Sniff Wi-Fi

Happy (belated) Cinco de Mayo!  In honor of Mexico (whose El Tri I actually like a heck of a lot less than Les Bleus ), today's discussion of Guerra de Conduccíon has a Spanish language title.   As noted by noted sarcastor Keith R. "The R Stands for Reassociation" Parsons , in some ways wardriving is a topic whose time has passed.  We've known about it for years.  Wardriving tells hackers where your network is.  Most WiFi networks are encrypted.  What else is there?  Hackers can try to connect, but if you use a long WPA2 Personal passphrase , they won't be able to.  Hackers can try to sniff, but if you're using WPA2 Enterprise, then decryption of data frames is impossible (as far as us non-NSA employees know). But imagine you are an NSA employee.  Or the CEO of a noted defense contractor .  Or holder of some other high-profile job where the nation's prosperity is dependent on your secrecy (like USC's head football coach). ...

Ahh, the good ol' days.  The days when USC was beating UCLA by 50 points, AirTran was flying nonstops from LAX to Milwaukee and WiFi sniffing folks only had to carry one USB card for 802.11 protocol analysis.  Those days are gone, my friends.  It's time to update which cards we need for which applications. December of 2011 was a time yours truly looks back on with fond memories for the reasons cited above.  In the wireless world, the good news was that WildPackets OmniPeek had begun supporting monitor mode capture from Atheros-based 802.11a/b/g/n chipsets, thus allowing one USB adapter to be used for any good WiFi sniffing app. Things change, and when WLAN infrastructure vendors began selling APs that support three-stream spatial multiplexing (thus rendering high rate data frames un-sniffable to the D-Link DWA-160 802.11a/b/g/n USB adapter), the handwriting was on the wall.  The halcyon days of only needing one USB adapter for wireless protocol analysis we...

A year ago yours truly wrote about the importance of device location when capturing Wi-Fi frames in a post titled, " Worthless Capture ".  Well, recently another Wi-Fi sniffing bugaboo has become more prevalent: devices that lack the physical capability to capture a  data frames. This whole problem really stems from 802.11n.  As many people (including the author) found out when the iPad was released in 2010, not all 802.11n devices have the same capabilities .  That is an annoyance to consumers, but it's downright dangerous to Wi-Fi professionals.  Most Wi-Fi networks require sniffing at some point (for surveying, for event preparation, for troubleshooting, etc.), but most Wi-Fi sniffing devices are incapable of sniffing high rate data frames. One more time: Most Wi-Fi sniffing devices are incapable of sniffing high rate data frames. The Linksys WUSB600N, which yours truly uses to sniff with WildPackets OmniPeek?   Only 2 radio chains (a radio chain ...

Ahh, mobility.  The bane of my (and many others') wireless humanity.  Wherefore art thou be so fickle?  Different devices roam differently.  Different apps make the same device roam differently.  And sometimes it seems that the same device and same app will roam differently depending on the situation.  So what can we do about it?  And, perhaps more importantly, how can a WiFi sniffer help? Let's face it, folks: nomadic WiFi is easy (comparatively).  At a university, you have students that want WiFi for their iPads in dorms, classrooms, labs, the basketball arena and at lunch.  But rarely in between.  A student using an iPad nomadically is just plain easier to support than a doctor who wants to pull up an X-Ray while she's moving or a retail manager that needs to see a picture from the Band of Outsiders fall collection while she walks over from the jewelry section. Compounding the mobility problem is that the iPad may not be your...

Sometimes I dream That he is me You've got to see that's how I dream to be The dream I riff, the dream I sniff Like Nate I want to be like Nate (Silver) Much has been made of the increased emphasis on statistical analysis, especially in the wake of New York Times blogger Nate Silver correctly predicting the electoral results for all 50 states in the recent United States presidential election.  Can analytics be applied to WLANs?  Of course they can.  It's just a matter of sniffing the right stuff. There are a lot of bad WiFi networks out there. There.  I said it.  It's out there and I can't take it back.  I see a lot of Wi-Fi in my travels.  Almost all of it could be improved upon and much of it seems like it was installed by folks with little understanding of how 802.11 networks work. So, what do we do to fix it? We can have best practices.  We can finally ditch automatic RF controls.  (Please, people.  If you haven't h...

The hot topic in WiFi nowadays is high density (HD), and for good reason.  It seems you can't swing a dead cat anymore without hitting some place (concert hall, convention center, tourist trap) where there's an attempt to offload cell phone data onto a WiFi network.  The most interesting thing about HD WiFi to yours truly is that it's the same fundamentals we've always known about, just recycled. If you were one of the lucky (unlucky?) ones to work in WiFi during its more formative years, you may have been taught certain basic concepts about WiFi.  For the author, fond memories still remain of sitting an Enterprise WLAN Administration course way back in 2003 (taught by noted Massachusetts Yankees fan David Westcott ) as part of my preparation for the certified wireless network administrator ( CWNA ) exam. What did Mr. Westcott teach us lo these many years ago? Plan out your space alternating between channels 1, 6 and 11 in the 2.4 GHz band. If APs are spaced t...

Yay, a new iPhone!   So sayeth me, my relatives (one of whom will receive my old iPhone), California (who will receive 8.75% in sales tax on the FULL UNLOCKED PRICE of the phone because California has a ludicrous sales tax law that taxes the pre-discount price of mobile phones) and anyone else who has been waiting for the iPhone to finally support 5 GHz WiFi.   But wait, there's more.  The iPad has long supported 5 GHz 802.11n WiFi, but the iPhone 5 does the iPad one better.  How?  Read on, amigos. Though Apple's most popular iOS device, the iPhone, has eschewed 5 GHz WiFi until iPhone 5, iOS-based access to 5 GHz channels (numbered 36 through 165) has been available in every iPad model. The iPad has always been 802.11n, which is good.  But the WiFi adapter in the iPad has always supported the bare minimum 802.11n , which is bad.  (Specifically, 65 Mbps Data Rate bad.)  This meant that an iPad is going to take about three times as much cha...