Galaxy Tab 2.0: Probing Done Right (I Think)

When we last left off, yours truly had noticed that an Android tablet was probing for Wi-Fi networks even when associated.  This behavior would have been unusual, as consumer-grade Wi-Fi devices historically would probe when unassociated and stop probing once a connection is made.  After a little bit more investigation, it appears there was an extenuating circumstance that was causing all of the extra probing.

I wondered if the Android tablet I have (Samsung Galaxy Tab 2.0 with 65 Mbps 802.11b/g/n WiFi) might have its probing behavior affected by movement, and sure enough it does.

I'll try to amend this blog post later to add screenshots of my captures, but for now here is a summary of what I saw:

I associated my Galaxy Tab to a WLAN that is on channel 1.  Then I captured on channel 11.  My hypothesis is that an associated device should stop probing on other channels as long as the signal is solid.

Sure enough, once I was associated on channel 1, I stopped seeing Probe Requests coming from the Galaxy Tab on channel 11.  In fact, channel 11 showed no sign of the Galaxy Tab whatsoever.  (What was also interesting that is the only SSIDs I saw in the Probe Requests before the Galaxy Tab associated were hidden SSIDs.  Maybe Android has taken the Windows/Apple iOS approach and enabled probing only for hidden SSIDs.  That'll be another investigation for another time.)

I started walking with the Galaxy Tab, but made sure that I walked only in areas where the received signal was strong (meaning well above -70 dBm).  My channel 11 capture then started lighting up with Probe Request frames from the Galaxy Tab.  The probing was exclusively using the SSID of the WiFi network I was associated to.

The conclusion I reached (at least so far) is that the Galaxy Tab is doing the right type of probing.  The harm of Probe Requests is that they take up valuable channel time and may open up devices to hijacking attacks.  The value of Probe Requests is that they aid mobility.  It appears that when the Galaxy Tab senses movement, the positive aspect of probing is used.  When the device lies still, the negative aspect of probing is avoided (as long as the Galaxy Tab stays associated).

Comments

  1. Great post Ben

    I would be interested to know how fast does it start probing when remaining still, after you unplug power from the ch1 AP. How fast and does it have the intelligence to go to ch11 AP immediately?

    ReplyDelete
    Replies
    1. It'll roam to the Ch 11 AP, but I don't do unplug tests. I try to stay away from stuff that is 95% lab/5% reality.

      Delete
  2. Great read and I was unaware my Galaxy Tablets probing behavior was based on them sensing movement. Good comment on the probing trade offs, the good being used for roaming and the bad taking up channel capacity and open to fake AP attacks. I look forward to reading other posts on your site. Dale

    ReplyDelete
  3. Thank you Dale. I need to look into it more and see how much the signal level plays a role, but yes I was surprised at the movement affecting things, too.

    ReplyDelete

Post a Comment

Popular posts from this blog

Spectrum Deception

Free Sniffing in Windows! (Kind Of)

What's New (and Missing) in the WiFi for iPhone 6