Can My Sniffer Smell 802.11n?

Can My Sniffer Smell 802.11n?

By CWNP On 08/31/2007 - 5 Comments

With 802.11n certified devices popping up all over the place (most due to the Wi-Fi Alliance's new certification testing), how long will it be before 802.11n APs become rogues?  Well, that's already happened.  How do we detect them?  Fortunately, backwards compatibility is mandatory in 802.11n devices.  DSSS/CCK (when using 2.4 GHz) or clause 17 OFDM rates (when using 5 GHz) are used for Beacons when either 20 MHz mode or 20/40 MHz mode is used.  While Space-Time Block Coded (STBC) Beacons are supported (called Secondary Beacons), legacy Beacons still must be transmitted as the primary Beacon. 

Data frames transmitted by 802.11n devices may or may not use STBC (and therefore be detected by 802.11a/g WIPS), but rest assured, at some point, even an STBC capable AP (and client device) will transmit non-STBC frames and be detected by the WIPS.  Additionally, Transmit Beamforming (TxBF) functionality will make it a little more difficult for WIPS sensors to capture all of the data stream between an STBC client and STBC AP, but nevertheless, the point isn't to analyze rogue traffic but rather to eliminate it.

5 Responses to Can My Sniffer Smell 802.11n?

Subscribe by Email
Mary Elbert Says:
06/19/2018 at 10:38am
Best Bulk SMS Service Provider Company In the USA which offers extensive or potentially modified/customized informing stage. We Provide The Service/pack For SMS Gateway Integrations, International/Global SMS Services Sending Bulk SMS USA.

dajib 12 Says:
05/26/2018 at 11:30am
The Rackspace Webmail Login is a simple process. After logging in to rackspace webmail login, you will find only one difference and that is the white-labeling when you sign in using your domain’s custom URL.

Says:
09/10/2007 at 17:45pm
It's important when selecting your sniffer application to understand the optional supported PHY features of the 11n capture device.

An example would be if device [a] was attempting to capture traffic between devices [b] and [c].

If [b] was transmitting Greenfield packets to [c], but [a] was not able to receive Greenfield packets, then the sniffer capture would have a lot of missing data - or a lot of corrupt data.

Consider the previous scenario for the following PHY features.

STBC (as described above)
Greenfield
Short Guard Interval in 20MHz
Short Guard Interval in 40MHz
40MHz
Spatial Streams

Says:
09/09/2007 at 09:12am
No. Perhaps you misunderstood. Only the traffic transmitted using non-HT PHYs can be understood by an a/b/g analyzer. HT (high throughput) APs must send some frames using non-HT PHYs, and therefore can be found by non-HT capable analyzers. Non-HT capable analyzers cannot understand HT frames.

Says:
09/09/2007 at 00:26am
So I can use my Netgear /a/b/g card with Atheros chipset to capture 802.11n traffic. How to identify it as the .11n traffic though?

<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More