Forum

  • By (Deleted User)

    There's a good whitepaper about 802.11g backwards compliance and protection mode on Cisco's website here:

    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00801d61a3.shtml

    Joel

  • By (Deleted User)

    Today's posting has a theme song and is dedicated to the "dudes in CWAP TTT, May 2004".

    Baby Got Ack
    ---------------------
    (sung to the tune of Sir Mix-A-Lot's "Baby Got Back")

    I like big packets
    not short little frames
    I like them fast and big
    and when I'm throwing a gig
    I just can't help myself
    I'm acting like an animal
    looking for that cool leather jacket
    I'm ready to ana-lyze
    the information you send past my eyes
    so don't you go and fragment yo
    cause I'll hack your freakin' network, ho!
    baby got ack
    baby got ack
    ---------------------

    Dedicated Reader,

    Well today was the last day of class. I'm a little bummed about that. But, it's also my three month anniversary of being married to my new wife, so I got that going for me.

    Today we worked on TamoSoft's CommView for WiFi and Network Chemistry's Fusion and Packetyzer. CommView for WiFi is a good low-cost protocol analysis tool. It is well-supported and has all the features needed to perform basic WLAN analysis. It doesn't have some of the advanced features you'd find in AirMagnet, AiroPeek, and Observer, but it still does a good job, especially considering the price.

    Here's what sets CommView apart from most of the others. You can right click on a TCP session and recreate it. This means you can regenerate webpages, images, FTP sessions, etc. from the packets you've captured. Pretty cool!

    TamoSoft also sells a set of utilities called Essential NetTools. This includes ping, process monitor, portscan, netstat, and NetBEUI scanning programs that help you understand what's happening in your network. CommView includes some fairly advanced capabilities for filtering although you might need to read how to implement them if you go past basic filter definitions.

    Network Chemistry (or just NetChem) has two primary software programs called Fusion and Packetyzer. These work with Neutrino hardware sensors that can be remotely deployed and managed through Fusion. Clients can connect to the Fusion Server to gain access to the information being collected by the sensors. This is cost effective but limited to a single server accessing the sensors at a time. This also requires a fast processor and lots of memory on the server, otherwise you'll get delays and potentially some lockups that are only recoverable by a three-finger salute (Ctrl-Alt-Delete) where you have to kill the stuck application in Task Manager.

    I thought NetChem offered quite a bit of excellent information, great configuration of alerts and a decent WLAN IDS. The interface is somewhat confusing at times though and packet analysis is different from the other protocol analyzers. NetChem has a very different layout of frame information so it might be difficult to find what you're looking for if you are used to the standard layout you'd find in most protocol analyzers.

    One of the cool features that Packetyzer has is the "Follow TCP Flow" capability. This allows you to see chronological "ladder" style flows of TCP conversations which include duration times and frame information. This is excellent for diagramming exactly how TCP communication occurs between two stations.

    The CWAP class allowed us to learn many different products with similar features. In my opinion, the key to being an expert protocol analyst is understanding the full capabilities of the products you are working with. You also need to know what they can't do and why and supplement additional tools as necessary. Also, it's possible to work with developers to promote positive changes in the products you like. If there's something you need or would really like to see, don't hesitate to send them an email. They'd probably like to see it implemented too, as long as it is feasible and will generate more sales.

    I truly thoroughly enjoyed this class. I learned much and cemented many concepts I had prior to attending. This class rocked and I highly recommend it!

    Thank you so much to Kevin and Devin and to the entire Planet3 Wireless support team (Scott, Scott, and whomever else is out there lending a hand). You guys are going to go far.

    Sincerely,
    Joel Barrett

  • What an awesome class we had this week. The beta class, held 1 month ago, was a little rough around the edges. MANY thanks to the beta attendees for offering corrections, suggestions, and detailed information that led to the TTT class being simply superb. The students grasped the information well, the labs and PPTs went very smoothly, and students could answer complex situational and standards-focused questions by the end of the week without any problems.

    Many thanks to Joel for his kind words, daily postings, and his knowledgeable presence in the class. We were happy to have many instructors in this class and the beta, and we even had meijin hanging with us for a week! :-) Hey amigo, thanks for dinner on Thursday!

    We had only a few minor issues here and there with the labs, but after this class, all the labs should be rock solid. We found bugs in software, had many suggested additions to products, and found features in the access point we didn't even know was there. :-)

    If anyone has any techy questions from the class, give me a shout on this forum.

    Devinator

  • I had it when it was the WSP100 and then network chemistry sold it as the RF grabber before working on their neutrino line. I worked with Chris of Network Chemistry back in late 02 and 03 on beta testing, finding problems and offering enhancements to packetyzer and wsp100/neutrino. The product has matured tremendously and I highly recommend it as a starter or overall IDS system for a SMB and a pretty good sniffer for protocol analysis and site surveys for the price. Good stuff..

    www.amilabs.com

  • By (Deleted User)

    Hey Folks,

    I thought the class was [b]excellent[/b]. There was lots of time to go through how each analyzer worked and what to look for. The amount of data from day one that seemed insurmountable, became (almost ;) ) old hat by the end. I just wish I could have stayed through Friday!

    I can't think of anything to add or remove from the class. To paraphrase Joel, [i]this is the info you need to become the ultimate wireless professional[/i].

    Thanks for the great class!

  • By (Deleted User)

    [quote]Baby Got Ack
    ---------------------
    (sung to the tune of Sir Mix-A-Lot's "Baby Got Back")

    I like big packets
    not short little frames
    I like them fast and big
    and when I'm throwing a gig
    I just can't help myself
    I'm acting like an animal
    looking for that cool leather jacket
    I'm ready to ana-lyze
    the information you send past my eyes
    so don't you go and fragment yo
    cause I'll hack your freakin' network, ho!
    baby got ack
    baby got ack
    ---------------------
    [/quote]

    After reading about the new rap tune, "Baby Got Ack", I do not know if I should laugh out loud or if I should lock my children in a closet to protect them from this shocking song.

  • By (Deleted User)

    Uhhh.... guess you had to be there. ;^)

    Joel

  • Joel where are you located in Cisco what city?
    Just curious for I took a pass on a job at cisco some months ago in NYC for the regions wireless consulting engineer spot. I have been self employed for 10 years and it is hard to break out of that.
    Just curious if you filled the spot in NY.

  • By (Deleted User)

    I'm located in the lovely city of Atlanta, GA -- home of Planet3 Wireless no less.

    I've been working for Cisco for over four years and handle wireless partners in the south.

    Joel

  • By (Deleted User)

    Ok, so it took two tries, but today I passed the CWAP exam (PW0-205)! Here's the scoop on what's changed since the beta version.

    First and foremost, the test is now 120 minutes long (versus the beta's 90 minutes), still with 60 questions and a minimum score of 70. When I took the beta, I made a 48 and had to rush through it with only a couple minutes left after the last question. Today I made a 73 but I took my time and was able to think a lot about the questions and try to figure out exactly what was being asked. I had almost 20 minutes left at the end of the exam.

    Needless to say, this is still one bitch of an exam. There are questions which require you to know several areas of wireless analysis extremely well just to figure out what the distractors are so you can narrow it down to one or two possible answers.

    This exam is not to be taken lightly. You have a ton of memorization to do. The entire first day should be committed to memory, but more importantly, you really need to understand all the material so you can deduce some of the answers from the question and figures. I took the courseware and separated it into two books, one for the first day material and the other for all the protocol analysis software and labs. I spent more time reading and re-reading the first day book because I felt very comfortable with protocol analysis.

    It's important to be able to do the packet math -- for example, you might want to know how to figure out how many fragmented packets get created when fragmentation thresholds are reduced from the max. You might also want to know what impact long vs. short slot times cause and the differences between different modulation requirements.

    In addition, I still highly recommend the "802.11 Wireless LAN Fundamentals" book by Pejman Roshan. Heck, if you get time, reading the mind-numbing IEEE standards -- certainly can't hurt. Also, and this is an important one, get the practice exams available via Planet3 Wireless website. The actual practice exams could be better designed (they're getting better every day) but the content and knowledge you'll gain going through them is definitely worth it. Highly recommended! I seriously don't think I would have passed the exam this time without them.

    Last, during the test, take your time and really read the questions and look at the figures. You'll find stuff in there the deeper you look. Don't worry about the time, you should have plenty and, believe me, you'll appreciate the fact that it's there after you've spent five minutes on a question trying to figure out the answer.

    Good luck!
    Joel

Page 2 of 3