Tuesday, 19 November 2019

My favourite WinFi features

Ealier this year myself and a few other Wi-Fi pros were lucky enough to be asked to provide some input to a new Wi-Fi scanner application being created by Helge Keck. He called the tool "WinFi" and has now released as a free tool for Windows 10.

WinFi is a feature-packed application that has many pro-level functions that have quickly made it the Wi-Fi scanner of choice on Windows for many wireless LAN pros.

I thought I'd take a few minutes to run through the operation of WinFi and highlight some of my favourite advanced features that you may not have seen yet within the application by creating the video below:


 

References

Saturday, 16 November 2019

Using the WLANPi as a wireless serial console

One lesser-known feature we added to the WLANPi image in v1.7 is Wi-Fi console that provides a wireless serial console. As this isn't too widely known, I thought I'd put a video together about it. 

The Wi-Fi console feature allows you to hook up a serial cable to the serial port of a piece of nework equipment, then get your WLANPi to broadcast out an SSID you can join from a nearby location.

You can then fire up terminal emulation software on your laptop and access the serial port on the nework equipment from a more comfortable location. Note this is a standard part of the WLANPi image since v1.7 - you do not need to install any additional packages, just follow the instructions in this video to flip your WLANPi in to Wi-Fi console mode.


References

Friday, 15 November 2019

Understanding Wireless Client Throughput From a Wireshark Capture

I recently created a  video to look at how we understand the data throughput of a wireless client from an over the air Wireshark capture. We take a look at using the I/O Graph feature in Wireshark to achieve this.

You can view the video below:


References:

Thursday, 14 November 2019

Wireshark Showing FCS Fields as "Unverified" in Captures

In a recent Wireshark 3.0.6 capture I noticed that FCS values for captured wireless frames were showing as "Unverified". I wasn't sure why this was the case, as I'm sure that Wireshark usually shows a "good" or "bad"  FCS indication. The image below demonstrates what I saw:

After some googling, I found a note that the FCS check was disabled by defaut in Wireshark 3.0.x as some NICs report the FCS check incorrectly. 

The following process details how to re-enable the check: 

  • Go to Edit -> Preferences -> Advanced in Wireshark. Enter "wlan.check" in the search bar:


Double click on the "False" word for the attribute "wlan.check_checksum". This will toggle it to "True" (make sure you click on the "False" word, not anywhere else on the line). 


Hit OK and see the change immediately in your capture decode:


Hope this quick note may help someone in the future (...probably me when I've forgotten how I fixed this!)

References:


Sunday, 3 November 2019

Wireshark Plugin To Capture Wireless Frames Using a WLANPi (Windows 10)

Want to be able to capture wireless frames via a WLANPi using just Wireshark on your Windows 10 machine? ...And be able to configure the capture configuration on the WLANPi using just Wireshark too?  Read on... (or checkout the video here)



Earlier this year, I put out a command-line script called WLANPiShark that allowed Windows 10 users to configure a WLANPi and initiate a frame capture stream in to Wireshark. Though a little clunky, it worked quite reliably for most of the time and, judging by feedback I received, was quite popular.

As Windows users, we've always been the poor cousins to our Apple brethren who are able to use their Macbook to capture over the air using the internal NIC card of their Mac in monitor mode. Getting a low cost adapter that could be put in to monitor mode on a Windows machine was as rare as hen's teeth.

Having access to the WLANPi and being able to fire up WLANPiShark opened up wireless capturing to many folks who have to use Windows machines, but were unable to easily get a wireless capture (without investing in some quite expensive tools).

With the arrival of Wireshark 3.0.x, new options became available that allow us even better ways to capture in Windows using a WLANPi. SSHDump was a newly introduced package that allows a easy method of initiating an SSH session in to a remote device and firing up commands to initiate a tcpdump capture stream (in a far less clunky way that we did in WLANPiShark).

Adrian Granados kicked off a project called wlan-extcap on GitHub, based on a Python script, that leveraged the new SSHDump Wireshark package via a plugin that he created. It also added new functions directly it to the Wireshark GUI to allow configuration of a WLANPi (...yes, the guy's a genius coder!). The project was primarily aimed at Mac users, but could potentially be used by Windows users if they installed Python on their Windows machine.

Inspired by his amazing work on his project, I decided to take the principles of his project and write a similar utility written in native Windows batch-file format. This would allow Windows users to simply copy a batch file in to their Wireshark directory to obtain the same functions as Adrian's plugin and not have to worry about adding any supporting software packages.

The result is my own project called: wlan-extcap-win

Rather than documenting the plugin on my blog, I have created a fairly lengthy ReadMe on the GitHub site where the script has been developed so that you can download the script and give it a try.

I hope you find this just as much fun as WLANPiShark and even easier and more convenient to use.

References