As I am starting to dig deeper and deeper into the world of 802.11, my interests grow in trying to "see" the things that you normally can't see.
For the past few years, everytime there was a problem with the Wireless LAN in one of our customers' places, everybody said "well, its WLAN, therefore you have to accept the fact that it doesn't perform well", because nobody, including me, really understood what's going on in the air.
After I have started educating myself and beginning with the CWNP-program, my understanding grew.
I am now planning to upgrade our analysis-tools, so we can really troubleshoot our WLANs, because nothing bugs me more than "well, you can't rely on our WLAN".
So here is my question: what tools, sticks, radios, etc. are there that any of you guys own and really like? I know, the variety is really big and the price-range goes from 0$ to almost infinity, but it would really interest me, what "toolkits" you guys are using :-)
Site-Survey (active, passive, predictive):
- Ekahau Pro with 1 USB-300 NIC (2 more will come soon so we can do our on-site surveys faster)
- We currently work with Metageeks Chanalyzer and 1 DBx-Stick (an additional 2nd will come soon so we can scan both frequencies simultaneously)
- This is currently, unfortunately, our "blind spot". I recently set up a kali-linux, so I can at least set my Wi-Fi-Card into monitor mode and troubleshoot via Wireshark.
- Wishlist: Metageeks Eye P.A & Riverbed AirPcap Nx (at least one)
So what about you? Would you disagree with my list? Please feel free to add as many items as possible ;-)
Greetings from Switzerland, Renzo
Slightly confused by your statement:
"We currently work with Metageeks Chanalyzer and 1 DBx-Stick (an additional 2nd will come soon so we can scan both frequencies simultaneously)"
Assume you meant both frequency BANDS ?
Recently I acquired a NetScout (formerly Fluke) AirCheck Wi-Fi Tester. It provides many, but not all, of the features from several tools in an easy to carry handheld unit.
It is much handier than carrying around a Laptop. Mine also came with the (optional) directional antenna that works VERY well.
This device can pinpoint BOTH AP's and Clients very quickly - unlike many other tools I have seen. I am very happy with it..
My version has been replaced by the Aircheck G2, which I have not tried. You can sign up for a free demo at:
Back to the Chanalyzer for a moment.
If you see Utilization numbers, on the Channels Table, going higher than 70 % you should expect VERY bad WLAN performance.
Please post back with your results or further questions.
Your list is pretty much what everyone uses except I would switch Wireshark for Omnipeek, which is much easier to work with. A lot is built in. Wireshark requires more work up front. Omnipeek's graphs and GUI is much cleaner and the expert tools are great. At teh end not that expensive compared with WS on Win plus airpcap sticks.
Thank you very much for your response.
You are right - I meant "both frequency bands" simultaneously :-).
The AirCheck Wi-Fi Tester looks really interessting, I think I am going to check it out. But normally, I prefere laptop-integrated analysis-tools, because everywhere I go, my laptop is with me
I like the AirCheck, because it is handy and so versatile. But if I had to pay for it myself, I would stick with my laptop too.
I agree with Martin about OmniPeek, but again, it too is expensive.
Here is a list of tools most Wi-Fi professionals use on their laptop (and we use them in our training as well).
It is a skill to learn about adapters and how to play around with drivers
(use WikiDevi as a resource to see which chipsets support what and watch out for Rev. (Revisions of adapters)
as they use different chipsets.
In our instructor led training we use all vendors (and more Enterprise level systems how to do similar functions
on APs, Controllers, WNMS, Cloud). Online training (self study) www.globeron.com/onlinetraining
Thank you so much for all your responses guys, this really helps a lot.
@Ronald: I am still not quite sure if we should invest in USB-dongles for protocol analysis, or if we should wait a little bit. The majority of the sticks are 802.11a/b/g/n 2x2:2 capable, which doesn't allow you to capture data frames with the highest data rates (802.11ac and/or 3x3:3 / 4x4:4). Does it look like there are any new sticks coming soon, or is an investment of ~$2000 for 3 sticks still worth it at this moment? I know, normally it would be enough to just capture the management- and control-frames, and this will work with this sticks, too, but it would be a bad investment to spend a lot of money now, and new generations of sticks are going to be released soon (in my opinion at least)...
I doubt you would ever see a 4x4 or even a 3x3 USB stick - at least not without external antennas.
I use a Linksys AE6000 with OmniPeek and it decodes 802.11ac just fine.. They are going for about $50 each.
My advice is do not invest yet. This/Next week I am at WLPC (http://thewlpc.com/agenda/) and most vendors are here
as well, there will be updates.
For 3x3:3 802.11n (450 Mbps), get a Atheros dongle (Proxim WD8494 / Ekahau NIC300 and similar)
For 2x2: 802.11ac captures (as there is no 3x3) use a Netgear 6210 for Omnipeek (or a Netgear 6200 for Tamsoft)
(there are also several OEMs for the AC1200 chip, like DWA-182 revision C1
https://wikidevi.com/wiki/D-Link_DWA-182_rev_C1) Note revisions, as vendors tend to change chipsets...
Things are going to change:
3x3:3 .11ac Frame captures
4x4:4 .11ac Frame captures (and MU-MIMO), see the presentation of Chuck Lukaszewski "Under the hood"
(upcoming .11ax Frame captures, thus MU-MIMO down and up stream)
I do not think dongles are going to solve the issue and we need to do:
1. Utilize an Access Point (AP) with these features (for 3x3:3, 4x4:4, etc.)
Some vendors are very integrated with interfaces, others require other firmware and configurations at the command line
to put the radio chip in "monitor mode"
Example from Peter MacKenzi: IEEE 802.11ac 3x3:3 .11ac frame captures using an Access Point,
2. Also I need to investigate if a DAS (Distrubuted Antenna System) could be a solution (probably not for frame captures)
but maybe for Wireless Intrusion Detection Systems (as these need to look into the protocols as well)