Archive for the ‘Wireshark’ Tag

CWAP Beta Course – Day 2

Today was the 2nd day in the CWAP (Certified Wireless Analysis Professional) beta course.  Today’s material was a lot more hand-on / lab type exercise in capturing and analyzing traffic.  From what I could tell, there were three main tools used by the course attendees:

They all seem to have their pros and cons, and they all seem to cost about the same amount of money (especially if you want to do multichannel packet capture on ~3 channels).  Which tool do you prefer?  Why?

The course contains an enormous amount of detail, such as the exact length (in microseconds) for slot times for each PHY type as well as a discussion on the application of that detail (i.e. how do the different slot times affect WLAN performance with and without QoS enabled).

Again, I thought one of the most valuable things were the networking opportunities with the other attendees and the sidebar conversations.  A colleague (and good friend) of mine, Ken Hall, was even inspired to sign up for a Twitter account (@wifiscubaguy) to continue the interaction outside of this course / classroom.  His account will definitely be on my next list of #WirelessWednesday mentions.

Tomorrow is the last day of the course.  From what I know, we are covering a lot of 802.11n concepts, as well as spectrum analysis, which should be a blast.

Advertisements

Laura Chappell Webinars on Wireshark Certification

If you haven’t heard, there is now a Wireshark certification.  From the Wireshark University website:

The Wireshark Certification Program strives to test a candidate’s knowledge and ability to troubleshoot, optimize and secure a network based on evidence found by analyzing traffic captured with the world’s most popular and widely-deployed analyzer, Wireshark.

To that end, Laura Chappell is hosting a series of FREE Webinars over the next 3 days to discuss the exam.  Again, taken from the Wireshark University website:

These free events cover the process of preparing and registering for the Wireshark Certified Network Analyst Exam. What should you study? How should you study? What are the hot areas on the Exam? What are the Exam question formats? What should you watch for? What if you need to reschedule the Exam? What can you bring with you?

Live question and answer will follow a 20-minute presentation hosted by Laura Chappell.

All the information you need should be available on the following website:

http://www.wiresharktraining.com/certification.html

Sharkfest ’09

I admit it, I am getting jealous with all my colleagues Twittering about the RSA Conference this week at the Moscone Center in San Fransisco.  While the idea of heading to RSA hit me too late to make the logistics work, something that I am planning ahead for is Sharkfest 2009.   What is Sharkfest, you ask?  

Sharkfest is a conference dedicated to the optimization of the Wireshark Protocol Analyzer, which is now owned and managed by CACE Technologies. It is a 3 day conference being held near San Fransisco at Stanford University. The official dates for the conference are June 15th – 18th, 2009.  

sharkfest_banner

The conference has three tracks – one for basic users, one for advanced users, and one for developers.  I am pretty sure that you can mix and match sessions from all three tracks.  The cost of the conference is only $695 per person, and each paid attendee gets a free AirPcap Classic adapter ($198 value), which lets you do 802.11 b/g packet capture in Windows, directly through Wireshark. Groups of 3 or more are also eligible for a 10% discount.  

If you have been following my blog, you know that I am a wireless packet junkie.  I am attending Sharkfest with a couple other Principal Technologists from Xirrus.  It looks like they have a great speaker lineup with Mike Kershaw (Kismet creator), Fyodor, Laura Chapell, etc.  Of course, they will have Wireshark engineers and developers on-hand as well.  

If you are interested in registering for Sharkfest, I would suggest doing it soon.  This is the second year for the conference and the conference organizers told me that they are limiting the number of attendees so that it doesn’t grow out of hand too quickly.  As someone who attended the first several Shmoocon conferences, I can tell you that you want to get in on the ground floor.   

Related Posts: 

Packet Analysis 2.0

It seems like I am going to bring my wireless packet analysis to a whole other level – “Packet Analysis 2.0”, if you will. Two of my favorite wireless capture and analysis tools have recently been updated – OmniPeek Professional and Wireshark.

I have been at meetings at our company HQ (Xirrus) most of this week, so I haven’t had a lot of hands-on time with either updated tool.

OmniPeek Professional has just been updated to version 6.0.1, as of April 3rd. It seems to offer much more flexibility of viewing multiple data windows through mechanisms similar to tabbed browsing.

I also downloaded a few plug-ins for OmniPeek Professional, including the multichannel aggregator – once I acquire one more USB 802.11n dual-band adapters, I will try to write a blog post documenting my experiences with the aggregation feature.

The new version of Wireshark seems to focus on a lot of bug fixes, although it includes an experimental package for Mac OS X 10.5.5 and above. Version 1.0.7 of Wireshark was announced April 8th. On the Wireshark front, I am attending Sharkfest this June, which I am pretty excited about.

Now that I am thinking about wireless product upgrades, I realized that AirMagnet also came out with an updated version to their Site Surveyor product about six weeks ago (version 6.1_13206)

So many product updates, so little time…

Related Posts: 

Adventures in Capturing Wireless Packets

Just a quick FYI for those *true* WiFi packet analysis junkies out there – I installed OmniPeek Professional 5.1.4 on my HP 6910 laptop.  The software “works” with embedded Intel wireless NIC, but reports invalid data rates for 802.11n traffic.

The work around that I came too was to purchase a 3rd party, dual-band 802.11n USB adapter that has a supported API within the OmniPeek software.

I also have an AirPcap Nx device from CACE Technologies that I like *very* much – USB form factor that allows for wireless packet capture in Windows.  AirPcap integrates directly into Wireshark, which is nice since I “grew up” taking wireless captures in Lib PCAP format under Linux and looking at them in Ethereal.

Advertisements