Sniff Wi-Fi

I am going to have to expand upon this topic in another post somewhere down the road, but 802.11n continues to annoy me. The technology is revolutionary and inexpensive and blah, blah, blah, but it's dang near impossible sniff it! Oh, does this tick me off. And to make matters worse today I finally got to use my D-Link DWA-160 dual-band 802.11n USB adapter with AirMagnet WiFi Analyzer so I really wanted to do some sniffing. Let's start off with the 802.11n thing first. 802.11n is a great technology that increases both the speed and the range (and even the security, in a way) of your WiFi. Unfortunately for people who dabble in WiFi sniffing, 802.11n also makes it virtually impossible to do traditional sniffing. The problem with 802.11n is that with most setups the Data frames going in one direction will be missed. I don't know exactly why this is and I don't know all of the technical reasons behind it, but trust me, it happens. If you set your 802.11n capture to a ...

I've mentioned in the past that 802.11b has become a thing of the past for most WiFi networks , but recently I happened upon one of these old boys and it worked great. The episode served as a reminder that sometimes you can use old technology well beyond its expiration date if you put it in the right place. You all know the limitations: 802.11b tops out at 11 Mbps. 802.11b stations sometimes lack support for WPA2 (or even WPA). I've never seen an 802.11b device support Block Acks. And many of the don't even support QoS (which is an underrated way to protect yourself against WEP or PSK cracking, btw). But you also know the benefits: they're cheap as heck! There's another reason besides cheapness that 802.11b remains an enticing choice: Sometimes you don't need the extra speed. In my recent excursion I was using WiFi to access a wireless ISP. Initially I was surprised to see 11 Mbps traffic in my Wireshark (I was too lazy to boot into Windows; what's new?...

I haven't talked much about AirMagnet products yet on this blog, and that's a shame. AirMagnet (now owned by Fluke Networks) makes some of the best WiFi sniffing products on the market. Their signature product (AirMagnet WiFi Analyzer) is best of breed for field technicians and it has seen some improvements to its hardcore frame analysis features that folks like me crave. Fluke AirMagnet WiFi Analyzer  has long been the top 802.11 protocol analyzer in terms of market share. It has also long been the top 802.11 protocol analyzer for basic WiFi sniffing. And by, "basic," I mean the type of quick, focused sniffing that's needed by field technicians and other folks who are trying to solve identify the cause of typical problems quickly.  Now, I'm no field technician, but I love AirMagnet. The WiFi Analyzer product is great for my writing work (because it's widely used), my teaching work (because it makes it easy to show off 802.11 protocols) and my sniffing...

The WiSpy spectrum analyzer has long made wireless folks feel ambivalent. We love the cheap price and the USB form factor, but we hate the fact that it lacks the device identification capability that you get with the Cisco Spectrum Expert and Fluke AirMagnet Spectrum XT. I've always been one of those folks who tends to think it's worth the money to have a more professional-grade product, but while working at a hotel last week my WiSpy really helped me out. Before I get to my story, I'd like to give a little background on WiSpy. WiSpy is a USB spectrum analyzer from Metageek . I was first told about it about four years ago by Devin Akin , who at the time was the top technical guru for the CWNP Program . When I clicked on the link he sent to my email, I was amazed. Metageek had created a 2.4 GHz spectrum analyzer for $99. Like any good compulsive gadgeteer I ordered my WiSpy shortly thereafter and started playing with it. Unfortunately, it didn't take long for me to ...

Since I'm typing this during the intermission of the U.S. Hockey team's attempt to upset the heavy favorites for the gold medal, I thought I'd appropriate the famous line from the Miracle on Ice 30 years ago for today's blog headline. After analyzing the security of the in-flight WiFi offering six months ago, it's time to revisit the GoGo offering and discuss why it really makes things safer for the data security on airplanes as a whole. Gogo is an airplane-based Internet WiFi service available from several airline carriers on flights across the continental United States. Gogo is a fee-based service that costs $30 for a 30 day pass (which I am grateful for due to having four cross-country Delta trips in a twelve day period) or $13 for a single day pass (handheld devices get a $5 discount on the daily price). Gogo security is what could be described as borderline negligent in a typical WiFi guest access environment. Essentially, they are mainly protecting themse...

At the risk of sounding like a flip-flopper , I have to reassess my previous post about Airpcap. I was doing some sniffing on a few flights recently and I realized that there are some pretty nice things about CACE Technologies' signature product. Nine days ago, I was frustrated. After using Wireshark to view WiFi packet dumps from KisMAC for years, I thought that I was finally being upgraded to first class. I had my Airpcap NX, my CACE Pilot and a few days off from my real work to finally become the acolyte of the open source sniffing movement that I've always wanted to be. (O.K., not really.) I spent my time with the CACE Tech Triumvirate and at every turn I became more and more angered. Every standard sniffing activity seemed three steps harder and two times slower than it should have been. Association tracking, retry analysis; you name it. They all were a pain. I finally gave up and wrote a regrettably titled column citing my displeasure with the whole lot of them. I then...

I try my best to stick to real WiFi sniffing when doing this blog, but sometimes a new product comes along that is close enough that it deserves a mention. Meraki, the WiFi infrastructure vendor that specialized in cloud-based management of APs, has released a web-based tool called Meraki WiFi Stumbler. It's not a sniffer in that it doesn't capture frames or identify stations, but it does do typical stumbling functions without requiring an installed application, which is unique. Meraki Stumbler is a free, Java-based tool that is available at the Meraki website. It's completely web-based, so you don't need to run a separate application. The app is intentionally simple. It gives you basic 802.11 discovery information like SSID, security, signal strength, BSSID and channel. It does support both the 2.4 GHz and 5 GHz bands, so you'll see and 802.11a/b/g/n APs in the area. The one oddity is that it ostensibly reads signal strength in dB (I'm assuming they mean ...