Posts

Showing posts from 2011

One Card to Rule Them All

Image
FINALLY!


If you do a lot of sniffing, there is a chance that you have a bag full of USB adapters whose contents look like this:



Riverbed AirPcap NXMetageek WiSpy DBxD-Link DWA-160Cisco-Linksys WUSB600Nv1D-Link DWL-122D-Link DWL-G122Ubiquiti SR71-USB (w/ two HG2401RD-MMCX 2.4 GHz antennas) I do, and it stinks. AirPcap is for Wireshark, WiSpy is for Chanalyzer, the DWA-160 and SR71-USB are for AirMagnet software, the DWL adapters are for Kismac and the Cisco-Linksys is for OmniPeek. It is a bit frustrating, especially if I need to switch between applications.
Well, today I am a happy(er) man. 

The screen in that shot is WildPackets OmniPeek, running like a champ. And do you see that little thing on the right, there?

That is the D-Link DWA-160, working with OmniPeek like a champ.
It is a little thing, I guess, but I am very happy to be able to use the DWA-160 adapter with WildPackets OmniPeek. This means that Fluke Networks' AirMagnet WiFi Analyzer & AirMagnet Survey, WildPackets O…

Tell Me Why's, Tell Me Sweet Little Why's

Image
The darned computer (or phone, or tablet) won't connect. We've all been there, and we've all wondered what the heck the problem is. Here's a quick way (using an OS X 10.7 [Lion] Macbook Air with Wireshark) to start yourself on the road to figuring out why.


I'm on a connection kick as of late, so let's follow up the last post on this blog by going into a little more detail about WiFi connections.

If you understand 802.11 protocols, then things can be taken a little deeper. When your (or the people you support's) WiFi connection seems to be unavailable for no reason, you can look at the frames being sent to see if things are going the way they're supposed to.

Now, I was in a little bit of a lazy mood today, so I decided to use the OS X Lion application called Wi-Fi Diagnostics and Wireshark rather than a professional tool like WildPackets OmniPeek or Fluke AirMagnet WiFi Analyzer. This same stuff can be done (and, in fact, can be done even easier) with th…

What the #@*! is wrong with this WiFi? (and what can I do about it?)

Image
We've all encountered bad WiFi networks in the past. Is there anything (besides cursing the admins) that can be done about it?


There is a fantastic phrase going around nowadays that is used to describe all manner of first-world problems: white whine. Complaints about the quality of guest WiFi certainly would fit into that unfortunate category, but I'm going to join the white whiners anyway (while throwing in a few helpful sniffing tips so that I feel better about myself).

UFC 137 happened on October 29, 2011 at the Mandalay Events center in fabulous Las Vegas, NV, and I was there covering the show for the Wrestling Observer. As is the case at almost all sporting events nowadays, WiFi-based Internet access was provided to the media in order to enable live blogging, tweeting and general reporting on the event. As is also the case at many sporting events nowadays, the WiFi stunk. In fact, it sucked. (And I don't use that term loosely. My mother would be angered at my potty mo…

And a one, and a four, and a eight, and a 'leven...

Channel choices can be a tricky thing, especially in the 2.4 GHz frequency band. I saw a network recently that had an unconventional channel design, but the network seemed to work pretty well.


Channel selection has long been a peculiar topic for 2.4 GHz WiFi networks. Per-channel frequency allocations in the band are 5 MHz wide (enough for a cordless phone or PowerPoint clicker, for example), but transmissions are much wider. The exact amount of bandwidth taken up by WiFi devices varies depending on the standards supported (802.11 b, g or n), the radio's transmission power and possibly other mysterious factors as well. (Just try running a spectrum analyzer around gear that supports transmit beamforming (TxBF) and you'll see what I mean.)

A seasoned rule of thumb has been to keep APs running on channels 1, 6 and 11 in an environment that supports ubiquitous coverage. The theory is that, at typical transmission/antenna configurations, WiFi devices will transmit over bandwidths t…

Time To Talk Chanalyzer

Image
The Metageek spectrum analyzer package (WiSpy hardware with Chanalyzer software) has long been a favorite of thrifty sniffers. It has long deserved some praise from this blog, and with Chanalyzer 4 melting steel like a CM Punk promo, now is a good time to give it.
For many years spectum analysis was overlooked or even ignored by WiFi professionals, and for good reason. If you were managing a wireless network back in the days of 802.11b (or even the early days of 802.11g), there was a paucity of good, affordable spectrum analysis tools. You could buy a hardware analyzer (I first used something similar to this beast), but those things were usually expensive and designed as general purpose analyzers rather than WiFi-specific analyzers.
Spectrum analysis changed for the better in 2005, when Cognio released the Spectrum Expert analyzer. Their PC Card/software combo immediately became a favorite of WiFi folk and remains one today (though the product is now the Cisco Spectrum Expert after a 20…

Bad Medicine: Roaming and Sniffers

I believe in sniffers. I believe in planning for client roaming. And I believe that mixing the two is a bad idea. Using a sniffer the right way and planning for client roaming the right way are both essential for having a high quality WiFi network, but it's a good idea to keep the two separate.

This is, of course, a blog about WiFi sniffing, but to understand why using sniffers to plan for roaming is trouble, let's go into some background on WiFi client roaming.
WiFi (802.11) networks were designed like cell phone networks in that client stations would be able to maintain application connectivity while moving between access points. They were also designed to be unlike cell phone networks in that the client station would control when roaming happens. You see, in cell phone networks, the network infrastructure controls when your phone moves to a different base station. That design makes sense because cell phones have a built in way of giving base stations information about the pho…

Three Things I Like: AirMagnet WiFi Analyzer

Readers of this blog may have noticed that my frequency of blogging has waned in 2011, so it's time for some self-motivation. I'm going to start a series of blog posts titled, "Three Things I Like" and apply to all sorts of WiFi (and possibly even some non-WiFi) topics. I'm going to start with a darned good WiFi sniffer, Fluke Networks' AirMagnet WiFi Analyzer.


AirMagnet WiFi Analyzer from Fluke Networks has long been the leading WiFi protocol analyzer by market share. It has also long been one of my favorite tools to use when helping others learn about WiFi. Here are three things that I like about AirMagnet WiFi Analyzer.


Pre-made device filters. When you navigate to the Infrastructure screen (fourth icon from the left in the navigation menu that sits in the far lower left hand corner of the screen), any time you click on an access point (AP) or station, the software immediately starts showing you statistics on frames that are traveling to or from that device …

Get Personal, Gogo

Last Sunday I took a flight equipped with Gogo in-flight WiFi so that I could work in an office with guest WiFi. The difference in security was stark, and Gogo should make changes to fix their poor (and, in my opinion, negligent) WiFi security.


Gogo in-flight WiFi is a service that I've blogged about before, but I feel compelled to mention it again because the security problems I complained about a year and a half ago are still there even as hacking knowledge and applications have grown. To recap Gogo's poor security design:


Open System authentication with no encryption is used for Gogo's WiFi security. This means that applications like Firesheep allow hackers to do sidejacking attacks, like the one that seems to have been performed on Ashton Kutcher recently. Captive Portal authentication is used to charge passengers for Internet access. This means that anyone who knows how to spoof a MAC address (link is for XP, but the same can be done in Vista/Win7 via the Networking and…

Brevity is the Soul of Wit (But Not the CWDP Study Guide)

The CWDP Study Guide was recently released. The certification is valuable and the study guide is great as a reference, but as a book it is just about unreadable.


Certified Wireless Design Professional (CWDP) is a new certification from the CWNP Program, a group that creates and manages vendor-neutral WLAN certifications. The CWNP Program has long had a Certified Wireless Network Administrator (CWNA) and Certified Wireless Security Professional (CWSP) certifications, and here in 2011 they are adding the CWDP and Certified Wireless Analysis Professional (CWAP) certifications.

The spirit of these certifications is that WiFi professionals often work in very specific disciplines, so the CWNP Program has a certification track for most industry professionals. Work for an equipment vendor? You probably want CWAP. An integrator? Probably CWDP. The NSA? CPP. (I jest, I jest. And if any NSA people read this blog, let me request the pain-free truth serum in advance.)

The CWDP exam is the next exa…

Chiggity-Check Your Phone (With a Sniffer)

It should come as no surprise that many WiFi-enabled mobile phones sometimes exhibit behavior that makes them vulnerable to attack. In at least one case, you can use a WiFi sniffer to view such behavior so that the proper changes can be made to your phone.


When a WiFi device associates to an access point, it must first go through the process of Discovery so that it can decide which AP is best (based on SSID, signal strength, etc.). Discovery is done either by listening for Beacon frames or transmitting Probe Request frames in hopes of eliciting a Probe Response frame. The Discovery process reveals the same information about an access point (SSID, channel, rates, security, etc.) whether it is through a Beacon or a Probe Response, it's just that the probing process can be faster because the station can initiate it at any time.

The problem with the Probe Request/Response sequence is that it could lead to an attack. Hackers running sniffing software (for the types of nefarious purpose…

WiFi In The Arena

UFC 125 happened on New Year's Day, and I was fortunate enough to cover the show for the Wrestling Observer. As with just about every sporting event nowadays, the MGM Grand Garden Arena provided WiFi service for the members of the media who were covering the event. I managed to squeeze in a little bit of sniffing while I was doing my live blog, and the results I found were a little bit surprising to me.

When I think of public Wi-Fi, I think of downloads. Maybe that makes me an old codger, but I just imagine all of these web pages, videos and spam emails coming down with just a few requests and acknowledgments going back up. The world has changed, of course, with more people than ever wanting to tweet, blog and upload photos as part of the social media revolution, but I still was dubious when Andrew Von Nagy (@revolutionwifi) told me on Twitter that I should expect a pretty even distribution of data on any public WiFi network nowadays.

Sniffing in the media area turned out to be a …