Posts

Showing posts from 2014

An Android Change for the Better (Maybe)

Image
Chatty smartphones have been an issue for years.  Whether you're concerned with security or performance (or both), the amount of Probing being done by unconnected iPhones, Galaxies and the like has been worrisome.  

Today, things have changed.  Smartphones don't Probe as much.  This is probably for the better, but there could be a catch.

I'm an Apple guy.  Even when I was using PCs in college (things were different back in the 90's, I tell ya), it was always because they were free.  Once I finally had to buy a computer, I went straight to the very first iBook in 2001.  I own an iPod, iPad, iPhone and MacBook Air.  My next computing purchase will probably be an iMac (to better record those promised-but-not-yet-delivered online training videos on WiFi that I touted six months ago).  So, I like the company.  And I like bashing its competitors sometimes.  (Not my most magnanimous trait, but nobody's perfect.)

I liked pointing out that Google's Android operating sys…

Not Sniffing, But... Oscium WiPry-Pro

Image
It's been over two-and-a-half years since yours truly last wrote about Oscium WiPry, but there is reason to today: they fixed it!  Now the only 2.4 GHz spectrum analyzer for Apple iOS reads signal level correctly.  And using the new, corrected version reminded the author why WiPry is a nice product at a reasonable price.

The concept of a spectrum analyzer hasn't changed in decades, and for good reason.  It's simple.  A device listens for activity at a given frequency and displays a readout of said activity, usually in a fancy, colorful way.

In the last two years, however, many things have changed about spectrum analysis for WiFi.  PC card slots have become increasingly rare, thus leaving the Cisco Spectrum Expert in the margins.  Sensor-based spectrum analysis has increased in popularity.  Metageek, makers of my favored spectrum analyzer, stopped offering free software with their signature WiSpy series of spectrum analyzers.

What hadn't changed in the last couple of y…

Not Sniffing, but... Fluke Networks LinkSprinter

It's time to switch things up a bit.  WiFi sniffing is a fascinating topic and all, but good ol' Yours Truly wants to try something new.  

This will be the first in the "Not Sniffing, but..." series on the Sniff WiFi blog.  I come across interesting topics outside of sniffing all the time, so I want to add short blog posts on some of these topics.

Several months ago WLAN bon vivant Keith Parsons posted a blurb on his WLANPros.com blog about the Fluke Networks LinkSprinter.  I contacted someone from Fluke Networks to ask about the LinkSprinter, and they were gracious enough to send me one to test.

LinkSprinter is a wired testing tool.  It's more for people who install APs than for people who, like me, primarily do frame captures.  Still, we both do troubleshooting.  The LinkSprinter is definitely for troubleshooting.

The tool is pretty simple.  You plug in an Ethernet cable, and you press the lone button to start the test.  You'll immediately get an indication…

What's New (and Missing) in the WiFi for iPhone 6

Image
Two years ago tomorrow Apple introduced the iPhone 5.  It was a big deal.  It was a big deal for gadget folks who wanted a bigger iPhone.  It was a big deal for wireless LAN folks who wanted users to use smartphones with speedier WiFi.  

Now the iPhone 6 has been announced and it appears to be more of the same.  Gadgeteers get their bigger iPhone.  Wireless folks get their faster speeds.  Problem is, the faster wireless speeds likely won't mean anything for high capacity wireless deployments.

The big news about the iPhone 6 is 802.11ac.  Yippee!  Apple has finally adopted the latest and greatest WiFi standard in a mobile device.

802.11ac has data rates as high as 6.9 Gbps in the standard, but wireless LAN folks know that's not what happens in real life.  Real 802.11ac devices top out at a 1.3 Gbps data rate when multiple input-multiple output (MIMO) antenna systems are supported, while non-MIMO devices top out at 433 Mbps.

The iPhone 6 and iPhone 6 Plus are non-MIMO 802.11ac d…

Capacity or Coverage or Neither?

Image
In the beginning, there was Coverage.  And so it was that 802.11 and his only begotten Son, WiFi were blessed upon PCMCIA cards who doth receiveth adequateth Coverage.

And then as Coverage grew and the lands of Tablets wereth discovered, so came Capacity.  And thus did Capacity grow to represent all that was good and great about deploymenteths upon this fruitful land.

And now, my Sons and Daughters, things have changeth again.   For Coverage and Capacity will both leave the Higheth of Densiteth WiFi wanting.  And so we shun them both.  For it is Neither -- Coverage nor Capacity -- that will taketh thy to the WiFi promised land.

In case it was unclear, designing wireless LANs for Capacity has become an article of faith in some circles.  Keep it to 40 devices per AP.  Or 50.  Or 150.  Whatever the number is, the whole concept is misguided.

WiFi uses radio frequency as its physical layer, and there is a finite amount of radio frequency in any given location.  If every radio frequency chan…

I Guess Apple Wireless Routers Don't Like... Anything?

Image
I've seen a lot of inexplicable stuff in my day.  Landlords advertising Free WiFi and then telling you to use the neighbor's.  Twitter praise from people whose employer I had just criticized in a blog post.  USC journeyman quarterback Mark Sanchez picked fifth in the entire NFL Draft.  But when I saw that my sturdy Apple Airport Extreme (single radio, dual band, two-stream 802.11n) wireless router was tagging all of my apps as Background traffic, I just couldn't explain it.

For those who are unfamiliar with WiFi quality of service (QoS), a quick primer:

WiFi Multimedia (WMM) certified devices use QoS protocols from the 802.11e amendment.  Primarily, that means classifying APPLICATIONS (not networks, not devices) as either Voice, Video, Best Effort or Background.  What happens when a device classifies an application as Voice (highest priority)?  Whenever that device is ready to send a frame (sometimes called a packet) from that Voice application the device has to wait less …

...And If You Buy That Survey, I've Got Another Survey To Sell You

Image
I recently got into a little tiff on Twitter.  In part it was an argument about blogging and reaching a broad audience, but mostly it was about site surveys.  Site surveys are hot right now, but I find that surveyors often overlook an important aspect of WiFi: different devices act differently.

Conventional wisdom for WiFi site surveys is to get somesitesurveysoftware, upload a floorplan and start a-surveyin'.  First predictive (letting the software estimate where coverage will go), then active (temporarily mounting access points in the locations chosen in the predictive survey and testing connectivity) and finally verification (walking the site after APs have been installed).

The problem with all three types of surveys (predictive, active and verification) is that they are done with site survey software.  Site survey software is great for selling APs or pacifying execs, but it usually requires using a specific adapter.  So every time you verify connectivity or see a certain rece…

Why Are You Slowing Down My WiFi, Apple? To Make Things Better?

Image
I defend Apple a lot.  When Network World wrongly accused the original iPhone of flooding Duke University's network, I defended Apple.  (It was later found to be a Cisco problem.)  When a health care provider I was doing some work for blamed SIP-enabled iPhones for a VoIP problem, I eventually found out that the APs were to blame.  (The APs were failing to respond to WiFi frames tagged as "Background" QoS.)  Time and time again networking folks blame device makers like Apple, and time and time again the problem ends up being the network.

There are times, however, when it really is Apple's fault.  When the network is operating just fine.  This is one of those times.  The problem is that I just don't know why.

802.11n (HT) and 802.11ac (VHT) networks operate in co-existence with first generation (802.11a/b/g, that is) WiFi a lot.  When that happens, the HT or VHT access point operates in mixed mode.

There are all sorts of ramifications when a WiFi network operates …

I Have Seen the Future (of WiFi Sniffing), and It Is OmniPeek (on a Mac)

Image
Yours Truly has been worried about the future of WiFi sniffing.  Yours Truly worries about the people (they seem to prefer site surveyors) the software (AirMagnet has yet to support 802.11ac adapters) and the methods (WildPackets has been pushing AP-based capture).  To a person who believes that portable WiFi sniffing is essential for optimizing WiFi performance, it is all very disconcerting.  And yet, there is hope.  WiFi sniffing is ready to step into the 802.11ac/Internet of Everything era, and here is how it can be done.

WildPackets OmniPeek has long been the author's favorite WiFi sniffer, but it only runs on Windows.  For years and years and years that was fine.  There were always a fewWindows-compatibleWiFi adapters that worked great with OmniPeek.  Now, however, WildPackets has gone in a different direction.  They are promoting WiFi sniffing via an AP (which often results in a worthless capture) and saying that they don't expect USB-based capture to be viable for 802.11…

Device Retry% in Fluke AirMagnet WiFi Analyzer (Video!)

So I'm milling around Twitter one afternoon when someone told me that Fluke AirMagnet WiFi Analyzer was overwhelming.  Well, it is if you don't know what to look for.  And since I'm in the midst of developing an online class about WiFi sniffing, I decided to whip up a shabby-looking 10 minute video that might help those who feel overwhelmed.




If you like my blog, you can support it by shopping through my Amazon link or donating Bitcoin to 1N8m1o9phSkFXpa9VUrMVHx4LJWfratseU
Thank you.

Spectrum? It Damn Near Killed 'Em

Image
When I wrote a blog post recently extolling the virtues of WiFi protocol analysis, I expected some blowback.  Not because WiFi protocol analysis won't help performance (only a Garofalo-ian fool would assert that it won't), but because I touted protocol analysis at the expense of spectrum analysis.  

Well, it's time to make amends.  Spectrum analysis is pretty darned useful, too.  And the spectrum analyzer that I use (Metageek's WiSpy DBx with Chanalyzer) underwent a notable update in recent months.  Here, then, is an update on Chanalyzer and a reminder of what spectrum analyzers can be useful for.

For quite some time Metageek's spectrum analysis suite (consisting of the WiSpy USB adapter and the Chanalyzer software application) has been the thrifty man(and woman)'s tool of choice for analyzing WiFi frequencies.  The original Metageek WiSpy (a 2.4 GHz-only device without an external antenna interface) was a $100 (all prices in USD) USB adapter and the original Ch…

Three Simple Ways to Boost Your WiFi

Some days you wake up and say to yourself, "how can I be more like Buzzfeed?"  Buzzfeed is popular and beloved and has an office across the street from a great Mexican restaurant.  I have a few friends and wonderful parents, but I can barely cook a taco.  

What is it that I'm missing (besides venture money, a flock of ambitious MBAs and universal scorn from the intelligentsia)?  Lists!  That's what I'm missing.  Hit-trawling, crowd-pleasing lists!

So here it is: the first in what hopefully will be a series of one.  A list of Three Simple Ways to Boost Your WiFi.  #LOL #cute #OMG #trashy

1) Add an 802.11n/ac USB adapter to old 802.11a/b/g laptops and desktops.

Some folks in the WLAN business like to use the term "5G" to refer to 802.11ac, but I refer to 802.11a/b/g as 1st generation WiFi and 802.11n/ac as 2nd generation WiFi.  The reason I do that is because big improvements to power consumption, receive sensitivity and channel bonding are available in alm…

A Choice of Filters

People who do WLAN analysis agree that filtering is a part of sniffing WiFi frames/packets.  More information can be extracted from captures when the focus is on one AP or station or protocol (or a combination of same).  Where people disagree is on which type of filtering is best: capture filters or display filters?  Yours truly is a capture filter man, and some iPhone analysis was a reminder why.

Filtering 802.11 captures is covered pretty well in the CWAP Study Guide (of which I am a co-author).  A capture filter extracts frames before they are captured.  The only frames captured are the ones that match the filter.  A display filter extracts frames after they are captured.  Every frame is captured.  Then the filter is applied so that only frames matching the filter are shown in the protocol analyzer.  To use the example of a filter on my iPhone, if a capture filter were used then all of the frames from all of the other stations on my iPhone's channel would be lost.  Using a disp…

QoS the Packets of iPad (a poem)

Image
QoS the packets of iPad, and all through the air 
not a station was Probing, not even a hair
When suddenly on to my Wireshark screen
Appeared Video, Voice and Background, it seemed
"But alas", I exclaimed, as I looked at the MACs
This is only one tablet, not a bushel or stack
To the standard I looked, to decipher the meaning
And to you, dear reader, I offer this gleaning

The standard in question is dot11e
and the goal of its authors was to keep the air free
from clutter like YouTube and Facebook or Twitter
that might cause your voice conference to lag and/or jitter
But remember, dear sniffers, we're still talking WiFi
A world where each access point, smartphone and MiFi
makes its own way to the channel or not
deciding on rates, QoS and the lot

So take heed if your WiFI must work for those apps
that users just love but treat admins like saps
a smartphone may say, "this packet is Voice"
but the AP may reply, "Best Effort; no choice"
And thus if your tool is a management GU…

Mighty iPhone Power Ranges II (With iPads)

Image
About a year and a half ago, yours truly wrote about WiFi transmit power levels in iPhones.  Things have changed since then.  And possibly the biggest change (to iPhones, at least) is how aggressive iPhones are in modifying transmit power levels.  

In the "Mighty iPhone Power Ranges" blog post, I wrote about the value of setting AP transmit power levels to approximately the same level as client/station device power levels.  Over the past year or so, more and more client/station devices have started using adaptive power levels.  A typical implementation would force a device to lower its transmit power when receiving a strong signal from the AP and raise its transmit power when the AP's signal is weak.

The unanswered question is, "just how vast are these ranges of transmit power levels?"  Can a smartphone or tablet go as low as half power?  10% power?  0.0001% power?  Those differences could have a major effect on a WLAN infrastructure's ability to handle a v…

802.11v: Keep Dreamin’ (in iPhones running iOS 7, at least)

Image
I’ve seen a lot of 802.11 amendments in my day.  From speed (ac) to security (i) to voice (e), a lot of those amendments have done great things.  But 802.11v isn’t going to be one of them.  One look at an iPhone’s (iOS 7 iPhone, that is) 802.11v capabilities shows that the dream of Wireless Network Management delivering client control is still just that: a dream.
It has long (well, for a dozen years or so) been a desire of WiFi admins to have more control of client/stations.  Control over which AP the client will connect to.  Control over what signal strength (or signal-to-noise ratio [SNR] or error % or BSS density) will trigger client roaming.  Control over which Final Fantasy character they will assume at that weekend’s LAN party.  (I know virtually nothing about video games, so feel free to make dumb jock jokes at yours truly’s expense.)
For about half as long, WiFi admins have had hope for client control on the horizon: 802.11v.  The wireless network management (WNM) amendment wa…