sniffwifi

Just another WordPress.com site

Archive for January 2013

Sniff Like Silver

leave a comment »

Sometimes I dream
That he is me
You’ve got to see that’s how I dream to be
The dream I riff, the dream I sniff
Like Nate
I want to be like Nate (Silver)

Much has been made of the increased emphasis on statistical analysis, especially in the wake of New York Times blogger Nate Silver correctly predicting the electoral results for all 50 states in the recent United States presidential election.  Can analytics be applied to WLANs?  Of course they can.  It’s just a matter of sniffing the right stuff.

There are a lot of bad WiFi networks out there.

There.  I said it.  It’s out there and I can’t take it back.  I see a lot of Wi-Fi in my travels.  Almost all of it could be improved upon and much of it seems like it was installed by folks with little understanding of how 802.11 networks work.

So, what do we do to fix it?

We can have best practices.  We can finally ditch automatic RF controls.  (Please, people.  If you haven’t head yet, you want to set your 2.4 GHz channels to 1, 6 and 11 only and you want to keep your AP transmit power between 12 and 15 dBm.)  We can embrace directional antennas.  We can stop thinking that the solution to poor client/station connectivity is to place another AP nearby.  But what does that solve?  Are we really getting to the core of the problem, or are we just playing Whack-A-Mole?  (It’s a fun children’s game where you use a foam hammer to hit Moles that pop up, but whenever you whack one mole, another is certain to surface.)

If you really want to improve WiFi, you need to know how WiFi works.  The Boston Red Sox (gosh I hate the Red Sox so this next part is really, really, really painful to write) studied how baseball works, and they went and signed David Ortiz.  (Who was RELEASED by the Twins!  Hahahaha!  Reveling in the Twins’ incompetence is almost enough to make up for having to praise the Red Sox.)  They picked up Keith Foulke and Kevin Millar and Curt Schilling.  They analyzed how baseball works (in their case, that meant looking at historical statistics in an attempt to identify what statistics tended to identify players who contribute to winning teams) and they applied what they learned when building two World Series champion baseball teams.

So we need to know how WiFi works.  Great.  Now how do we do that?

Part of knowing WiFi is understanding the 802.11 standard.  (WARNING: shameless self-promotion coming)  If you are unfamiliar with the standard, a great place to start is the CWNA Study Guide and a great place to finish is the CWAP Study Guide, which I am a co-author of.  (See, I told you this would be disgusting self-promotion.)

The other part of knowing WiFi is understanding how your devices work.  Not just the APs.  The client/stations.  You want to figure out how your iPads, iPhones, Kindles and Blackberrys are going to act.  What will my iPad do when it wakes from sleep?  When I enable the WiFi radio?  When I put it to sleep?  When I open the Twitter app?  When I download the Wall Street Journal?

Nobody has the time to sniff every possible activity that every possible device could possibly endeavor.  But we can sniff some of it.  If I work at a university, I can sure as heck see what iPads do when they go to sleep and wake from sleep, because that will probably happen thousands of times per day on my campus.  If I work at a hospital, I can run the Andoid app that some of my doctors use to view doctor-y stuff.

To engage in WiFi client/station analytics, one should really use a professional tool like WildPackets OmniPeek, but you can do this stuff with free tools like Wireshark.  For example:

If I have a laptop or desktop running Mac OS X, I can hold the [Alt] key while clicking the signal bars and then select Open Wi-Fi Diagnostics.  I’ll get a screen that looks like this:

I can then select Capture Network Traffic and click Continue.  That takes me to this screen:
To sniff WiFi properly, one needs to be in Monitor Mode (NOT promiscuous mode).  To get Wi-Fi Diagnostics to use Monitor Mode, I select Capture all data from all nearby networks and then I select a specific channel.  (The office I’m working from today is using channel 2 and that’s just silly but that’s another story for another blog post.)
Once I have set up a Monitor Mode capture, I can then click Start Capturing.  From there, I just do what I would normally do.  I put my iPad to sleep, I woke it up, I turned on airplane mode, I turned on and off the WiFi radio and I ran the Twitter app (say hello to me on Twitter sometime at @Ben_SniffWiFi).
After you finish capturing the Wi-Fi Diagnostics application will zip up all of your diagnostics information and give you a .pcap file like so:
Open that file and, voila!, you have a Monitor Mode capture that you can use to analyze your WiFi client/station’s behavior.
Now, as any person who embraces analytics will tell you, gathering the data is the easy part.  What separates the Red Sox (grrr!  Hate to give them credit) from the Twins (hah hah!  Brewers rule and you know it) is the ability to understand which parts of the data are useful and which are not.  And that, my dear readers, is a topic for another time and place (and maybe, a blog post).

Advertisements

Written by sniffwifi

January 3, 2013 at 7:50 pm