THE BLOG ★ Ramblings on WiFi & stuff.

EXTRA! EXTRA! Read all about it! @HeyEddie suspended from Twitter for (checks notes)…mocking manatees.

I hate manatees. Manatees are evil. They look all sweet and gentle-like, lulling you into a sense of comfort, and safety.

THAT’s when they get you. They soar out of the water, high above you, and then, using their razor sharp fangs, rip your throat out!

Dead! That’s what you are… DEAD!

Your last thoughts being, “Oh, my, these manatees are so sweet and gentle, I just want to - Oh, my God. I didn't know they could jump so high. Are those… FANGS? Why would a manatee need fangs?! They just graze on water plants. They don’t even eat meat! Dear, God, were we wrong?! We were all so WRONG!!!”

I mean, look at that thing! It’s HORRIFYING!

210111-manatee-usfws-ew-416p_bea259ac5e33ccbf5bde41efeaa75701.social_share_1024x768_scale.jpg

So ANYWAYS, I got suspended from Twitter today on a count of manatees. Apparently, they don’t like being made fun of.

IMG_9965.jpg

And my EVIL, VIOLENT, VIOLATION was 100% CONFIRMED by… someone? ¯\_(°_o)_/¯

IMG_9967.jpg

Let this be a lesson to ALL. Don’t mess with manatees, or the MAN(atees) will mess back!

Why Active Surveys?

(OR, WHAT’S THE DEAL WITH THROUGHPUT TESTS?)

In the previous article, I elaborated on what wireless site surveys are, what they are for, and what they can show us. In this post, I'd like to go a bit deeper into Active Surveys, what they are, and what are they used for.

As I stated in the previous article, an Active Survey implies that your are conducting a survey while adapter(s) you are using are CONNECTED to the WLAN (Wireless LAN). A wireless device can only connect, or "associate" to one access point (AP) at a time. It is not possible, for a wireless NIC to connect to more than one AP at a time.

This is inherently limiting. If you are connected to only on AP then all you see is data coming to and from that AP. And not only that, but you can only see YOU OWN data. You cannot see another devices data. So, if the purpose for you "survey" is to determine why the service manager's table can't connect to the WLAN, you'll be out of luck. You can't see the frames between that device and the AP that would help you troubleshoot the issue, because all you can see are your own frames. So, why would I want to perform an Active Survey and what can I do with it?

Throughput tests.

A throughput test allows you to determine the maximum data throughput on a connection. This seems like a useful test. Who wouldn't want to know if they are talking fast, or slow, on their Wi-Fi? But, Wi-Fi (802.11) is a peculiar beast. Unlike wired networks, there is no guarantee of speed. A device connected to a WLAN at 1.3Gbps data rate, will never, ever get 1.3Gbps throughput. At BEST, in a clean test environment, you MIGHT get 70-75% of the data rate in real throughput. You may even peak at around 80%. But, due to the inherent overhead in the 802.11 protocol, we start at a deficit. The real throughput numbers will be significantly less that the connected data rate. In addition, 802.11 functions at half-duplex, only one device can talk at a time on a channel, and every additional device passing traffic on that channel eats away at your throughput since whenever another device is transmitting, yours cannot. We call this CONTENTION. As in, each device contends for a slice of time on the channel to transmit data.

For these reasons, I never do throughput tests while I am performing a survey, because the tests only tell my what the device I was surveying with, at that specific time and location, was able to achieve, on that one specific AP that it was connected to. It does NOT tell me what the end users devices will be able to achieve.

Performing throughput tests, without context, is a waste of time that yields negligible results. When performing throughput test here are some things to consider:

  • 802.11 Overhead - No matter what it says on the box (2300mbps!) it's a lie. Or, at the very least it's marketing pablum. Real throughput will always be much less than your connection rate, and gets lower as the network comes under load, as each device shares the AIRTIME available on the channel only when no other device is transmitting.

  • Device capabilities - Is your device 1-Stream, 2-Streams, or 3-Streams? 802.11a/b/g/n/ac/ax? etc. A newer, more capable device, will out-perform an older one. A laptop has larger antennas than a mobile phone, so it hears the network better, and thus will potentially be able to achieve better results.

  • Network Load - Testing after-hours, when there is no load, will yield better results than in the middle of the day, when the office/warehouse/school is full.

So, do they have any value? Is there a use-case for throughput test? Sure, but you need to understand what it is exactly that you are looking for in the data that you collect. Let's go through one use-case for throughput tests.

We have a customer that is converting a production and office facility to primarily wireless. One of the main issues is they don't use laptops. With few exceptions, all of their computers are desktops. This means we have install wireless adapters on them. Because of cost, time, & labor it takes to install wireless PCI cards, we've decided to use USB wireless adapters. First, they are quick to install, especially if you get ones that Windows can auto-install the drivers. Second, with a simple USB extension cable you can mount the adapter in an optimal location with better line-of-sight to the WLAN. PCI cards usually have the antennas connected directly to the card, behind the computer. Not a very good place for antennas.

I wanted to make sure that whatever adapter we settled on would work well in their environment. So, we purchased ten different 802.11ac USB adapters and I tested each adapter first to see how they heard the WLAN signal strength at various distances, through materials like walls, bookshelves, cubicles, etc. I was looking for adapter with good "ears". I then ran throughput tests on each of them to see how they performed.

I then performed throughput tests using a tool called iPerf. I used a channel that was not being used by other devices so they could get the best performance possible. I ran 12 tests on each adapter, throwing out the highest and lowest to get an average throughput per adapter. I also changed the orientation from horizontal to vertical to make sure I knew what was optimal when installed. This means I ran a total of 24 tests per adapter - 12 in each orientation.

Throughput itself doesn't tell the whole story, but it's start. Out of ten adapters five were consistently above 200mbps throughput. Four were consistently under 200mbps. So, I knew the top four would be among the ones I would choose.

While the throughput test is not an all-inclusive indicator of "this is the best adapter" it can show which ones are the more consistent high-performers. Also, the data from the bottom three was revealing. Unlike the top-performing NICs, where the throughput rates were fairly consistent, the low-performing NICs were inconsistent in their throughout numbers. Sometimes, they would get high results, other times they would get poor results. Sometimes they would stop passing data altogether! This inconsistency leads me to believe that these adapters, or their drivers, do not perform well under load. And their inconstancy revealed adapters I'd probably want to avoid. I would rather have an adapter that performs CONSISTENTLY, and RELIABLY than one this does not. TRUST is more important to me than raw speed.

Looking into the matter some more, using a wireless packet capture, I was able to see that the low-performers dropped frames at much higher rate than the high-performers. All adapters were tested one at a time, at the same location, on the same clean channel that was not being use by other devices. So, while a throughput test, or a "drag race" as some like to call it, may not be overly helpful in determining the health of the WLAN, it can reveal weaknesses, or driver issues, in wireless devices. IF you understand what you are looking for and how to interpret it.

Pinging.

Another type of Active Survey could simply be the use of ping/ICMP over the WLAN. Unfortunately, ping is also not a good tool for determine the health of a WLAN. First, the overhead and shortcomings of the 802.11 protocol mean you will rarely get consistent pings. As the load increases on the network, your ping may become more erratic. What you are seeing is not necessarily bad Wi-Fi. It's contention. Every ping you send is being contended for against other devices on the WLAN you are connected to. Only one device can talk at a time. Ping may be useful for determining if you have connectivity to a particular server, or IP address, but it does not reveal much about the health of the WLAN. As with throughput test, it could perhaps indicate SOMETHING is wrong, but not what, where, or why.

Device testing/requirement validation.

Another type of Active Survey I do perform often is what I call "device testing". Let's say the customer's requirement for the WLAN Survey was "Voice Grade WiFi". Well, I would absolutely perform a Passive Survey to get ALL the data about the WLAN, neighboring WLANs, possible misconfigurations, Primary Coverage, Secondary Coverage (for roaming), etc. I would then review my collected data and analyze it to see if the WLAN does, or does not meet the requirements for Voice Grade WiFi. If the answer is yes, then I following that up with an Active Survey.

For this "survey" however, I will not use my survey tools. I will use the customer's devices. If voice is the requirement, while the network is under load, I may give a phone to one person and call them with another. We'll then walk in different directions. If roaming is a requirement, I might walk down hallways and turn corners. I'll go in & out of rooms and walk through areas where previously the customer has intimated that calls dropped. If I can do successfully what the customers "needs" to do - keep uninterrupted calls while walking - then I can say that I have confirmed we have met the customer's requirement.

The important thing here is I used the CUSTOMER'S device to validate that the requirement is fully met. Testing with my device, one that may have greater capabilities than the end user, may not truly reveal deficits in the WLAN design. If my device works, but the customer's does not, I have not fulfilled my goal of designing the WLAN per the customer's requirements.

Conclusion.

So, should you perform Active Surveys? Sure, but first UNDERSTAND what it is exactly you are wanting test. Take the time to understand what the data is showing you. What device did you use and what are its capabilities? When did you perform the test - under load, or an empty network? Will the end users devices see similar results? Do you want the FASTEST device, or the most consistent, reliable device? Knowing why you are doing it, and understanding what the data is telling you, is important.

Wireless Site Surveys Explained

(This blog swiped from my company website.)😎

What is a wireless site survey? Seems like a pretty straight forward question until you hear someone ask for a "predictive" survey. How does that work? how do you "predict" a survey? The truth is, there is no such thing as a "predictive" site survey. We can make a PLAN, or a Predictive DESIGN/MODEL. And better yet, we can collect data before we start to better inform our predictive model.

Webster’s Dictionary defines the word survey as:

survey (verb)

sur·​vey | \ sər-ˈvā , ˈsər-ˌvā \
surveyed; surveying

transitive verb

1a : to examine as to condition, situation, or value : APPRAISE
1b : to query (someone) in order to collect data for the analysis of some aspect of a group or area
2 : to determine and delineate the form, extent, and position of (such as a tract of land) by taking linear and angular measurements and by applying the principles of geometry and trigonometry
3 : to view or consider comprehensively
4 : INSPECT, SCRUTINIZE
: to make a survey

So, to survey is to examine, query, inspect, scrutinize data, etc. What is the data we collect? It depends on what it is you want to analyze. What's the percentage of people that are ok with clubbing baby seals? Will you be voting for expanding rights to indignant penguins? Or, for us, can the Wireless LAN (WLAN) provide what the end users need?

REQUIREMENTS GATHERING

First, we start by determining requirements. I consider this "surveying". It doesn't necessarily involve walking around, with your survey gear, measuring the Wi-Fi. It's conversation. It's taking notes and pictures on the wall types, and ceiling heights, and any other oddities that can impact your potential design. It's asking questions, "What type of devices are the most critical?". "What applications does your organization rely on?". "How many devices will be connected at peak, in the morning, on the 2nd shift?". "What are the areas of highest user density?". "What will they be doing on those devices?". Real-time services/applications such as voice, video conferencing, etc. have different requirements than say, web-browsing, e-mail, and accessing a database. Are you looking to perform large data-transfers? That's different than needing to open a file from a shared network folder, or printing.

These questions may seem inconsequential unless you understand the limitations of 802.11. Every organization does not have the same needs. And those needs can be different based on location and can change over time. A cafeteria may be a "high-density" area but will have a vastly different design requirement than say, a large auditorium/lecture/training facility. Wireless Voice-over-IP has different requirements then a straight data-only design. Do you need seamless roaming, where you can stay on a audio, or video call without dropping as you walk from place to place? That is a different design from one where roaming is not required. A supervisor may have a different idea of wireless use-cases versus the employees, on the floor, using the wireless day-to-day, with specific devices. So, I start ALL my surveys with a requirement gathering, data collection meeting.

I do this wether I am preparing for a WLAN design, a Validation Survey, or a Troubleshooting Survey. How do I know if things are "good", or "bad", if I don't know what good, or bad is for this particular deployment? This is a critical step that many fail to do, and therefore, fail with their WLAN deployment, because it cannot support whatever it is the customer needs.

A survey, is a survey, is a survey. Or, is it?

WALL ATTENUATION MEASUREMENT

Once I've determined the customer requirements I can get started on the "wireless" data collection piece. Often, I will perform what I call Wall Attenuation Measurements. This typically involves placing an access point in a room, and taking measurements on both sides of a wall/obstruction to determine just how much "attenuation", or signal loss, is seen in 2.4 and/or 5GHz. This is important if the purpose of the site visit is to gather pre-design data, to help make our Predictive Model more accurate.

In this scenario, I am collecting requirements, and RF data to get as much detail BEFORE I begin the design, so I have greater confidence that my prediction, my mathematical model, will be as accurate as I can get it. I would much rather KNOW that the walls in the offices are 5dBm of attenuation, than simply choosing the default "Dry Wall" from my planning software, hoping for the best. What if there was a wall that looked like drywall, but in actuality, is brick covered with drywall for aesthetics reasons? If you didn't ask, or measure, you would have no idea, and may cause your design to fail. You can view a detailed explanation on how to perform a Wall Attenuation Measure Survey here.

So, Wall Attenuation Measurements are a type of "survey".

AP-ON-A-STICK SURVEYS

AP-on-a-Stick, or APoaS, simply means I have a pole, or mounting system of some kind, and place an access point (AP) temporarily, at a location and height, where I would like to see how the RF from this specific AP propagates in the environment. APoaS surveys are helpful in complex environments like warehouses, production facilities, or other environments, where modeling in planning software can be difficult due to the complexity 3D environment, you’re in. So, by placing an AP at a specific height, on a specific channel, at a specific power level, I can measure in the real world, and know, exactly, how this AP will cover the area we are interested in. This removes guessing, and we are using REAL data, not PREDICTED data, to evaluate coverage and inform our WLAN design.

There are many use cases for APoaS. I won't explain them all here, but common ones are:

  • Pre-Design: to validate what AP, or antennas, work best for your design

  • Post-Design: to validate a portion of your predicted AP locations before you deploy

  • Wall Attenuation Measurements: to confirm RF loss through an obstruction

There are others, but these are the ones I use the most when I do APOS.

VALIDATION SURVEYS

Like the name implies, this type of survey is used to "validate" that a particular WLAN implementation meets the requirements of the project. The WLAN is already in place, configured, and running as intended. With your survey software, and adapters, you capture data throughout the entirety of the facility where Wi-Fi is a requirement. Once you've collected all the data, on all the channels that you care about (I typically survey ALL Wi-Fi channels), you can analyze the data, and compare it to your requirements to see if it "passes". Things you could look at could be: Primary Signal Strength, Secondary Signal Strength (for roaming), Co-Channel and Adjacent Channel Interference, Interfering networks, Rogue APs, misconfigurations, Channel-width, Channel usage, and more.

When something is found that does not meet the requirements, you can then resolve the issue(s), and perform the survey again, to confirm the changes made now allow the WLAN to meet the requirements you have set. I may not always do a pre-design wireless survey, but I ALWAYS do a Validation Survey.

ACTIVE VS. PASSIVE SURVEYS

"Active Surveys" - Ooh, that SOUNDS important. As in, "we need an Active Wireless Survey, STAT!" I want to be Active, not Passive, don't I? Well, in the case of wireless surveys, Passive is where it's at. Let me clarify.

ACTIVE survey implies there is activity. In this case, we mean actual data being transmitted and received. In order to perform an Active Survey, you MUST be connected to an AP. How many APs can a device connected simultaneously? "There can be only one, Neo". This means that in order to perform an Active Survey you MUST be connected to one AP, and pass traffic. What DON'T you see when you are connected to a WLAN? Prepare to be shocked, you do not see ANY wireless frames! Zip. Zero. None. You can only see your own traffic, not that of any other devices, and what you see is upper layer traffic - things like DHCP, DNS, IP addresses, webpages, SMPT, etc. Now, that may be great if all you are interested in is your own traffic, but you won't see the stuff that MATTERS when monitoring/surveying Wi-Fi - that is 802.11 frames. That's where the magic is - in those Management, Control, and Data Frames that are completely invisible when you are connected to a WLAN.

Also, when you are CONNECTED to a WLAN you only see your own traffic, at that time, at that location, with that specific device. You don’t see the ENTIRETY of the WLAN and how neighboring WLANs interact with it. Your view is extremely limited and tells you nothing about the the health of the WLAN. Suffice it to say, that for me, Active Surveys are rare, if I do them at all.

"PASSIVE Survey" sounds weak. Who wants to be passive? The Terminator's not passive, Sarah Connor ain't passive - I don't wanna be lame! The truth is Passive Surveys is what you NEED if you want to see what matters in understanding the health of a WLAN. By “Passive” we mean, you are NOT connected to the network. You can only monitor if you disconnected and listening ONLY. Passive Surveys allow you see ALL the channels and networks around you, not just the one you are connected to for an Active Survey. AND you see all the 802.11 frames! The magic of how Wi-Fi actually works! Only a passive survey will reveal how bad your Co-Channel, or Adjacent Channel Interference is, or if you have coverage in all the areas you care about, or SECONDARY coverage for seamless fast roaming. Passive Surveys can even reveal details about the configuration of the WLAN, if you have the right security, are your Basic, or Supported channels a potential problem, is there a rogue AP that was brought into your environment that shouldn't be there? These are things you cannot see with Active Surveys.

You can skip an Active Survey, but ALWAYS do a Passive Survey.

TROUBLESHOOTING/OPTIMIZATION SURVEYS

These types of surveys are essentially the same as a Validation Survey, the main difference is the Validation is simply to confirm that an implementation meets a set of requirements, usually as the final part of the planning, design, and implementation of a new WLAN, whereas these surveys are to TROUBLESHOOT the cause of a wireless issue, or to determine if the existing WLAN design can be improved upon, or OPTIMIZED for a new, changed, or updated use case. The process is the same - passive survey, on all the channels that matter, in all the areas that matter to the customer. You then analyze the data and determine if that data meets the REQUIREMENTS based on what you have determined by talking to the customer about the project.

That’s all for now…

As you can see, the word SURVEY is a loaded term. It can mean many things to different people. So, it's important to understand what it is exactly you are looking for, and how you need to collect that data. It should always start with determining the REQUIREMENTS for the WLAN. Gather as much data as you can BEFORE you begin a WLAN design. Collect data with a Passive Survey on all the channels you care about and in all the areas that matter. Finally, analyze the data and hold it up against the requirements you have determined, to confirm the WLAN meets those requirements, or not.

SURVEY - not as simple as it seems.

Download this as a white paper.

Help ME, Help YOU, Help ME!!!! (Or, How Apple Broke Wireless PCAPs on the M1 Macs)

I need your help! The new M1 Macs seems to have broken wireless packet capture. Macs have been a go to tool for many wireless engineers because of the ease of native wireless pcaps. Now, it’s broken.

Can y'all help a brother out and do some testing on your M1s and see if you're getting the same results?

Even better, can you SEND me your pcap (if you are so inclined)?

Thanks! 😃

Netsh WLANMon - A New Tool in the Fight Against Bad-Fi on Windows from @MackenzieWiFi

Those of you lucky enough to have a Mac are very familiar with @AdrianGrandos WiFi Signal app that shows detailed information about your Mac’s wireless connection. This is a useful tool for doing some basic troubleshooting for your connection.

Airtool.png

Unfortunately, Windows has not had the ability to see this information easily, if at all. That has changed with a new tool developed by the great, and generous, Peter McKenzie (@mackenziewifi) . Peter has scripted up a handy little tool, using Power Shell, that shows useful information about your Windows machine’s current wireless connection.

He has basically taken the “netsh wlan” command and wrapped it in a simple UI that breaks down the information shown in the CLI in a nice simple display.

It shows things like channel info, auth type, BSSID, and it even converts the “signal quality” percentage, that Windows uses, in to a usable dBm value.

As of now, it does not show the one thing we Mac users have had access to for years - the current wireless connection’s MCS. But, Peter is working to add that. Other things he’s looking to add are:

  • MAC OUI lookup

  • AP name lookup

  • Other WLAN metrics, such as MCS

  • Log configuration

If you are a Windows user, or support Windows users, you owe it to yourself to add this little tool to your arsenal.

Get It Here!

Source: http://mackenziewifi.com/index.php/2020/01...

Ep. 004: PCAP'n with Eddie! Multi Channel Wireless Packet Capture on the LINUX!


Now we move on to Linux! Learned myself how to do multi-adapters on Ubuntu with Wireshark. I am sooooo excited!😬 There's more. ⬇

Ubuntu 2019.3

Wireshark 3.0.5

Netgear A6210

HANDY COMMANDS:

INSTALL AIRCRACK-NG

sudo apt-get update

sudo apt-get install aircrack-ng

SET NICS TO MONITOR MODE

sudo airmon-ng check (Checks for possible interfering processes.)

sudo airmon-ng check kill (Kill ‘dem processes!)

sudo airmon-ng start interface-name (Start monitor mode)

sudo airmon-ng stop interface-name (Stop monitor mode)

START NETWORK MANAGER

sudo systemctl start NetworkManager.service

REMOVE AVAHI-DAEMON

sudo apt purge avahi-daemon

CAN'T CAPTURE IN WIRESHARK?! 😱

sudo dpkg-reconfigure wireshark-common
(press the right arrow and enter for yes)

sudo chmod +x /usr/bin/dumpcap


Ep. 003: PCAP’n with Eddie! Multi-Channel Captures in Windows


Due to a recent “snafu” with my Omnipeek licensing, I was on the hunt for multi-channel packet capture alternatives. I believe these two options are currently the best and easiest way, to do this on Windows.

Yes, you can do this with the Ekahau Sidekick, but a.) it requires a Sidekick, and 2.) you can really only do two channels (any more and the two internal NICs start channel hopping). Below are the items you'll need. 

EDIMAX 7833UAC (3-Stream, USB 3.0, 11ac NICs)

METAGEEK EYE P.A.

COMMVIEW FOR WIFI

Ep. 002: PCAP'n w/ Eddie! Wireless packet capture on the Windows!


Basic intro on how to do a wireless (Wi-Fi) packet capture on Windows, on the cheap, using Wireshark 3.0 and the Netgear A6210. IMPORTANT  STUFF!👇

TABLE OF CONTENTS:

01:54 - Wireshark installation particulars.

04:01 - Supported NICs

07:05 - Putting NIC in RF Monitor Mode

09:31 - Setting the channel to capture on

STUFF:

Wireshark 3.x

Netgear A6210

IMPORTANT! You MUST install the Netgear drivers, to you will not be able to capture on any UNII-2 channels. Download the drivers here - https://tinyurl.com/y23xdl3r