A customer called me and wanted some help troubleshooting some wireless problems. Their users have been reporting intermittent wireless performance issues and getting ‘dropped’. To top it all off, their WLAN controller has also been reporting ‘containment’ error messages that weren’t to descriptive or helpful.
I showed up on site and did all the basic RF checks with my AirMagnet Spectrum XT to make sure there wasn’t an RF issue like an interferer or channel planning issues. Like I always say, “Start at Layer 1”.
Then I moved up a layer using my Fluke Networks AirCheck and AirMagnet WiFi Analyzer. Everything looked pretty quiet and nothing jumped up at me, so I saved some trace files to review later.
Then I thought I would take the trace file and open it with Wireshark since I have more experience with packet analysis than I do using the AirMagnet/AirCheck tools.
In this video I show you some of the filters I used, what they mean and what I found.
I always enjoy getting to the packet level since packets don’t lie, but would also like to spend more time with the other tools now that I know what issues are to see how, or what, they report.
In closing there are a few points I want to make sure aren’t lost throughout the video;
1. Just because I used Wireshark to find some clues does not mean that the other tools were less effective, I just have more experience with protocol analysis/Wireshark.
2. If you deploy any kind of wireless intrusion system, make sure you don’t just turn it on without proper network due diligence.