backdoor and have his/her way with your WiFi. Now that’s a scarier thought.

I noticed Keith Parsons shared an interesting photo on social media. He displayed what he carries every day as part of his WLAN Professional toolkit. My toolkit is a lot lighter than that only because I hate carrying a lot of gear. Here’s a look into my toolkit:

For software I use:

What’s in your toolkit? Leave a comment below. I’m very curious what other professionals carry.

A WiFi Question from Lee Badman caught my attention, #WIFIQ 8/10/16 Have you ever had to deal with someone spoofing/copying your residential or business SSID? Circumstances, course of action?

On campus I know I’d find that rogue access point and shut it down after finding it.

But if it’s a neighboring tenant, what options do you have? The only thing I can think of is to simply ask them to change their SSID.

Troubleshooting WiFi with Wireshark

Download this sample pcap file to follow along.

My primary computer is a Macbook Pro. You can perform the same troubleshooting steps on a PC.

First step is to download the application at wireshark.org.

Before capturing wireless frames, there are a few things to take note. If you’re using a Macbook Pro/Air then you should be okay capturing frames using your built-in wireless adapter. I highly recommend using Airtool to assist in capturing frames on specific channels and channel widths. Airtool will conveniently save that capture for you on your desktop and open it right up in Wireshark.

If you’re using a PC, capturing wireless frames may not be that easy. Normally, the wireless adapter in Windows doesn’t allow you to capture frames in promiscuous mode. You’ll want to capture all the wireless frame details. Those frames I am referring to, not just the data frames, but also the frames used for management and control of the wireless medium.

On a Windows PC I have used the AirPcap adapter from Riverbed.

Once you’ve captured enough wireless frames, go ahead and stop it. Now we should be looking at Wireshark. The window is divided into three sections:

  • List of frames captured at the top pane
  • Middle pane shows the details of the frame selected at the top pane
  • Bottom pane shows the frame bytes of the selected frame.

Wireshark Window

We can see details such as the source mac address, destination mac address, and the details of the frame.

On the Info column, you can see what kind of frame is captured. For example, the first frame is a probe request from a device. What’s awesome about diving into wireless frames is being able to see so many details. Expand the Radiotap Header and we can see what data rate this frame was sent out on, which frequency, the signal, etc.

Expand IEEE 802.11 Probe Request and we can identify what kind of frame this is. It’s a Management frame with a subtype of 4 which is a Probe Request.

Now the meat of this specific frame is where you will expand IEEE 802.11 wireless LAN management frame. Here we will find the details of this probe request from the client device. It is probing for a specific SSID called test and has included all of the client’s capabilities.

Details within a frame.

We’re already seeing how powerful it is to analyze wireless frames when troubleshooting client devices.

So that’s looking at wireless frames. Let’s add more functionality to Wireshark. We can add columns to the frame list pane in order to see more details.

A few columns I like to have visible are:

  • Duration
  • Channel
  • Data rate
  • MCS Index

To add a column, right click on an existing column and select Column Preferences. Click on the Plus icon to add a new column. So for example, to add a Duration column, give the title of this column Duration, change the type to Custom and the in the field Name we will use what’s called a filter. For duration it is wlan.duration.

Column Preferences in Wireshark.

Display filters are your best friend. Display filters are used to find specific types of frames or packets. For example, if I wanted to see frames from a specific source MAC address, I would type in wlan.addr == mac_address in the display filter bar.

It is possible to filter from almost any type of frame.

Typically when capturing wireless frames, I capture everything without any filters. In Wireshark, it is possible to apply a capture filter. I don’t like this approach because you may miss a frame that may be required for troubleshooting. Instead, I capture everything and filter down from that capture. Sure it takes up a lot of hard disk space but that’s the life of a protocol analyzer. I know, I need a hobby.

But if you really want to conserve on space, Airtool has an option to not save layer 3-7 payloads. A neat little feature.

Download a PDF of display filters to use here.

So how is this useful? Let’s say an client is unable to join the wireless network and all you are able to do is perform wireless captures. So if it were me and this was my only option, I’d go to where the client is having issues. Assuming the client drivers are good and the SSID can be seen by the client and the only issue is it never connects to the SSID, we need to find out what channel to start capturing on.

We could use another useful tool such as WiFi Explorer, same author of Airtool, to find out what the strongest signal is on what channel. That’s where I would start capturing wireless frames, then while capturing frames, have the client try to connect. After the process fails, I would stop the capture.

Assuming we captured on the correct channel, we should be able to see the probe request coming from the MAC address of the client which you can obtain from the computer itself. After looking at the capture we should be able to see the 802.11 State Machine. If we don’t see successful authentication and association then that’s when we need to look closely at the capture. Maybe it’s because the client doesn’t support the requirements of the BSS such as a mandatory rate the client doesn’t support.

If you’re more of a visual person, Wireshark does have the capability to display the capture in a graph. What if we wanted to see how many retransmissions are occurring. In Wireshark, navigate to the Statistics menu and select I/O Graph. In the graph window, we will add a new data point by clicking on the plus icon. Rename it to Retries. The display filter to show retries is “wlan.fc.retry == 1”. Since this is bad we will color it as red. Next we modify the Y Axis to display Packets per second and also display All Packets so we can compare retries to all packets captured. That graph shows you the amount of retry frames compared to all frames captured.

There we have some basic Wireshark troubleshooting. That should be enough to get you going and it will take some practice. We went over installing Wireshark and how to capture wireless frames. Then we went over the different panes within Wireshark and how to add additional columns for easier viewing of frames. Next I went over how I use Wireshark to capture frames and troubleshoot an example issue. Also I provided two tool that will assist you in capturing frames, Airtool and WiFi Explorer.

In the news we talked about how insecure it is to use WiFi at an AirBnb. I know I wouldn’t.. The list of tools Keith Parsons has in his bag which is quite impressive. What’s in your bag? and a discussion of how to deal with someone spoofing your SSID.