Sniff Wi-Fi

I got a question from a reader (Steve) about sniffing on a Macbook. It's a pretty simple subject, so I figured I'd address it here as well. Steve's email was in response to my previous post on sniffing possibilities for the upcoming Apple iPad . He asked if I'd used VMWare Fusion or any other virtualization software on a Mac OS X notebook so that I could run professional-grade WiFi sniffing software like WildPackets OmniPeek or AirMagnet WiFi Analyzer. My answer was that, unfortunately, virtualization software is not a good option when it comes to sniffing. The basic problem is that for WiFi sniffing to work, your wireless adapter has to be put into monitor mode. That means having access to the drivers for your adapter (and, in most cases, changing them). When you use virtualization software to run Windows you lose your ability to access external network interfaces (such as the USB, PC Card or ExpressCard WiFi adapters that are typically used for sniffing). I'v...

How could I not? With every technology writer (and some non-tech writers) from here to Marrakesh covering Apple's latest miracle how could I not post something about how the iPad may affect those of us who sniff WiFi for a living? Well, here's a few things about WiFi analysis and the iPad to consider given what we know about yesterday's introduction and the current capabilities of the iPodTouch/iPhone. All commentary about the iPad and WiFi sniffing should be prefaced by noting how ambivalent veterans of WiFi surveying and analysis must be about this thing. On the one hand, it's exactly what we've always wanted. It's thin, it's light, it has a touch screen, its batter lasts forever and it has horsepower. That's basically what we've always wanted out of previous generations of tablet computers that have always come up short in one or more of those areas. The problem is that it runs the iPhone OS instead of a real (read: multitasking) OS. Why, Appl...

A while back I wrote about how much I liked the Verizon MiFi 2200 mobile hotspot (made by Novatel). I also wrote that, due to the fact that my girlfriend liked it even more than I did, I would have to wait to sniff the MiFi to see how it uses WiFi. Well, I finally got a chance to sniff the MiFi, and it turned out to be a pretty ordinary access point with the exception of one little oddity that shows up in its Beacons. In my initial writeup of the MiFi I covered basic operation, the connection experience and a few GUI configuration options. What I didn't cover was the sniffing. When I did finally sit down to sniff the MiFi I got a little bit lazy. I could've booted my notebook into Windows XP and ran WildPackets OmniPeek like a good boy, but instead I decided to stay in Mac OS X 10.6 (Snow Leopard) and run KisMAC 0.3. For those that may have missed my earlier writeup on using KisMAC , the complete setup is as follows: -OS: Mac OS X 10.6 -Sniffer: KisMAC 0.3 -Protocol An...

If you know me through this blog, then you know that I like to sniff WiFi networks. If you know me through just about anywhere else, then you know that I love sports. Put those two together and you'll see why I am so excited about an article in today's New York Times chronicling the use of WiFi terminals to place bets at Las Vegas sportsbooks. Matt Villano, a technology writer for the New York Times, wrote a piece today on how Las Vegas sportsbooks are using both RFID and WiFi to offer sports bettors more opportunities for action (and by "action", I mean "losses of money and/or spouse"). I encourage you all to check out the article in it's entirety, but the basic gist is that a company named Cantor Gaming has created little terminals slightly larger than an iPhone that allow gamblers to make wagers on a touch screen while they are inside the casino. Cantor addresses two of the problems that might first come to mind with this technology ("How d...

AirMagnet WiFi Analyzer has long been one of the premier WiFi sniffers. Up until recently, however, you pretty much had to have a laptop with a PC card slot if you were going to use it to it's full potential. Now Fluke Networks has released AirMagnet WiFi Analyzer 8.6, which supports the Ubiquiti SR71-USB dual-band 802.11n USB adapter.  If you've read this blog before (or if you've just looked at the About Me over there on the left), you know that I'm a big fan of WildPackets OmniPeek for WiFi sniffing. One reason is that it's a great product with tons of way to manipulate sniffed WiFi frames in order to get the statistical information you need. Another, though admittedly less important, reason is that they have had (at least until now) the best adapter support. The Linksys WUSB600N is a dual-band 802.11n USB adapter that is cheap (about $75) and versatile sniffing any type of 802.11a/b/g/n traffic. Wireshark may have the AirPcap NX, but it's expensive ($699)...

I'm doing some work this week away from WiFi and on more general networking. Getting away from WiFi always reminds me how different WiFi sniffing is from anything else. With WiFi, you rarely need to worry about anything above Layer 2. I've found that most folks who work with WiFi are like me -- they started out working on networks and then one way or another they moved into wireless. (Those of you who took the other route -- wireless first, then networking -- can probably ignore most of this.) For me, it's been so long since I've made the move that I sometimes forget how different things can be. Fundamentally, you're looking for the same things on a WiFi network that you're looking for on a wired network: security, performance, consistency and accessibility. The trick is that you're looking at them in different ways. For wired networks, it's usually Layer 3 (the IP/Network layer) and above that matters. You look for protocols and VPNs and management...

I got a chance to use Google's free airport WiFi for the holidays while on a stopover in Phoenix. It worked quite well, but I didn't have time to boot up the sniffer between flights. O.K., I'll admit that "didn't have time" is carny for "was too lazy", as it is in almost all cases. If I were being a good sniffer I would've used my fifteen free minutes to boot into Windows, start up OmniPeek and get a little bit of useful information. The WiFi network at Phoenix Sky Harbor International Airport (PHX) seemed pretty ordinary so I doubt that there was anything very interesting going on. You associate, you bring up your web browser, you accept Google's terms of service and you're on. Pretty simple. Speeds on the PHX network were good and nothing seemed to be restricted. I was able to send a quick email, download a podcast and browse to my typical stuff (WiFi news, sports and pro wrestling). One twist on Google's free holiday WiFi at...