@ArubaNetworks | #ATM18
@eightotwo
YouCan’tFixItIfYouCan’tSeeItWirelessProtocolandSpectrumAnalysis
RobertBartz
@ArubaNetworks | #ATM18
@eightotwo
Presenter- RobertBartz
• Eight-O-TwoTechnologySolutions,DenverColorado• Engineer,Consultant,Educator,TechnicalAuthor,CWNE• BSDegree,IndustrialTechnology,CaliforniaStateUniversityLongBeach,College
ofEngineering• FormerAerospaceTestEngineer• 25YearsTechnicalTrainingWiththeLast17YearsSpecializinginWireless
Networking• Author- CWTSOfficialStudyGuidebySybex– 1st and2nd Editions• Author- MobileComputingDeploymentandManagement:RealWorldSkillsfor
CompTIAMobility+CertificationandBeyondbySybex• Author- CWTS,CWS,andCWTCompleteStudyGuidebySybex• E-mail:[email protected] Twitter: @eightotwo
@ArubaNetworks | #ATM18
@eightotwo
Agenda• CommonTroubleshootingMethodology• TheOSIModel(AQuickReview)• OSIModel– TheWirelessElement• TheIEEE802.11Frame• CommonIEEE802.11FrameExchanges• WirelessLANTroubleshootingToolsforLayer2(DataLink)• ProtocolAnalysis• WirelessLANTroubleshootingToolsforLayer1(Physical)• SpectrumAnalysis
@ArubaNetworks | #ATM18
@eightotwo
Thisisanolollygaggingsessionlol·ly·gagˈlälēˌɡaɡ/verbNorthAmericaninformalgerundorpresentparticiple:lollygaggingspendtimeaimlessly;idle."hesendshertoArizonaeveryJanuarytolollygaginthesun"
@ArubaNetworks | #ATM18
@eightotwo
CommonTroubleshootingMethodologyStepsinacommontroubleshootingmethodology
1. Identifytheproblem2. Determinethescaleoftheproblem3. Possiblecauses4. Isolatetheproblem5. Resolutionorescalation6. Correctiveaction/verifysolution7. Document,documentand
document
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
TheOSIModel
@ArubaNetworks | #ATM18
@eightotwo
• Thebasicconceptofcommunicationsinthecomputernetworkenvironment
• Consistsofsevenlayers• Eachlayerismadeupofmanyprotocols
andservesaspecificfunction• Dataisencapsulatedatsomelayers• WLANtechnologyoperatesatthetwo
lowestlayers
TheOSIModel(AQuickReview)OpenSystemsInterconnection(OSI)
@ArubaNetworks | #ATM18
@eightotwo
Layer2– DataLinkLayer(MAC)TwosublayersResponsiblefororganizingthebit-leveldataforcommunications(frames)DetectingandcorrectingPhysicallayererrors
Layer1– PhysicalLayer(PHY)TwoSublayersBit-leveldatastreamsandcomputernetworkhardwareconnectingthedevicestogether
OSIModel– TheWirelessElementMSDU
MPDU
PPDU
The Media Access Control Service Data Unit (MSDU) is upper layer data that is encapsulated at the MAC and PLCP sublayers
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
TheIEEE802.11Frame
@ArubaNetworks | #ATM18
@eightotwo
“SHOWMETHEMONEY”
TomCruiseasJerryMaguireinJerryMaguire(1996)
FamousQuotation#1
@ArubaNetworks | #ATM18
@eightotwo
“SHOWMETHEDATA”RobertBartzashimselfArubaAtmosphere#atm18LasVegas,Nevada(2018)
FamousQuotation#2
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11Frame
PacketsandFrames• Packetsareatlayer3
• Packetsencapsulatedata
• FramesareatLayer2• Framesencapsulatepackets
Packet
Frame
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11Frame
IEEE802.11- GeneralFrameFormat
ImageprovidedbyIEEEStd802.11™-2016
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11FrameFrameControlField
ImageprovidedbyIEEEStd802.11™-2016
EveryIEEE802.11FrameHasaFrameControlField
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11Frame
TheThreeIEEE802.11FrameTypes• ManagementFrames• ControlFrames• DataFrames
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11FrameManagementFrameTypesinIEEE802.11Networking• CommonManagementFrames
• Beacon• PassiveScanning
• ProbeRequest/Response• ActiveScanning
• IEEE802.11Authentication• OpenSystem
• IEEE802.11AssociationRequest/Response• Capabilities
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11FrameControlFrameTypesinIEEE802.11Networking• CommonControlFrames
• RTS– RequesttoSend• Reservesthemedium
• CTS– CleartoSend• ResponsetoanRTS
• IEEE802.11ACK• Acknowledgesunicastframes
• PSPoll• Legacypowersavemode
ImageprovidedbyIEEEStd802.11™-2016
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11Frame
DataFrameTypesinIEEE802.11Networking• TwoTypesofDataFrames
• Data• NullData
ImageprovidedbyIEEEStd802.11™-2016
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11Frame
DataFramesTypesinIEEE802.11Networking• Data
• Carrydatapayload
ImageprovidedbyIEEEStd802.11™-2016
Data (MSDU) is in the frame body
@ArubaNetworks | #ATM18
@eightotwo
TheIEEE802.11FrameDataFramesTypesinIEEE802.11Networking• NullData
• Doesnotcarrydatapayload• Powermanagement• Channelscanning• Maintaininganassociation
Power Management Bit
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
CommonIEEE802.11FrameExchanges
@ArubaNetworks | #ATM18
@eightotwo
IEEE802.11FrameTypes
CommonIEEE802.11FrameExchanges• IEEE802.11AuthenticationandAssociation• IEEE802.11Pre-SharedKeyAuthentication• IEEE802.1X/EAPAuthentication
@ArubaNetworks | #ATM18
@eightotwo
IEEE802.11FrameTypes
IEEE802.11 AuthenticationandAssociation
@ArubaNetworks | #ATM18
@eightotwo
IEEE802.11FrameTypes
IEEE802.11Pre-SharedKeyAuthentication
@ArubaNetworks | #ATM18
@eightotwo
IEEE802.11FrameTypes
IEEE802.1X/EAPAuthentication
@ArubaNetworks | #ATM18
@eightotwo
WirelessLANTroubleshootingTools
CommonLayer2DataLinkaka(MACLayer)TroubleshootingTools
@ArubaNetworks | #ATM18
@eightotwo
Layer2DatalinkLayer(MAC)- TroubleshootingTools
Protocol(Packet)Analyzers• Wireshark• SavviusOmnipeek• NetscoutWi-FiAnalyzer• TamosoftCommViewforWi-Fi• MetaGeekEyeP.A.
@ArubaNetworks | #ATM18
@eightotwo
Layer2DatalinkLayer(MAC)- TroubleshootingTools
ThroughputTestTools• Tamosoft- Free• jPerf- Free• iPerf- Free
@ArubaNetworks | #ATM18
@eightotwo
Layer2DatalinkLayer(MAC)- TroubleshootingTools
Throughputtesttoolsarenotjustforthroughputtesting• Getdatamovingforvarioustestingpurposes
@ArubaNetworks | #ATM18
@eightotwo
AdditionalSoftwareTroubleshootingTools
Wi-FiDiscoveryTools• AcrylicWiFiHome(Windows)- Free• AirGrabWiFiRadar(MacOSX)- Free• LizardSystemsWi-FiScanner(Windows)
Freeandpurchaseversion
@ArubaNetworks | #ATM18
@eightotwo
AdditionalSoftwareTroubleshootingTools
Wi-FiDiscoveryTools• MetaGeekInSSIDerOffice- Purchase• NetSpot(WindowsandMac)• WiFiExplorer(Mac)– Freeandpurchase
version• Xirrus(Riverbed)W-FiInspector(Windows
andMac)- Free
@ArubaNetworks | #ATM18
@eightotwo
HardwareTroubleshootingTools
Wi-FiTestTools• NetscoutLinkSprinter• NetscoutAirCheckG2• BerkeleyVaritronicsYellowjacket-BANG• NetscoutOptiViewXG
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
ProtocolAnalysis
@ArubaNetworks | #ATM18
@eightotwo
Troubleshooting Tools– ProtocolAnalyzers
TypesofProtocolAnalyzers• Portable(Laptop)• Infrastructure(AccessPoints)• Distributed(Sensors)
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– ProtocolAnalyzers
NetworkAdapterandOperationModes• MonitorvsPromiscuousMode• SupportedAdapters• AdapterCapabilities
@ArubaNetworks | #ATM18
@eightotwo
Troubleshooting Tools– ProtocolAnalyzers
ProtocolAnalyzersPlacement• NearAccessPoint?• NearUser?• Moving?
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– ProtocolAnalyzers
CommonProtocolAnalyzersSettings• Filters• RFChannel/Transitioning• SavetoDisk• Naming
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– ProtocolAnalyzers
ProtocolAnalyzersPacketList• MACAddressInformation• ProtocolTypes• Timing
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– ProtocolAnalyzers
ProtocolAnalyzersDecodes• RadiotapHeader/PacketInfo• NotLayer2Information• DerivedfromPhysicalLayerHeaderorDriver
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– ProtocolAnalyzers
ProtocolAnalyzersGeneralInformation• ChannelInformation• Statistics
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
So,Let’sGetPhysical
@ArubaNetworks | #ATM18
@eightotwo
WirelessLANTroubleshootingTools
CommonLayer1PhysicalLayer(akaThePHY)TroubleshootingTools
@ArubaNetworks | #ATM18
@eightotwo
Layer1PhysicalLayer(PHY)- TroubleshootingTools
InstrumentationSpectrumAnalyzers• Tektronix• Rohde&Schwarz• RFExplorer
@ArubaNetworks | #ATM18
@eightotwo
Layer1PhysicalLayer(PHY)- TroubleshootingTools
Wi-FiCentricSpectrumAnalyzers• MetaGeekChanalyzer+Wi-SpyDBx• NetscoutSpectrumXT• EkahauSidekick• Notjustfortroubleshooting
– Spectrumanalyzersarealsousedwithdesign
@ArubaNetworks | #ATM18
@eightotwo
Layer1PhysicalLayer(PHY)- TroubleshootingTools
SiteSurvey/DesignSoftware• NetscoutSurveyPro• EkahauSiteSurvey• TamosoftTamoGraph
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
SpectrumAnalysis
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– SpectrumAnalyzers
SpectrumAnalysisAllowsYouTo• “See”YourWi-Fi
– VisualizeUnboundedMedium
• ViewInterferenceTypes– BothWi-FiandNon-Wi-Fi
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– SpectrumAnalyzers
ViewKeyInformation• SignalStrength
– Receivedsignal(-55dBm)
• RFNoiseFloor– Unwantedsignal(-95dBm)
• SignaltoNoiseRatio(SNR)– Differencebetweensignalandnoise
» -55dBm– (-95dBm)=+40dBm
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– SpectrumAnalyzers
ViewKeyInformation• RealTimeFFT
– Amplitudeoverfrequency
• Waterfall– RFsignaloveraperiodoftime
• ChannelUtilization– RFactivityonthechannel
@ArubaNetworks | #ATM18
@eightotwo
TroubleshootingTools– SpectrumAnalyzers
SpectrumAnalysisAllowsYouToSee• Co-channelInterference(Wi-Fi)• OverlappingChannelInterference(Wi-Fi)• Non-Wi-FiInterference• MuchMore
@ArubaNetworks | #ATM18
@eightotwo
YouCan'tFixItIfYouCan'tSeeIt
SpectrumAnalyzerDemonstration
@ArubaNetworks | #ATM18
@eightotwo
Questions?
Whatisthebestwaytolearnprotocolanalysis?Justdoit!
Howmuchdothetoolscost?Varyfromfreetomanythousandsofdollars