Sniff Wi-Fi

Since I'm typing this during the intermission of the U.S. Hockey team's attempt to upset the heavy favorites for the gold medal, I thought I'd appropriate the famous line from the Miracle on Ice 30 years ago for today's blog headline. After analyzing the security of the in-flight WiFi offering six months ago, it's time to revisit the GoGo offering and discuss why it really makes things safer for the data security on airplanes as a whole. Gogo is an airplane-based Internet WiFi service available from several airline carriers on flights across the continental United States. Gogo is a fee-based service that costs $30 for a 30 day pass (which I am grateful for due to having four cross-country Delta trips in a twelve day period) or $13 for a single day pass (handheld devices get a $5 discount on the daily price). Gogo security is what could be described as borderline negligent in a typical WiFi guest access environment. Essentially, they are mainly protecting themse...

At the risk of sounding like a flip-flopper , I have to reassess my previous post about Airpcap. I was doing some sniffing on a few flights recently and I realized that there are some pretty nice things about CACE Technologies' signature product. Nine days ago, I was frustrated. After using Wireshark to view WiFi packet dumps from KisMAC for years, I thought that I was finally being upgraded to first class. I had my Airpcap NX, my CACE Pilot and a few days off from my real work to finally become the acolyte of the open source sniffing movement that I've always wanted to be. (O.K., not really.) I spent my time with the CACE Tech Triumvirate and at every turn I became more and more angered. Every standard sniffing activity seemed three steps harder and two times slower than it should have been. Association tracking, retry analysis; you name it. They all were a pain. I finally gave up and wrote a regrettably titled column citing my displeasure with the whole lot of them. I then...

I try my best to stick to real WiFi sniffing when doing this blog, but sometimes a new product comes along that is close enough that it deserves a mention. Meraki, the WiFi infrastructure vendor that specialized in cloud-based management of APs, has released a web-based tool called Meraki WiFi Stumbler. It's not a sniffer in that it doesn't capture frames or identify stations, but it does do typical stumbling functions without requiring an installed application, which is unique. Meraki Stumbler is a free, Java-based tool that is available at the Meraki website. It's completely web-based, so you don't need to run a separate application. The app is intentionally simple. It gives you basic 802.11 discovery information like SSID, security, signal strength, BSSID and channel. It does support both the 2.4 GHz and 5 GHz bands, so you'll see and 802.11a/b/g/n APs in the area. The one oddity is that it ostensibly reads signal strength in dB (I'm assuming they mean ...

With Valentine's Day ( the movie ) tearing up the box office, I had to harken back to the title of last year's early February rom-com  to describe my feelings about WiFi sniffing with Airpcap, CACE Pilot and Wireshark. I really want to like these products because they are inexpensive and ambitious. In the end, however, they are also too rooted in wired analysis. When I'm doing real WiFi sniffing, I'd rather have something that is elegant, reliable and focused on the basic tasks of wireless analysis. Here's my basic analogy based on He's Just Not That Into You and it's ilk: I'm like the typical guy character in those movies. (Now, that means that I run the risk of coming off like an insensitive jerk here, but if that's the risk of writing an honest blog, so be it.) Airpcap is like the frumpy, energetic, unlucky-in-love girl. It's great to have around, but would I want to choose it as my sniffing partner? No. WildPackets OmniPeek is more like An...

I got a question from a reader (Steve) about sniffing on a Macbook. It's a pretty simple subject, so I figured I'd address it here as well. Steve's email was in response to my previous post on sniffing possibilities for the upcoming Apple iPad . He asked if I'd used VMWare Fusion or any other virtualization software on a Mac OS X notebook so that I could run professional-grade WiFi sniffing software like WildPackets OmniPeek or AirMagnet WiFi Analyzer. My answer was that, unfortunately, virtualization software is not a good option when it comes to sniffing. The basic problem is that for WiFi sniffing to work, your wireless adapter has to be put into monitor mode. That means having access to the drivers for your adapter (and, in most cases, changing them). When you use virtualization software to run Windows you lose your ability to access external network interfaces (such as the USB, PC Card or ExpressCard WiFi adapters that are typically used for sniffing). I'v...

How could I not? With every technology writer (and some non-tech writers) from here to Marrakesh covering Apple's latest miracle how could I not post something about how the iPad may affect those of us who sniff WiFi for a living? Well, here's a few things about WiFi analysis and the iPad to consider given what we know about yesterday's introduction and the current capabilities of the iPodTouch/iPhone. All commentary about the iPad and WiFi sniffing should be prefaced by noting how ambivalent veterans of WiFi surveying and analysis must be about this thing. On the one hand, it's exactly what we've always wanted. It's thin, it's light, it has a touch screen, its batter lasts forever and it has horsepower. That's basically what we've always wanted out of previous generations of tablet computers that have always come up short in one or more of those areas. The problem is that it runs the iPhone OS instead of a real (read: multitasking) OS. Why, Appl...

A while back I wrote about how much I liked the Verizon MiFi 2200 mobile hotspot (made by Novatel). I also wrote that, due to the fact that my girlfriend liked it even more than I did, I would have to wait to sniff the MiFi to see how it uses WiFi. Well, I finally got a chance to sniff the MiFi, and it turned out to be a pretty ordinary access point with the exception of one little oddity that shows up in its Beacons. In my initial writeup of the MiFi I covered basic operation, the connection experience and a few GUI configuration options. What I didn't cover was the sniffing. When I did finally sit down to sniff the MiFi I got a little bit lazy. I could've booted my notebook into Windows XP and ran WildPackets OmniPeek like a good boy, but instead I decided to stay in Mac OS X 10.6 (Snow Leopard) and run KisMAC 0.3. For those that may have missed my earlier writeup on using KisMAC , the complete setup is as follows: -OS: Mac OS X 10.6 -Sniffer: KisMAC 0.3 -Protocol An...