Archive for the ‘Packet Analysis’ Category

CWAP Beta Course – Day 2

Today was the 2nd day in the CWAP (Certified Wireless Analysis Professional) beta course.  Today’s material was a lot more hand-on / lab type exercise in capturing and analyzing traffic.  From what I could tell, there were three main tools used by the course attendees:

They all seem to have their pros and cons, and they all seem to cost about the same amount of money (especially if you want to do multichannel packet capture on ~3 channels).  Which tool do you prefer?  Why?

The course contains an enormous amount of detail, such as the exact length (in microseconds) for slot times for each PHY type as well as a discussion on the application of that detail (i.e. how do the different slot times affect WLAN performance with and without QoS enabled).

Again, I thought one of the most valuable things were the networking opportunities with the other attendees and the sidebar conversations.  A colleague (and good friend) of mine, Ken Hall, was even inspired to sign up for a Twitter account (@wifiscubaguy) to continue the interaction outside of this course / classroom.  His account will definitely be on my next list of #WirelessWednesday mentions.

Tomorrow is the last day of the course.  From what I know, we are covering a lot of 802.11n concepts, as well as spectrum analysis, which should be a blast.

CWAP Beta Course

This week, I am at the CWNP offices in Atlanta, GA for training. If you’re unfamiliar with CWNP, they focus on vendor-neutral training and certification in the wireless networking space.

The program recently went through some changes, and they recently launched two new certifications:

I am here taking a Beta version of the CWAP course with some of the brightest minds of the WLAN world.  One of the authors of the new CWAP Study Guide, Peter MacKenzie, is teaching the course.  Two of the other authors are attending the course – Marcus Burton and David Coleman.  There are also some of my favorite wireless bloggers in attendance, including:

Today, we covered a lot of ground with regards to the Physical and Data Link Layers and what the bitwise fields look like at that those levels.  However, from my perspective, some of the most interesting discussion was not around the bits and bytes, but rather how an understanding of those fundamentals can be applied to real world wireless troubleshooting and analysis.

The afternoon consisted of some hands on work with protocol analyzers.  Peter taught this in a very dynamic way just stepping through captures we were all taking on the fly — very impressive!

If you are interested in knowing more, you can follow some of the happenings of the course by searching the #cwapbeta hashtag on Twitter.

WiFi Pilot Post on CWNP.com

As you can see from the graphic on the left, I have a new blog post available on the CWNP homepage, http://www.cwnp.com 

If you are unfamiliar with the CWNP program, they are a vendor-neutral certification body for wireless networking and security.  

My most recent blog post at CWNP talks about a new product offering from CACE Technologies and MetaGeek, called “WiFi Pilot”.  The WiFi Pilot WLAN Analysis kit contains a WiSpy Spectrum Analyzer, an AirPcap wireless packet capture device, and the WiFi Pilot analysis software.  

Check out the review on CWNP for an extended discussion of product functionality, pricing, etc.  

One other thing that I mention in the post is the Sharkfest Conference for Wireshark Users and Developers.  The conference is being held Jun 15th – 18th.  I am attending the conference and *super* excited about it – feel free to email me at douglashaider <at> hotmail <com> if you are attending. I would love to meet up and chat!

Related Posts: 

Sharkfest ’09

I admit it, I am getting jealous with all my colleagues Twittering about the RSA Conference this week at the Moscone Center in San Fransisco.  While the idea of heading to RSA hit me too late to make the logistics work, something that I am planning ahead for is Sharkfest 2009.   What is Sharkfest, you ask?  

Sharkfest is a conference dedicated to the optimization of the Wireshark Protocol Analyzer, which is now owned and managed by CACE Technologies. It is a 3 day conference being held near San Fransisco at Stanford University. The official dates for the conference are June 15th – 18th, 2009.  

sharkfest_banner

The conference has three tracks – one for basic users, one for advanced users, and one for developers.  I am pretty sure that you can mix and match sessions from all three tracks.  The cost of the conference is only $695 per person, and each paid attendee gets a free AirPcap Classic adapter ($198 value), which lets you do 802.11 b/g packet capture in Windows, directly through Wireshark. Groups of 3 or more are also eligible for a 10% discount.  

If you have been following my blog, you know that I am a wireless packet junkie.  I am attending Sharkfest with a couple other Principal Technologists from Xirrus.  It looks like they have a great speaker lineup with Mike Kershaw (Kismet creator), Fyodor, Laura Chapell, etc.  Of course, they will have Wireshark engineers and developers on-hand as well.  

If you are interested in registering for Sharkfest, I would suggest doing it soon.  This is the second year for the conference and the conference organizers told me that they are limiting the number of attendees so that it doesn’t grow out of hand too quickly.  As someone who attended the first several Shmoocon conferences, I can tell you that you want to get in on the ground floor.   

Related Posts: 

Packet Analysis 2.0

It seems like I am going to bring my wireless packet analysis to a whole other level – “Packet Analysis 2.0”, if you will. Two of my favorite wireless capture and analysis tools have recently been updated – OmniPeek Professional and Wireshark.

I have been at meetings at our company HQ (Xirrus) most of this week, so I haven’t had a lot of hands-on time with either updated tool.

OmniPeek Professional has just been updated to version 6.0.1, as of April 3rd. It seems to offer much more flexibility of viewing multiple data windows through mechanisms similar to tabbed browsing.

I also downloaded a few plug-ins for OmniPeek Professional, including the multichannel aggregator – once I acquire one more USB 802.11n dual-band adapters, I will try to write a blog post documenting my experiences with the aggregation feature.

The new version of Wireshark seems to focus on a lot of bug fixes, although it includes an experimental package for Mac OS X 10.5.5 and above. Version 1.0.7 of Wireshark was announced April 8th. On the Wireshark front, I am attending Sharkfest this June, which I am pretty excited about.

Now that I am thinking about wireless product upgrades, I realized that AirMagnet also came out with an updated version to their Site Surveyor product about six weeks ago (version 6.1_13206)

So many product updates, so little time…

Related Posts: 

802.11n Deployment Considerations – Troubleshooting & Analysis Tools

This is the second in a series of 802.11n Deployment Considerations to include cabling, power, system architecture, etc. The focus of this particular post is to discuss the deployment considerations related to troubleshooting and analysis tools when deploying 802.11n wireless LANs.  

Packet Analysis 

One of the main troubleshooting & analysis tools for WLAN engineers is a wireless packet capture program. Personally, I use both OmniPeek Professional as well as the AirPcap device from CACE Technologies.  With wireless packet capture programs, it is important for you to ensure both the wireless NIC you are using and the software support 802.11n functionality.  Otherwise, 802.11n features such as channel bonding, frame aggregation, and block acknowledgement might not display properly (or show up in your display at all).  AirPcap sells a specific model for 802.11n, called their AirPcap Nx.  

Spectrum Analysis 

Another important troubleshooting tool for WLAN engineers is a Spectrum Analyzer.  I use both the AirMagnet Spectrum Analyzer and the Wi-Spy Spectrum Analyzer from MetaGeek.  If you read my rant (post) regarding 2.4 GHz vs. 5 GHz for 802.11n networks, hopefully you realize the increasing importance of the 5 GHz spectrum.  Therefore, I would suggest you utilize a dual band spectrum analyzer.   The only Wi-Spy product that is dual band is the Wi-Spy DBx.  

Another spectrum analyzer troubleshooting tool that I am curious to try is the AirMagnet Airmedic Product.  If anyone has used the Airmedic product, leave a comment letting me know your thoughts!  

Wireless IDS/IPS 

While most people think of wireless intrustion detection & intrusion detection as a security tool, they can also be used monitor and preserve the overall well being of the WLAN.   Therefore, it makes sense to deploy 802.11n capable sensors for security, troubleshooting, & analysis.  

Related Posts: 

Adventures in Capturing Wireless Packets

Just a quick FYI for those *true* WiFi packet analysis junkies out there – I installed OmniPeek Professional 5.1.4 on my HP 6910 laptop.  The software “works” with embedded Intel wireless NIC, but reports invalid data rates for 802.11n traffic.

The work around that I came too was to purchase a 3rd party, dual-band 802.11n USB adapter that has a supported API within the OmniPeek software.

I also have an AirPcap Nx device from CACE Technologies that I like *very* much – USB form factor that allows for wireless packet capture in Windows.  AirPcap integrates directly into Wireshark, which is nice since I “grew up” taking wireless captures in Lib PCAP format under Linux and looking at them in Ethereal.