Wireless LAN (Wi-Fi) became very popular in the last decade, starting from the old 802.11b through 802.11g and to the latest 802.11n standard for high-bandwidth wireless communications.
There are also the emerging standards such as IEEE 802.11ac with products coming in to the market, along with the 802.11ad, which is still under development.
In this recipe we will learn how to resolve Wi-Fi problems, and how to use Wireshark to capture Wi-Fi frames and for basic traffic analysis.
When users complain about bad performance when they connect through a Wi-Fi connection, go as close as you can with your laptop to the user location and verify that you have your Wi-Fi adapter enabled.
The basic tool is right in the laptop (as we can see in the following screenshot) where, you have the first indication for:
- The signal strength, that is the Received Signal Strength Indicator (RSSI). In some cases, you will see only the quality of signal; in other cases, you will also see the dBm number
- The access point ID, that is the Service Set Identification (SSID)
- The security protocol that is used
- Radio type (802.11n as shown in the following screenshot)
You can also use dedicated software, many of them being freeware, to discover available Wi-Fi networks and channels (some of them from the laptop vendors, and some from others). In the following screenshot you can see a list of wireless networks discovered by a software name WIFi Locator (http://tcpmonitor.altervista.org/); however, there are many other software with basic discovery features:
RSSI levels indicate that the higher the number is, the lower is the strength:
- -60dBm and better: This indicates a good signal level
- -80dBm to -60dBm: This indicates a reasonable signal level
- -80 dBm to -90dBm: This indicates a weak signal level
- -90 dBm and lower: This indicates a very weak signal
If you have RSSI in the reasonable range and above, the received level is usually enough, and you should look for frequency disturbances and other radio problems.
If you want to check if there are any disturbances, you can use software that will discover RSSI over time, and will give you a more accurate picture of your network. In the following screenshot you see such a software, called inSSIDer; it gives you a more accurate picture about which access points are working and their details.
- Try to find out the following problems:
- Different access points (APs) working on the same channel in the same area
- Low RSSI values (indicated in RSSI numbers lower than -90dBm)
- The next step is to use spectrum analyzers to check which frequencies are used in your area. You can expect frequency disturbances in areas such as airports, seaports, and military. Spectrum analyzers are available from various vendors such as Fluke Networks, Agilent, and Anritsu.
- Wireshark can be used to analyze Wi-Fi control frames. The first thing to look for is whether the APs are sending beacon frames. In the following screenshot, you can see these frames:
The stations can send beacon probe request frames to find a nearby access point.
The station can also acknowledge the beacon frames coming from the access point in order to register to the AP.
Tip
The access point periodically sends beacon frames to announce its presence and relay information. This information includes timestamps, SSIDs, and other parameters with regard to the access point. Radio wireless NICs continually scan all 802.11 radio channels and listen to beacons, in order to choose the best access point to associate with.
- After accepting and acknowledging the beacon frame, a standard DHCP process will start, as described in Chapter 8, ARP and IP Analysis.
The Wireless LAN standards are based on the IEEE 802.11 committee. The standards started with 802.11a, 802.11b, 802.11g, 802.11n, and lately 802.11ac and 802.11ad for higher bandwidth.
As seen in the following figure, Wireless LAN networks are based on access points (APs), and wireless clients connect to them.
The most common wireless standard today is the 802.11n, which uses the advanced modulation Multiple Input Multiple Output (MIMO), to work with up to four antennas and some additional technologies, to increase bandwidth.