Archive for the ‘Troubleshooting’ Category

CWAP Beta Course – Day 2

Today was the 2nd day in the CWAP (Certified Wireless Analysis Professional) beta course.  Today’s material was a lot more hand-on / lab type exercise in capturing and analyzing traffic.  From what I could tell, there were three main tools used by the course attendees:

They all seem to have their pros and cons, and they all seem to cost about the same amount of money (especially if you want to do multichannel packet capture on ~3 channels).  Which tool do you prefer?  Why?

The course contains an enormous amount of detail, such as the exact length (in microseconds) for slot times for each PHY type as well as a discussion on the application of that detail (i.e. how do the different slot times affect WLAN performance with and without QoS enabled).

Again, I thought one of the most valuable things were the networking opportunities with the other attendees and the sidebar conversations.  A colleague (and good friend) of mine, Ken Hall, was even inspired to sign up for a Twitter account (@wifiscubaguy) to continue the interaction outside of this course / classroom.  His account will definitely be on my next list of #WirelessWednesday mentions.

Tomorrow is the last day of the course.  From what I know, we are covering a lot of 802.11n concepts, as well as spectrum analysis, which should be a blast.

Advertisements

CWAP Beta Course

This week, I am at the CWNP offices in Atlanta, GA for training. If you’re unfamiliar with CWNP, they focus on vendor-neutral training and certification in the wireless networking space.

The program recently went through some changes, and they recently launched two new certifications:

I am here taking a Beta version of the CWAP course with some of the brightest minds of the WLAN world.  One of the authors of the new CWAP Study Guide, Peter MacKenzie, is teaching the course.  Two of the other authors are attending the course – Marcus Burton and David Coleman.  There are also some of my favorite wireless bloggers in attendance, including:

Today, we covered a lot of ground with regards to the Physical and Data Link Layers and what the bitwise fields look like at that those levels.  However, from my perspective, some of the most interesting discussion was not around the bits and bytes, but rather how an understanding of those fundamentals can be applied to real world wireless troubleshooting and analysis.

The afternoon consisted of some hands on work with protocol analyzers.  Peter taught this in a very dynamic way just stepping through captures we were all taking on the fly — very impressive!

If you are interested in knowing more, you can follow some of the happenings of the course by searching the #cwapbeta hashtag on Twitter.

Email Questions: 802.11n Deployment Using 2.4GHz and 5GHz Simultaneously

I received a following set of questions via email and thought that rather than only respond to the one individual, but post it on WiFiJedi.com for general consumption.

Here’s what I received:

I have recently done a deployment where the customer is using 802.11n in both 2.4 and 5 GHz range.  I have configured a WLan with that is providing coverage for all the radios including a/b/g/n on a 4402 controller in WiSM Module.  The clients are also unable to run on all the radios.  Everything is working fine, but we are seeing clients that have been connected to either a 2.4ghz radio or 5ghz radio, tend to switch between them when running for a while.  I am trying to understand this scenario, since there is no setting on the controller that I can find would allow the preference of the radio.  we are currently running the latest 6.0 code on the WLCs.  Secondly the data rates are set to 24Mbps or higher for both radios, that means 802.11b is not allowed.  The client machine was sitting at one position for 24hrs that means the user was not moving around hence the roaming should not be involved I think.  Lastly we did the survey for 802.11a coverage and I don’t think there is any issue with the coverage, since it connects to 802.11a at excellent.  The question really is that once the client connects to 802.11a on excellent and is running on that radio for an hour perfectly and the user is not moving at all why is it that it switches itself to 802.11g and then again to 802.11a??  I wanted to get your opinion as if do you know any bugs or vulnerabilities by having both radios enable?

And here is my response:

Thank you for your message.  Unfortunately, at this time most/all of the roaming decisions are made by the stations (laptops, etc.) and not the infrastructure (Access Points and WLAN Controllers).  The IEEE is devising a standard to change this, but it will take some time.

What type of stations are you using?  Are they laptops, or something else such as handheld scanners, Voice-over-WiFi phones, etc?  If they are laptops, are they Windows or Macintosh?   If you are using Windows based laptops, you may be able to set a preference for 5 GHz within the client driver.  For example I have an Intel 4965 AGN adapter — if I right-click on my wireless adapter and select “properties”, then click “configure” I can select the Wireless mode to be 802.11a/n only.  I can also set the roaming aggressiveness so that it roams less frequently.  Macintosh computers have a natural preference for 2.4 GHz and it is more difficult to encourage them to connect to something at 5 GHz – in a case like that, you may consider adding a 5 GHz SSID on its own VLAN.  Again, these roaming decisions are made by the station, so your best bet is to look at the laptop settings to see what you can tweak.

One other potential “gotcha” that came to mind was how you enabled 802.11g only.  The data rates have to be carefully managed for full interoperability between the station and the infrastructure.  There are two types of data rates – the “basic” rates and the “supported” rates.  The basic rates should include all 802.11g rates, even below 24 Mbps (therefore you should double-check that the basic rates include 6,9,12, and 18 Mbps).  The requirements for supported rates are less strict.

Wireless LANs as a “System”

What makes up a wireless LAN (WLAN)?  Is it just the Access Point(s) and any associated WLAN controller(s)?  Does it include anything else?  Personally, I think of wireless LANs as a system.   In my mind, there are three main parts to this system:

  1. The infrastructure
  2. The clients
  3. The environment

The Infrastructure

This includes not only the access point(s) and the WLAN controller(s), but any of the routing & switching gear used for uplinks.  Also included in the infrastructure would be any of the network infrastructure / services leveraged by the wireless LAN (examples include RADIUS, Network Time Protocol, Syslog, etc.) 

The Clients

The IEEE 802.11 specification refers to these as “stations”.   Clients/stations could be computers such as laptops or tablet PCs.  Other examples of wireless stations include dual-mode phones, handheld scanners, etc.  When thinking about the clients, realize this includes not only the hardware, but the software (such as a client driver or management supplicant). 

The Environment

This most commonly refers to the Radio Frequency environment.  The RF environment can be evaluated with a spectrum analyzer, which can show you the signal level of your APs, the noise floor, and any interference in the area.  Interference can come from other Wi-Fi devices, or non Wi-Fi devices (such as microwave ovens, cordless phones, and Bluetooth).  I also think of the Physical environment, which is the type of construction materials used, the amount of vegitation in the area, the terrain/line-of-sight, etc. 

I often get called out in troubleshooting situations.  In many of these cases, the infrastructure has been evaluated as a potential source for issues (for example, are the authentication/encryption settings correct), but the clients and the environment have been neglected

Conclusion

In these troubleshooting scenarios, it is imperative to take a thorough look at all three components.  Not only should you take a look at the configuration file of the infrastructure, but ensure that wireless clients have the most up-to-date drivers.  Look to see that clients power-save and roaming agressiveness settings are appropriate for the application.  Double-check to see there is no interference from Wi-Fi or non Wi-Fi sources, etc.  In short, evaluate your WLAN as a system.

CWAP Study Guide (Book Review)

I read this book to prepare re-certify my CWNE (Certified Wireless Network Expert).

This is an *excellent* read, especially for seasoned wireless LAN engineers. It goes into a lot of the “beeps and squeaks” of wireless networking. It takes an in-depth look into the MAC and PHY layers, including all the bitwise fields of the 802.11 MAC header. A well written book that I have gone through at least 3 or 4 times.

There are not too many books that go this in-depth on Layers 1 and 2 of wireless networking.  The IEEE 802.11 Handbook is the “official” study guide for the CWNE, but I don’t think it is a clear as the CWAP Study Guide.

It isn’t a book that I would suggest for beginners.  For those folks, I would suggest either the McGraw Hill or the Sybex “CWNA Study Guide”.

Happy reading!

How to Disable 802.11d Flag on Motorola/Symbol Handhelds

I recently had a customer that wanted to disable the 802.11d flag (setting) on their Motorola/Symbol handheld scanners.    Even when my customer disabled that setting manually, it came back upon reboot.  Apparently they were using Wavelink’s Avalanche system to centrally manage the scanners, which would download a fresh configuration each time it was powered up (including re-setting the 802.11d flag).

In this post, I will explain the research I conducted as well as two possible solutions.  First, here is a little background on 802.11d taken from Wikipedia:

802.11d, is an amendment to the IEEE 802.11 specification that adds support for “additional regulatory domains”. This support includes the addition of a country information element to beacons, probe requests, and probe responses. The country information elements simplifies the creation of 802.11 wireless access points and client devices that meet the different regulations enforced in various parts of the world.

The current 802.11 standard defines operation in only a few regulatory domains (countries). This supplement adds the requirements and definitions necessary to allow 802.11 WLAN equipment to operate in markets not served by the current standard. Enable the 802.11d feature/option if you are operating in one of these “additional regulatory domains”.

At any rate, I ran the issue with the 802.11d flag to ground.  These are the steps I took:

I found the 802.11d flag is a radio level setting specific to the handheld device – in this case, the Symbol/Motorola scanners.

Therefore, I tried to figure out if we could disable the 802.11d through Wavelink’s Avalanche tool.  I found the following Q&A on their support forum (and called into their tech support this morning to verify):

Q: Can you disable the 802.11d radio file through The AMC product?
A: No. This is a symbol radio file and we do not have the tools in our mobility center to disable specific radio files. These need to be disabled manually.

Then, I tried to figure out if there was a way to disable the setting centrally from Motorola.  I believe you can do this through Motorola’s MSP (Mobility Services Platform).  For reference, here are instructions to disable 802.11d through MSP: http://support.symbol.com/support/search.do?cmd=displayKC&docType=kc&externalId=11407&sliceId=SAL_Public&dialogID=107746501&stateId=1%200%20107736747

Therefore, we had to disable the 802.11d setting in each device manually and keep it disabled through a cold boot.

Here are the steps on how to accomplish that :

1. Tap the Fusion icon (blue radio card icon) located on the lower
right hand corner of the display. Or Start\Programs Fusion WCLAUNCH
2. From the menu, select Options.
3. Tap the drop down arrow and select Regulatory.
4. Configure your regulatory settings and tap Save. (Uncheck the
802.11d)
5. Tap the drop down arrow and select Export.
6. Tap the Export Options button to name the .reg file you will be
exporting. (Leave the default Name)
7. Make sure the location selected is the Application directory.
8. Tap Save. An Options Exported message will appear.
9. Tap OK.

WiFi Pilot Post on CWNP.com

As you can see from the graphic on the left, I have a new blog post available on the CWNP homepage, http://www.cwnp.com 

If you are unfamiliar with the CWNP program, they are a vendor-neutral certification body for wireless networking and security.  

My most recent blog post at CWNP talks about a new product offering from CACE Technologies and MetaGeek, called “WiFi Pilot”.  The WiFi Pilot WLAN Analysis kit contains a WiSpy Spectrum Analyzer, an AirPcap wireless packet capture device, and the WiFi Pilot analysis software.  

Check out the review on CWNP for an extended discussion of product functionality, pricing, etc.  

One other thing that I mention in the post is the Sharkfest Conference for Wireshark Users and Developers.  The conference is being held Jun 15th – 18th.  I am attending the conference and *super* excited about it – feel free to email me at douglashaider <at> hotmail <com> if you are attending. I would love to meet up and chat!

Related Posts: 

Sharkfest ’09

I admit it, I am getting jealous with all my colleagues Twittering about the RSA Conference this week at the Moscone Center in San Fransisco.  While the idea of heading to RSA hit me too late to make the logistics work, something that I am planning ahead for is Sharkfest 2009.   What is Sharkfest, you ask?  

Sharkfest is a conference dedicated to the optimization of the Wireshark Protocol Analyzer, which is now owned and managed by CACE Technologies. It is a 3 day conference being held near San Fransisco at Stanford University. The official dates for the conference are June 15th – 18th, 2009.  

sharkfest_banner

The conference has three tracks – one for basic users, one for advanced users, and one for developers.  I am pretty sure that you can mix and match sessions from all three tracks.  The cost of the conference is only $695 per person, and each paid attendee gets a free AirPcap Classic adapter ($198 value), which lets you do 802.11 b/g packet capture in Windows, directly through Wireshark. Groups of 3 or more are also eligible for a 10% discount.  

If you have been following my blog, you know that I am a wireless packet junkie.  I am attending Sharkfest with a couple other Principal Technologists from Xirrus.  It looks like they have a great speaker lineup with Mike Kershaw (Kismet creator), Fyodor, Laura Chapell, etc.  Of course, they will have Wireshark engineers and developers on-hand as well.  

If you are interested in registering for Sharkfest, I would suggest doing it soon.  This is the second year for the conference and the conference organizers told me that they are limiting the number of attendees so that it doesn’t grow out of hand too quickly.  As someone who attended the first several Shmoocon conferences, I can tell you that you want to get in on the ground floor.   

Related Posts: 

Packet Analysis 2.0

It seems like I am going to bring my wireless packet analysis to a whole other level – “Packet Analysis 2.0”, if you will. Two of my favorite wireless capture and analysis tools have recently been updated – OmniPeek Professional and Wireshark.

I have been at meetings at our company HQ (Xirrus) most of this week, so I haven’t had a lot of hands-on time with either updated tool.

OmniPeek Professional has just been updated to version 6.0.1, as of April 3rd. It seems to offer much more flexibility of viewing multiple data windows through mechanisms similar to tabbed browsing.

I also downloaded a few plug-ins for OmniPeek Professional, including the multichannel aggregator – once I acquire one more USB 802.11n dual-band adapters, I will try to write a blog post documenting my experiences with the aggregation feature.

The new version of Wireshark seems to focus on a lot of bug fixes, although it includes an experimental package for Mac OS X 10.5.5 and above. Version 1.0.7 of Wireshark was announced April 8th. On the Wireshark front, I am attending Sharkfest this June, which I am pretty excited about.

Now that I am thinking about wireless product upgrades, I realized that AirMagnet also came out with an updated version to their Site Surveyor product about six weeks ago (version 6.1_13206)

So many product updates, so little time…

Related Posts: 

802.11n Deployment Considerations – Troubleshooting & Analysis Tools

This is the second in a series of 802.11n Deployment Considerations to include cabling, power, system architecture, etc. The focus of this particular post is to discuss the deployment considerations related to troubleshooting and analysis tools when deploying 802.11n wireless LANs.  

Packet Analysis 

One of the main troubleshooting & analysis tools for WLAN engineers is a wireless packet capture program. Personally, I use both OmniPeek Professional as well as the AirPcap device from CACE Technologies.  With wireless packet capture programs, it is important for you to ensure both the wireless NIC you are using and the software support 802.11n functionality.  Otherwise, 802.11n features such as channel bonding, frame aggregation, and block acknowledgement might not display properly (or show up in your display at all).  AirPcap sells a specific model for 802.11n, called their AirPcap Nx.  

Spectrum Analysis 

Another important troubleshooting tool for WLAN engineers is a Spectrum Analyzer.  I use both the AirMagnet Spectrum Analyzer and the Wi-Spy Spectrum Analyzer from MetaGeek.  If you read my rant (post) regarding 2.4 GHz vs. 5 GHz for 802.11n networks, hopefully you realize the increasing importance of the 5 GHz spectrum.  Therefore, I would suggest you utilize a dual band spectrum analyzer.   The only Wi-Spy product that is dual band is the Wi-Spy DBx.  

Another spectrum analyzer troubleshooting tool that I am curious to try is the AirMagnet Airmedic Product.  If anyone has used the Airmedic product, leave a comment letting me know your thoughts!  

Wireless IDS/IPS 

While most people think of wireless intrustion detection & intrusion detection as a security tool, they can also be used monitor and preserve the overall well being of the WLAN.   Therefore, it makes sense to deploy 802.11n capable sensors for security, troubleshooting, & analysis.  

Related Posts: 

Advertisements