Posts

Showing posts from 2019

My favourite WinFi features

Image
Ealier this year myself and a few other Wi-Fi pros were lucky enough to be asked to provide some input to a new Wi-Fi scanner application being created by Helge Keck . He called the tool "WinFi" and has now released as a free tool for Windows 10. WinFi is a feature-packed application that has many pro-level functions that have quickly made it the Wi-Fi scanner of choice on Windows for many wireless LAN pros. I thought I'd take a few minutes to run through the operation of WinFi and highlight some of my favourite advanced features that you may not have seen yet within the application by creating the video below:   References Application home page Video Link Helge Keck on Twitter

Using the WLANPi as a wireless serial console

Image
One lesser-known feature we added to the WLANPi image in v1.7 is Wi-Fi console that provides a wireless serial console. As this isn't too widely known, I thought I'd put a video together about it.  The Wi-Fi console feature allows you to hook up a serial cable to the serial port of a piece of nework equipment, then get your WLANPi to broadcast out an SSID you can join from a nearby location. You can then fire up terminal emulation software on your laptop and access the serial port on the nework equipment from a more comfortable location. Note this is a standard part of the WLANPi image since v1.7 - you do not need to install any additional packages, just follow the instructions in this video to flip your WLANPi in to Wi-Fi console mode. References YouTube Video GitHub repo & further information

Understanding Wireless Client Throughput From a Wireshark Capture

Image
I recently created a  video to look at how we understand the data throughput of a wireless client from an over the air Wireshark capture. We take a look at using the I/O Graph feature in Wireshark to achieve this. You can view the video below: References: YouTube video link Metageek Wireshark profile

Wireshark Showing FCS Fields as "Unverified" in Captures

Image
In a recent Wireshark 3.0.6 capture I noticed that FCS values for captured wireless frames were showing as "Unverified". I wasn't sure why this was the case, as I'm sure that Wireshark usually shows a "good" or "bad"  FCS indication. The image below demonstrates what I saw:   After some googling, I found a note that the FCS check was disabled by defaut in Wireshark 3.0.x as some NICs report the FCS check incorrectly.  The following process details how to re-enable the check:  Go to Edit -> Preferences -> Advanced in Wireshark. Enter "wlan.check" in the search bar: Double click on the "False" word for the attribute "wlan.check_checksum". This will toggle it to "True" (make sure you click on the "False" word, not anywhere else on the line).  Hit OK and see the change immediately in your capture decode: Hope this quick note may help someone in the future (...

Wireshark Plugin To Capture Wireless Frames Using a WLANPi (Windows 10)

Image
Want to be able to capture wireless frames via a WLANPi using just Wireshark on your Windows 10 machine? ...And be able to configure the capture configuration on the WLANPi using just Wireshark too?  Read on... (or checkout the video here ) Earlier this year, I put out a command-line script called WLANPiShark that allowed Windows 10 users to configure a WLANPi and initiate a frame capture stream in to Wireshark. Though a little clunky, it worked quite reliably for most of the time and, judging by feedback I received, was quite popular. As Windows users, we've always been the poor cousins to our Apple brethren who are able to use their Macbook to capture over the air using the internal NIC card of their Mac in monitor mode. Getting a low cost adapter that could be put in to monitor mode on a Windows machine was as rare as hen's teeth. Having access to the WLANPi and being able to fire up WLANPiShark opened up wireless capturing to many folks who have to use Wi

Wireless Analysis Resources

Image
Wireless traffic capture and analysis can be a tricky business and is often seen as something of a dark art to newcomers to the world of Wi-Fi. There are a huge variety of options when considering how to capture wireless traffic over the air, with many of the solutions being paid-for options that may be out of reach for many individuals. Many people approaching wireless analysis may already be familiar with Wireshark, based on their previous experience on wired networks, where they may have used it for troubleshooting and analysis purposes.  They may wonder if they can use Wireshark for their initial foray into wireless analysis.  Using Wireshark for wireless capture and analysis on Wi-Fi networks can be a little tricky and presents the newcomer with a whole new slew of frame types to learn. There are many good articles, videos and podcasts out there looking at wireless analysis, particularly if Wireshark is your tool of choice. I thought it would be good to pull them together

Metageek Wi-Spy Air Review

Image
In this article, I take a look at the recently released Metageek “Wi-Spy Air” wireless analysis module and its accompanying “Air Viewer” smartphone application. Metageek supplied me with a beta unit a couple of months ago to help with some initial testing of the product. I’ll take a look at some of the features of the product, together with some observations of my testing of the product to date. Fig 1: Spectrum Analysis in Air Viewer (Smartphone (Landscape)  Screenshot) Background Having the right tool for the job when supporting Wi-Fi networks is essential. Those tools may come in many shapes and sizes, with each having its place depending on the task at hand. Whichever tool is chosen, it needs to be  “professional” grade to ensure it can provide the depth and quality of data required to support the mission critical infrastructures that Wi-Fi networks have become. To date, professional wireless tools for both IOS and Android smartphones have been thin on the ground (in my e

The Windows WMM User Priority Issue - A Fix?

Image
There is a known issue with Windows clients when it comes to marking applications for QoS over wireless. In short, even if a Windows client application is configured to use DSCP 46 (EF), for example to mark voice traffic, it will translate this over the air to to use a layer 2 UP value of 5, rather than 6. This means that it will end up in the Video WMM queue rather than the Voice queue that we’d like. This has an impact on traffic prioritization over the air and could have a negative impact on our high priority traffic. This has been an issue that people have just “lived with” for quite a while, but I suspect there is a solution to this issue. I’m “putting this out there” for feedback as I can’t find any information about others using this technique. I’d like feedback from my peers to understand if the approach is viable or anyone else has used/tried it Background Generally in my articles, I like to provide plenty of background information about a topic to encourage others to rese

WLANPiShark: Wireless Capture With a WLANPi on Windows

Image
*** Note this article is out of date. Please use the information on this page until I get this artcile updated:  https://github.com/WLAN-Pi/WLANPiShark2 *** One huge advantage that Apple Mac users have over owners of Windows 10 machines is the ability to perform a native 802.11 wireless packet capture direct from their built-in wireless NIC. This is extremely useful for wireless pros who want to take a quick over-the air-capture into Wireshark to analyze traffic for troubleshooting purposes. Windows users don’t have the luxury of this native wireless capture capability. In this article, we take a look at how we can use a WLANPi unit as an adapter to capture traffic over the air, straight into Wireshark on a Windows machine. With the WLANPi being powered from the USB of the laptop, this is a super convenient, portable and powerful capture method that gets Windows users a little closer to the capabilities of their cousins on Apple Macs. Background I’ve always felt really bad for