★ THE BLOG ★ Ramblings on WiFi & stuff.

The 802.1X Process (as told by Luis.)

In case you missed my WLPC Wireshark talk here’s the 802.1X process file… with COMMENTS.😬

It’s just the specific frames in the 802.1X process saved into a separate file with comments for each of the frames. Hopefully, it will give an decent understanding of what is actually happening during this process. ENJOY!

The great Michael Peńa.

The great Michael Peńa.

En Route to #WLPC/Phoenix!

WLPC 2019 is upon us and I’m off to Phoenix, AZ. But, first, I got a little shoveling to do. ❄️

Looking forward to seeing all my fellow Wi-Fi nerds and learn some stuff!

I’ll be presenting this year with a short talk on my favorite Wireshark customizations. Nothing too exciting, but hopefully some folks Weill get something out of it.

This will be the first year I will be going to both US AND EU WLPCs! I am really looking forward to my first WLPC-EU where I will be teaching the ECSE course.

I have plans for this year to start putting up more content on a regular basis. Working through some stuff the last few years and I am coming out the other end.

So, #WLPC Peeps, I’ll see you soon! And those of you who couldn’t make it, I hope you’ll be able to do so in the future. I miss you. 😢

For those of you who are trying to decide if it’s worth it, you can view video from ALL the previous WLPCs on their YouTube channel.

I’ll like to tell people that what I REALLY go to WLPC for is the community. Hanging out with folks, making new friends, sharing knowledge, and learning from some VERY smart people.

Videos are great, but PEOPLE are better.


Nice, straight forward Infographic on DFS Operations by @VergesFrancois

All of @MisterMultipath‘s blogs posts on 11ax are old, Jerry! GOLD!

And here’s a detailed whiepaper on 11ax from National Instruments.

Another relatively inexpensive way to pcap on Windows - WLANPiShark: Wireless Capture With a WLANPi on Windows via @WifiNigel

Mike Albano's Client Capabilities List - An oldie, but a goodie, if you haven’t had a chance to check it out (or, contribute to) before.

Couldn't have said this any better myself - WiFi 6 is a Stupid Branding idea by the effervescent @NetworkingNerd

A nice survey tray alternative - The Swift Body Platform Harness for Laptops & Tablets thanks, @CurtisKlarsen for the link!

How Aruba Optimizes Performance of Dual 5-GHz APs via Aruba Blogs - Good read on the challenges of dual-5gig.

Spectrum Analyzers use this to break down sine waves. Good overview of how it works. - An Interactive Introduction to Fourier Transforms

Driven to Distraction (Revised): Recognizing and Coping with Attention Deficit Disorder - Highly recommended if you feel you are dealing with ADHD. Has had a huge impact on my life.

New PoE+ Battery Pack from Acceltex! ↝

Ooooooh… this looks nice. Besides looking pretty and offering PoE+, to ALSO has: 12v barrel connect out, and 5V USB out. Now, if they would only add 100W USB-C out. 😏


Good article detailing the differences between 802.11ax and LTE ↝

Good read from TechPlayOn. It’s short and to the point and outlines the differences between 11ax and LTE which has been using and reaping the benefits of OFDM-A for years.

It was last year when I first read/ discovered about 802.11ax on one of the websites mentioned below as references. Ever since I tried to collect more information and wanted to write about the same. But every passing day/ week/ month, I learnt a new aspect about 802.11ax. Being from Telecom Industry and Radio background, “throughput/speed/data rate ” makes us go ga-ga. Even if anyone ask us difference between 802.11ac vs ax or 3G vs LTE/4G first thing we point out is higher speeds.

But honestly, 802.11ax is much more than only speed. It is complete evolution or shall I say the moment for Wi-Fi Industry. When I started reading about MulteFire, LTE-U/LAA in the same spectrum, was bit worried about Wi-Fi and future as Wi-Fi as technology was designed for neutral environment and didn’t have sophisticated Interference mitigation from external sources. Then came the moment with 802.11ax, the features have made me believe again, Wi-Fi is here to stay and would play greater role in Future Networks, more than enterprise and indoors.
Source: http://www.techplayon.com/802-11ax-vs-lte-...

Good points.

Roaming for Apple & Samsung Devices

Knowing is half the battle. Understanding how your devices make decisions helps you determine design requirements to build better WLANs. Here’s documentation on how Apple and Samsung devices make roaming decisions.

macOS & iOS Wireless Roaming for Enterprise

Apple was kind enough to provide this information for iOS.

Samsung Knox Roaming Algorithm

Knox is an Enterprise platform for Samsung devices that offers enhanced roaming. Learn how it works to help you support it in your wireless designs.

Samsung Knox Enhanced Roaming Algorithm

As a BONUS here’s Apple’s iOS Deployment Guide too!

The Traveling WiFi Engineer

I'm asked all the time how I travel with just ONE bag. So, I made a video! 

I am currently on an Around-the-World trip going from Denver to Abu Dhabi to Bangkok to Gold Coast, Australia then back to Denver. This will be about a three week excursion teaching the ECSE Design Course. I have brought one bag for all my items.

I do this for a few reasons: 1. I refuse to check anything. So, I never have lost luggage, 2. I like to move fast. Get through lines fast. Get to my transportation fast - one backpack makes this super easy to accomplish.

DISCLAIMER: On this trip I actually have two bags. One is for all my stuff, the other is for carrying stuff while I am out and about doing touristy stuff. My travel bag on this trip is the Goruck GR2, a 40L backpack. It's way to big to use as my EDC (every day carry) so I did bring my 5.11 Rush10 for day-to-day carry.

So, here is a video I made in my room in Abu Dhabi showing what's in my bag.

Options for Wireless Packet Capture in Windows

In Windows, you cannot effectively analyze wireless frames, because you are unable to put the wireless NIC in "RF Monitor Mode" - that is the mode in which the wireless NIC can see ALL 802.11 frames in the air, not just ones intended for itself.

Historically, it's been an expensive proposition. There are some great tools out there like OmniPeek (which I use), the gold standard for Windows packet analysis. And for years, AirPcap Nx was the main NIC folks used for pcap'ing WLANs with Wireshark. Unfortunately, both options are pricey. And the AirPcap NX is no longer manufactured. You’d be lucky to find a used one on eBay. Linux and MacOS have been the only ways to cheaply get access to RF Monitor mode without spendy software and hardware, like Omnipeek and the AirPcap Nx.

But, not everyone uses Linux, or Mac OS. Fortunately, and fairly recently, there are more and more ways to get RF Monitor mode in Windows. Here are some relatively inexpensive options (NOT an exhaustive list) to perform an RF Monitor Mode wireless packet capture in Windows using relatively inexpensive hardware.

OR, you could just get a Mac and do it natively. 😉

Here are some additional resources for wireless picture capture in Windows from @Ron_van_Kleunen‬:

* If anyone has additional relatively inexpensive options for this list please DM me @HeyEddie

"relatively inexpensive"


I don't know. Less than a grand? Less than $500? Please don't get all pedantic on me. 😉

SharkTIPS! My Favorite Wireshark Customizations (Part 1)

Thanks to the gentle nagging of @WiFiNigel I finally got around to posting SOME of the things I've been wanting to post. It's been sitting in a text file for several months without me ever getting around to posting it. And thanks to @JamesGarringer‬ for inspiring me to think about maybe writing it.

Wireshark may be free, but it's a powerful and useful beast. Knowing how to use your tools, and set them up to be the most efficient and productive is important. So, here are a few of my favorite Wireshark customizations that help me do my job. This is the first of two posts.

🦈  SharkTIP #1 - Custom Profiles

The first thing you should do after installing Wireshark is to create custom profiles to have Wireshark ready to go for the task at hand. For me, that means wireless frame capture & analysis. I like to have certain columns, and colors all set so I can quickly spot things that I’m looking for. In future SharkTips I cover some of the other Wireshark customizations I use in my custom profiles.

Creating profiles is easy. First, click on “Edit” menu and then select “Configuration Profiles”. You’ll see this window popup:

Wireshark Configuration Profiles Panel

Next,  click on the “+” to add and name a new profile. Then click “OK” to close and save the new profile.

That’s it! Now, you’ll just have to take the time to customize your view to your likes and needs. You can arrange the panel layout, the columns that you prefer to see, the colors of the packet/frames. Any changes you make to the active profile are automatically saved.

To switch profiles just click on “Profiles” at the bottom, right-hand corner of Wireshark. You’ll see a list of all the available profiles. Just click on the one you want and your done.

Profile Selector

You can even save you profiles for use on other machines, or to share. A quick Google search should allow to find customer profiles that other users have created that may suit your needs.

To share a profile, or add someone else's profile, go to the help about for Wireshark and click on the “Folders” tab. You’ll see links to various folders. Click on the link for the “Personal configuration”. When the window pops up go into the "Profiles" folder. There you will see folders for each of your profiles. Just copy and share the profile(s) you want share.

Alternatively, if you want to add someone else's profile(s) copy their profile folders into your "Profiles" folder. Next time you start Wireshark the profiles will be available to you.

The Profile Folder

SharkTIP #2 - Columns That Matter

Columns are YUGE. Having the right columns front and center will make finding what you want faster and easier. If you're trying to learn and understand 802.11, taking the CWAP, having the right columns will go a along way to helping you understand what's happening up in them frames!

Useful Wireshark Columns for 802.11 (Click to see Full Size)

There are a few different ways to create columns:



You can right-click on the column bar and select "Column Preferences" from the menu. Then you can press the "+" button to create a new column, give it a name and either select form the list of presets, or use a filter for what you want.

For example, if you wanted to create a column that shows TX rate you could...

The standard way to add new columns to Wireshark.

OPTION 2 (My preferred method) 

This option gives you more stuff to choose from. You'll be surprised what you'll find. Select an item you want from the Packet DETAILS below the Packet List like so...

Adding Columns to Wireshark from the Packet Details Window instead of selecting from the standard list.

Here are some of some of the columns I use:

  • Sequence No.

  • Length

  • Size

  • Source

  • Destination

  • SSID

  • PTK

  • PHY


  • Noise

  • Type/Subtype

  • Protocol

  • CH.

  • Priority

  • RSSI

  • Rate

  • DTIM

  • Duration

  • Info

I hide/unhide columns as needed by right-clicking on the column bar and selecting/de-selecting what I want from the list:

Wireshark Hiding/Unhiding Columns

SharkTIP #3 - Colorize The Packets!

I spend the majority of my time working with 802.11. So, I’ve customized Wireshark to make analyzing it faster and easier.

One of the first things I did was add a custom color palette for colorizing 802.11 frames. Fortunately, I didn’t have to work too hard. @WiFiTrent created this awesome color profile based on MetaGeek’s Eye P.A., and @WifiNigel blogged about how to add it to Wireshark here. The color scheme breaks it down into three basic color sets for each 802.11 frame type - Management, Control, and Data. It makes it so much easier to spot things quickly, and helps me better understand what I’m seeing. I love it!

Wireshark Coloring Rules for 802.11

To install it click on “View” and select “Colorization rules…”. You’ll see an option to import the file. Or, if you want to take the time to create your own color rule set just click on the “+” button and start creating your rules, frame by frame!

👉 Download it at WiFiNigel’s blog.

Happy coloring! 🖍

SharkTIP #4 - Create A List Of Commonly Used Display Filters

Just click on the little bookmark icon to the left of the filter entry field, select "Manage Display Filters", and add your most commonly used display filters for quick and easy access. Then just click and select them on the fly!

Wireshark Display Filters

@VergesFrancois created this 👉 great document listing the most common Wireshark 802.11 Display Filters .


Display Filter Buttons! (Wah????)

Another cool way to do filters are Filter Buttons! Ceate Filter Buttons in Wireshark toolbar for your most used filters. Just click and BLAMO! You're filtering, yo!

Easy to do. Here is how you create and remove an existing filter button. Here I'm adding a button to quickly filter on only frames that pertain to my MacBook, JAYNE.

Just click on the "+" on the filter bar and then add a label and the filter you want to use...

SHARKTIP #5 - Custom Name Resolution (The “ethers” file) 🕵🏻

Sometimes it hard to see through the mass of information Wireshark presents you.  For quick scanning I like to add name resolution for mac addresses so devices I’m looking for are easily identifiable in Wireshark.

It's simple to do. 

  1. On a Mac go to Wireshark > About Wireshark, and on Windows go to Help > About

  2. When the dialog pops up click on the “Folders” tab

  3. Click on the link next to "Personal configuration".

  4. Open the “ethers” file in your text editor of choice (If you don't see an "ethers" file you create a text file and copy paste the example below.)

  5. Add each device on a separate line, Mac address, followed by a space, and then the name:

    Example of an ethers file:

    # Use the ethers files to name devices. 
    # This will replace the MAC address with the name you specify here.
    # An example of adding a device MAC address and name.

    ######## EXAMPLE DEVICE ENTRY ############

    # 1A:2B:3C:4D:5E:6F DEVICE-NAME

    ######## ENTER YOU DEVICES BELOW! ########

    1a:2b:3c:4d:5e:6f ATV-HOME
    a1:b2:c3:d4:e5:f6 IAP-224
    00:01:02:03:04:0f MACBOOK
    a1:b2:c3:d4:e5:f6 IPHONE
    00:c2:c1:d3:dd:c7 IPAD

  6. Save the file in /etc, restart Wireshark and now you’ll see the device name instead of the Mac address.


IT will look something like this:

(Here I added my AppleTV and Aruba IAP-224:)

Wireshark Name Resolution with the Ether File

That's it of now. I'll post some more SHARKTIPS™ :-) in the next few weeks.