Showing posts from September, 2009

Open Source Sniffers, Wherefore Art Thou So Unreliable?

After writing last week how impressed I was with Wireshark, I should've known this was coming. I tested the latest version of KisMAC after upgrading to an 802.11g adapter and the result was nothing but frustration.

For years now there has been one gleaming beacon in the otherwise dreary realm of open source Wi-Fi sniffers: KisMAC. Though it runs exclusively on Mac OS X, KisMAC makes the open source sniffing experience so much more enjoyable than Linux-based or Windows-based options like Kismet and Airodump. With KisMAC there are a variety of compatible adapters, the driver-loading process is automated and a slew of sniffing related activities (including packet injection, WEP cracking and Deauth floods, just to name a few) are included along with the basic capture and stumbling functions.

The problem I've had with KisMAC recently is that most networks I need to sniff are 802.11g or 802.11a and my KisMAC capture adapter was 802.11b. For years I'd been using a reliable old D-…

Giving Wireshark Another Chance

If you've ever heard me speak, sat my class or read one of my papers, you know that I'm no fan of Wireshark. But after using it a bit this week, I may be coming around.
First of all, a clarification for all of the Wireshark lovers out there. I like the fact that Wireshark exists. I like using Wireshark when I want to see what my notebook is doing on a network. It's just that I really, really don't like (momma says don't say 'hate') Wireshark for WLAN analysis. It's a tool that was built and bred for upper layer (IP and above) analysis and most of what I need to see is at layer 1 or 2.
This week I was teaching a class and the group I had included a few Wireshark devotees. After spending a more-than-adequate amount of time touting the benefits of WildPackets OmniPeek and AirMagnet WiFi Analyzer, I gave in to my desire to be loved and did a few exercises with Wireshark. At times, it was painful. I wanted my statistics. I missed my statistics. I wanted my dat…

Wi-Fi at the Wynn

I stayed at the Wynn Las Vegas for Labor Day weekend and used their Wi-Fi to watch some U.S. Open tennis matches. The most interesting part wasn't the performance, security or price, but the location tracking used for billing.

A long weekend in Las Vegas can be a good time, especially when you stay at one of the nicer hotels. Wynn Las Vegas definitely fits that description. For those that are unfamiliar with Las Vegas, Steve Wynn is something of a deity out there. The first hotel he built was The Mirage back in 1989, which managed to out-Caeser Caesar's from right next door; something that was thought to be impossible at the time. After building up something of an empire on the west side of The Strip, Wynn sold the Mirage properties (which included Treasure Island and Bellagio) to MGM Grand and bought the Desert Inn. He tore down the Desert Inn in order to build Wynn Las Vegas, which competes with Bellagio for upper-end clientele (read: gamblers).

When basic rooms run $350/nig…

Gogo In-Flight

I finally got a chance to sniff Gogo's in-flight Wi-Fi service. It's a big thumbs up for performance and a mild thumbs-down for security. Bottom line recommendation is that you'll probably be happy with the service, but it'd be nice if they offered an encryption option for paying customers.

The first thing that must be said is that the installation was quite professional. Three access points on 2.4 GHz channels (1, 6 and 11, natch) and three more on 5 GHz channels. The 5 GHz setup was odd. At first sniff they used UNII-1 channels 36, 40 and 44. Then later in the flight I noticed a switch to 36, 40 and 40. The switch to two APs on the same channel puzzled me, but that's probably just setting the controller (Cisco, in this case) to auto channel selection.1 

I set my Broadcom Client Utility (802.11n) to prefer the 5 GHz band in order to avoid interference. Performance was great; even good enough to watch a baseball game on I also set my band preference to 2.4 …