Troubleshooting Wireless Flashcards
WiFi Tools
1) Spectrum Analysis (L1)
2) Wi-Fi Scanning (L2)
3) Packet Analysis (L3)
4) Cisco AireOS CLI and GUI Monitoring & Configuration Analysis
Spectrum Analysis Tools
- cable testers of WiFi
- analyze all RF energy and allow you to detect, locate, and mitigate sources of WiFi interference
- MetaGeek Chanalyzer, Ekahau Site Survey, Cisco CleanAir, Cisco Spectrum Expert, and Cisco Meraki RF Spectrum
WiFi Scanning Tools
- reports WiFi traffic you can see, like beacons, mgmt traffic, and WiFi network names
- Tool examples include MetaGeek inSSIDer, Wi-Fi Analyzer, and Apple AirPort Utility.
Packet Analysis Tools
- Packet analysis tool capture wireless traffic at the packet level (all frame types) between APs and clients
- Tool examples include MetaGeek EyeP.A., Wireshark, OmniPeek, and AirMagnet.
- These tools typically require specialized wireless adapters that will work in promiscuous mode (analyzes all traffic, not just traffic sent to it).
MetaGeek Chanalyzer
- can be used with its own RF spectrum adaptor (Wi-Spy) or by connecting it to a Cisco AP in spectrum expert mode (additional license from MetaGeek)
- Chanalyzer measures RF signals in the 2.4- and 5-GHz spectrum. It can detect cochannel and overlapping channels in the RF spectrum. It can also show and identify the interferers (non-WiFi) in the RF space. Chanalyzer is Windows-based.
Ekahau Site Survey (ESS)
- designed to function as a network planning tool, to perform pre- and post-site surveys, perform analysis and report on existing Wi-Fi networks, and support troubleshooting of Wi-Fi networks. Regarding troubleshooting, ESS can perform passive and active Wi-Fi tests; identify coverage issues, interference problems, Wi-Fi equipment failures, misconfigured devices, and roaming problems.
- ESS can also provide capacity and application troubleshooting. For example, you may receive a trouble ticket that says the Wi-Fi network is dropping VoIP calls in a particular area. The Ekahau Site Survey tool can help analyze the signal strength and SNR, noise and interference, roaming, RTT and packet loss, and spectrum power and channel utilization in the area where the problems are reported to assist you in resolving the problem.
- Coverage holes
- Excessive interference (CCI/ACI/other)
- Insufficient Wi-Fi capacity
- Excessive VoIP traffic or AP overload
- Misconfiguration with 802.11ac and 802.11n
- Suboptimal channel assignments
- Missing security settings
- Excessive number of stations per AP
- Excessive load on a given channel
Cisco CleanAir
- Clean Air can be enabled from the Cisco Wireless LAN Controller (WLC) so that the AP can scan the RF. CleanAir cannot only identify RF interference, it can also indicate which APs have reported the interference to better locate it. CleanAir also has reports to indicate the severity to each channel, based on the interference device.
- The configurable CleanAir settings on the Cisco WLC consist of globally enabling (or disabling) the CleanAir functionality, determining whether interferers will be reported, determining whether persistent devices will be tracked and reported, and choosing which types of classified interferers will generate an SNMP trap upon detection.
Cisco Spectrum Expert GUI
- Cisco Spectrum Expert can help you identify potential interferers. You can use a laptop with a sensor card installed with either an internal or external antenna, or you can connect to a remote sensor. The remote sensor is an AP that has been configured to operate in SE-Connect mode.
- Spectrum Views: These views provide plots and charts that offer a direct view into the RF spectrum, including measurements of RF power and network device activity.
Active Devices: This view shows all currently active devices in the network neighborhood, including network devices and interferers. Devices: This view provides detailed information on current and historical device activity. Channel Summary: This view provides a statistical overview of RF activity (such as power levels and number of interferers present) on a per-channel basis. This view gives you an instant picture of the channels that are subject to excess interference, and the channels that have the best potential for trouble-free network activity. Device Finder: In Device Finder mode, Cisco Spectrum Expert Software is an RF "sniffer" that is optimized for displaying RF power data in a way that quickly enables the network engineer to track down interfering devices. Tools: These tools support the configuration of Cisco Spectrum Expert Software.
Cisco Meraki RF Spectrum
- The Cisco Meraki MR Series Cloud Managed Access Points have a dedicated radio for analyzing the RF spectrum. From the Cisco Meraki dashboard, the 2.4- and 5-GHz spectrum can be analyzed. Continuous monitoring also occurs in the background. This information is used to automatically optimize the radio network.
MetaGeek inSSIDer (Windows, macOS)
The MetaGeek inSSIDer is a third-party Wi-Fi network optimization and troubleshooting tool. It is typically used in smaller networks but provides robust capabilities to allow the administrator to quickly identify, locate, and troubleshoot network issues.
The application helps you identify what is being used in the WLAN by displaying Service Set Identifiers (SSIDs), MAC addresses, channels, data rates, and security. It helps to avoid interference, avoid channel conflicts, manage multiple APs, and select the best channel for a given area in the network. inSSIDer can provide the level of interference for a specific channel. It can show a physical view of each AP or a logical view that shows what APs support a specific SSID. To help resolve issues, inSSIDer can show you which channels will provide the best performance in a specific area to get away from congestion and cochannel interference. It works in both the 2.4- and 5-GHz spectrums. Information that is captured by inSSIDer can be uploaded to MetaGeek Chanalyzer for further analysis. inSSIDer is available free in restricted form or can be purchased for more comprehensive features. It is available across Windows and macOS platforms.
Wi-Fi Analyzer (Android)
Wi-Fi Analyzer is a third-party smart phone or tablet WLAN scanning tool. It is one of the original free Wi-Fi analyzer apps for Android and it offers some basic information about the area that the 802.11 radios of your phone can see.
It can view SSIDs (name and MAC), channel overlap, security, and signal strength. Information can be in a grid view or graph view.
Apple AirPort Utility scanner (iOS)
The built-in scanning feature in the Apple AirPort Utility is another example of a smart phone or tablet scanning tool. This tool is part of the WLAN management utility with the operating system.
When activated, the Apple AirPort Utility scanner will display SSID (name and MAC), Received Signal Strength Indicator (RSSI), channel, and the last time the SSID was seen. Results can be exported in CSV format.
MetaGeek Eye P.A.
MetaGeek Eye P.A. is a Windows-based tool that captures wireless packets using a specialized wireless adapter, AirPcap Nx. It is able to capture packets in both bands (2.4 and 5 GHz). MetaGeek Eye P.A. reports on which devices are transmitting the most, and it displays frames (control, management, and data) by type and usage. Eye P.A. also supports packet captures from other vendors, like Wireshark and OmniPeek.
Wireshark
This packet analyzer is open-source software. It can capture wired packets from a network adapter in promiscuous mode. The AirPcap Nx wireless adapter is required for wireless captures. Wireshark lets you filter and analyze traffic by protocol. It runs on Windows, Linux, macOS, Solaris, FreeBSD, and NetBSD.
Ways to Obtain Packet Captures
1) spanning a port on a switch with SPAN, RSPAN, or ERSPAN
2) using the wireless sniffer mode of an AP to obtain a wireless trace