Sniff Wi-Fi

If you know me through this blog, then you know that I like to sniff WiFi networks. If you know me through just about anywhere else, then you know that I love sports. Put those two together and you'll see why I am so excited about an article in today's New York Times chronicling the use of WiFi terminals to place bets at Las Vegas sportsbooks. Matt Villano, a technology writer for the New York Times, wrote a piece today on how Las Vegas sportsbooks are using both RFID and WiFi to offer sports bettors more opportunities for action (and by "action", I mean "losses of money and/or spouse"). I encourage you all to check out the article in it's entirety, but the basic gist is that a company named Cantor Gaming has created little terminals slightly larger than an iPhone that allow gamblers to make wagers on a touch screen while they are inside the casino. Cantor addresses two of the problems that might first come to mind with this technology ("How d...

AirMagnet WiFi Analyzer has long been one of the premier WiFi sniffers. Up until recently, however, you pretty much had to have a laptop with a PC card slot if you were going to use it to it's full potential. Now Fluke Networks has released AirMagnet WiFi Analyzer 8.6, which supports the Ubiquiti SR71-USB dual-band 802.11n USB adapter.  If you've read this blog before (or if you've just looked at the About Me over there on the left), you know that I'm a big fan of WildPackets OmniPeek for WiFi sniffing. One reason is that it's a great product with tons of way to manipulate sniffed WiFi frames in order to get the statistical information you need. Another, though admittedly less important, reason is that they have had (at least until now) the best adapter support. The Linksys WUSB600N is a dual-band 802.11n USB adapter that is cheap (about $75) and versatile sniffing any type of 802.11a/b/g/n traffic. Wireshark may have the AirPcap NX, but it's expensive ($699)...

I'm doing some work this week away from WiFi and on more general networking. Getting away from WiFi always reminds me how different WiFi sniffing is from anything else. With WiFi, you rarely need to worry about anything above Layer 2. I've found that most folks who work with WiFi are like me -- they started out working on networks and then one way or another they moved into wireless. (Those of you who took the other route -- wireless first, then networking -- can probably ignore most of this.) For me, it's been so long since I've made the move that I sometimes forget how different things can be. Fundamentally, you're looking for the same things on a WiFi network that you're looking for on a wired network: security, performance, consistency and accessibility. The trick is that you're looking at them in different ways. For wired networks, it's usually Layer 3 (the IP/Network layer) and above that matters. You look for protocols and VPNs and management...

I got a chance to use Google's free airport WiFi for the holidays while on a stopover in Phoenix. It worked quite well, but I didn't have time to boot up the sniffer between flights. O.K., I'll admit that "didn't have time" is carny for "was too lazy", as it is in almost all cases. If I were being a good sniffer I would've used my fifteen free minutes to boot into Windows, start up OmniPeek and get a little bit of useful information. The WiFi network at Phoenix Sky Harbor International Airport (PHX) seemed pretty ordinary so I doubt that there was anything very interesting going on. You associate, you bring up your web browser, you accept Google's terms of service and you're on. Pretty simple. Speeds on the PHX network were good and nothing seemed to be restricted. I was able to send a quick email, download a podcast and browse to my typical stuff (WiFi news, sports and pro wrestling). One twist on Google's free holiday WiFi at...

About a month ago I went on a petulant rant about how frustrating it can be to work with open source WiFi sniffers. Well, I'm sorry. It turns out that using the DWL-G122 with KisMAC is pretty darned simple. For those that haven't read the previous post, here's the basic setup: -Mac OS X laptop (I'm using 10.6 now, but 10.5, 10.4, etc. have all worked for me.) -D-Link DWL-G122 802.11b/g USB adapter -Wireshark (latest version) -KisMAC (latest version) To do free sniffing with this setup, you just go into Preferences -> Driver in KisMAC and select the RT2750 driver. Then you choose a file path for the resulting Dump file and begin your capture. After the KisMAC capture has begun, you can open Wireshark and then just open the dump file. The capture won't be live because you're capturing in one application (KisMAC) and viewing the captured frames in another (Wireshark), but you can always just hit Reload in Wireshark to get the latest frames that Kis...

If I seem a little giddy this week, it's because I finally got a Novatel MiFi 2200 for my Verizon Mobile Broadband service. MiFi uses the Verizon CDMA Revision A data network to create a WiFi hotspot that you can take anywhere. I haven't taken the time to give it a full analysis, but in my initial usage I found it quite impressive. MiFi has been available for several months now, so I don't want to spend too much time on the basics. It's a rectangular device slightly larger than a credit card (and about half a centimeter deep) that acts as a WiFi hotspot connecting you to Verizon's 3G data network. I got the MiFi for my girlfriend because she uses my Verizon 3G service when I'm not on the road. She's not at all tech-savvy, so I figured it'd be an easier way for her to get online than having to run the VZAccess Manager connection software on her laptop in order to dial out with her Novatel v740 ExpressCard. As it turns out, MiFi is so great that I t...

When I think of WildPackets OmniPeek, I think of a WiFi sniffer made for highly specialized work. Lately, however, I've found that people who are new to sniffing often seem to like it more than higher profile sniffers like Wireshark and AirMagnet WiFi Analyzer. On the surface, AirMagnet WiFi Analyzer and Wireshark each have a distinct edge over WildPackets OmniPeek in attracting novice users. AirMagnet has a very nice interface and Wireshark has a very nice price (free). That's why I'm sometimes hesitant to tout OmniPeek to newbies. I feel like I'm telling them about something that is probably out of their price range, and then even if they did buy it they'd have to spend a few weeks learning how to really use it. I got a new perspective on things when I was working at a large industrial company last week. They have a policy banning rogue APs and ad-hoc networks and I had a small test bed set up for my work. On the fourth day that I was there (and you'd hav...