Sniff Wi-Fi

The Wall Street Journal wrote today that the iPad is having problems on WLANs at the campuses of George Washington and Princeton. While the GW problem has yet to be described in detail, Princeton's Office of Information Technology has described their problems. The Princeton problem is about DHCP, and it reminded me of another problem that I saw with the iPad's WiFi behavior. First, the background. WSJ.com reported that 20% of the iPad's seen on Princeton's WLAN had been banned for "malfunctions that can affect the entire school's computer system." Then the office of IT at Princeton clarified the issue by saying that iPads continue to use IP addresses after their DHCP lease time expires . This indicates that there is an error in Apple's implementation of DHCP. The reason I decided to write about this is that there is an error in Apple's WiFi that has some relation to the DHCP problem that threatens Princeton's entire computer system (a t...

If you're reading this post, there's a 100% chance that you have heard about the Apple iPad. There's also at least a 50% chance that you have heard about WiFi problems on the Apple iPad . And there's about a 10% chance that you've heard about the deceptive way that Apple markets the iPad's WiFi capabilities. That's what this post is all about. Apple's technical specifications for the iPad say that dual-band (2.4 GHz and 5 GHz) 802.11n is supported. And it is. But what Apple doesn't tell you is that the version of 802.11n built in to the iPad is such that you get almost no speed improvement over 802.11g or 802.11a. To understand what's going on with the iPad's mediocre 802.11n design, you have to understand a little bit about what goes in to 802.11n. There are three 802.11n improvements that bump up the maximum data rate from the 54 Mbps we had with 802.11a/g: more efficient (5/6 instead of 3/4) OFDM coding, double-wide (40 MHz instead ...

I am going to have to expand upon this topic in another post somewhere down the road, but 802.11n continues to annoy me. The technology is revolutionary and inexpensive and blah, blah, blah, but it's dang near impossible sniff it! Oh, does this tick me off. And to make matters worse today I finally got to use my D-Link DWA-160 dual-band 802.11n USB adapter with AirMagnet WiFi Analyzer so I really wanted to do some sniffing. Let's start off with the 802.11n thing first. 802.11n is a great technology that increases both the speed and the range (and even the security, in a way) of your WiFi. Unfortunately for people who dabble in WiFi sniffing, 802.11n also makes it virtually impossible to do traditional sniffing. The problem with 802.11n is that with most setups the Data frames going in one direction will be missed. I don't know exactly why this is and I don't know all of the technical reasons behind it, but trust me, it happens. If you set your 802.11n capture to a ...

I've mentioned in the past that 802.11b has become a thing of the past for most WiFi networks , but recently I happened upon one of these old boys and it worked great. The episode served as a reminder that sometimes you can use old technology well beyond its expiration date if you put it in the right place. You all know the limitations: 802.11b tops out at 11 Mbps. 802.11b stations sometimes lack support for WPA2 (or even WPA). I've never seen an 802.11b device support Block Acks. And many of the don't even support QoS (which is an underrated way to protect yourself against WEP or PSK cracking, btw). But you also know the benefits: they're cheap as heck! There's another reason besides cheapness that 802.11b remains an enticing choice: Sometimes you don't need the extra speed. In my recent excursion I was using WiFi to access a wireless ISP. Initially I was surprised to see 11 Mbps traffic in my Wireshark (I was too lazy to boot into Windows; what's new?...

I haven't talked much about AirMagnet products yet on this blog, and that's a shame. AirMagnet (now owned by Fluke Networks) makes some of the best WiFi sniffing products on the market. Their signature product (AirMagnet WiFi Analyzer) is best of breed for field technicians and it has seen some improvements to its hardcore frame analysis features that folks like me crave. Fluke AirMagnet WiFi Analyzer  has long been the top 802.11 protocol analyzer in terms of market share. It has also long been the top 802.11 protocol analyzer for basic WiFi sniffing. And by, "basic," I mean the type of quick, focused sniffing that's needed by field technicians and other folks who are trying to solve identify the cause of typical problems quickly.  Now, I'm no field technician, but I love AirMagnet. The WiFi Analyzer product is great for my writing work (because it's widely used), my teaching work (because it makes it easy to show off 802.11 protocols) and my sniffing...

The WiSpy spectrum analyzer has long made wireless folks feel ambivalent. We love the cheap price and the USB form factor, but we hate the fact that it lacks the device identification capability that you get with the Cisco Spectrum Expert and Fluke AirMagnet Spectrum XT. I've always been one of those folks who tends to think it's worth the money to have a more professional-grade product, but while working at a hotel last week my WiSpy really helped me out. Before I get to my story, I'd like to give a little background on WiSpy. WiSpy is a USB spectrum analyzer from Metageek . I was first told about it about four years ago by Devin Akin , who at the time was the top technical guru for the CWNP Program . When I clicked on the link he sent to my email, I was amazed. Metageek had created a 2.4 GHz spectrum analyzer for $99. Like any good compulsive gadgeteer I ordered my WiSpy shortly thereafter and started playing with it. Unfortunately, it didn't take long for me to ...

Since I'm typing this during the intermission of the U.S. Hockey team's attempt to upset the heavy favorites for the gold medal, I thought I'd appropriate the famous line from the Miracle on Ice 30 years ago for today's blog headline. After analyzing the security of the in-flight WiFi offering six months ago, it's time to revisit the GoGo offering and discuss why it really makes things safer for the data security on airplanes as a whole. Gogo is an airplane-based Internet WiFi service available from several airline carriers on flights across the continental United States. Gogo is a fee-based service that costs $30 for a 30 day pass (which I am grateful for due to having four cross-country Delta trips in a twelve day period) or $13 for a single day pass (handheld devices get a $5 discount on the daily price). Gogo security is what could be described as borderline negligent in a typical WiFi guest access environment. Essentially, they are mainly protecting themse...