Embed Size (px)
Citation preview
The Magic of AnalysisPeter Mackenzie CWNE #33
@mackenziewifi
2
© MarQuest Limited
01111000101000101100101010100011101010101010101010101101010101010101010110010101000101
10101000111001001110100011101110101100110100100010101000101010101000101111000101110011
10101010101010001010101010001011101010101010101010101100100100111011000101001011101011
Your Magic Wand
Used correctly, a protocol
analyser is your troubleshooting
and analysis magic wand
3
© MarQuest Limited
Power and Limitation of a Protocol Analyser
• The packets never lie!
– Lets you see exactly what is happening on your network
• You can only see the packets
– If your problem is not manifested in the packets, you will not
see it.
• For Wi-Fi, a Spectrum Analyser is also a key troubleshooting
tool
– Sometimes the lack of packets can point you in the right
direction
4
© MarQuest Limited
POS Cross-Chatter – Who’s Talking To Who?
5
© MarQuest Limited
When to Capture?
• Troubleshooting
– Protocol analysers shouldn’t only be used as a last resort
• Performance Analysis
• Baselining
– What is normal
– Understanding the 802.11 environment
• Education
– Finding out how things work
6
© MarQuest Limited
Troubleshooting Methodology
• Assume nothing
– Talk to the end users experiencing the problem
– Observe the problem
• A bit like real detective work
– Look for leads and then follow them
7
© MarQuest Limited
Troubleshooting Methodology
• Looking for leads
– Suspicious protocols, nodes & conversations
– Anything abnormal (Know what is normal)
• Know your protocol
• Baseline
• Following leads
– Filtering
– Select-related
– More captures
8
© MarQuest Limited
Know Your Protocol• Wireless and Wired
9
© MarQuest Limited
Know Your Protocol
• Wireless and Wired
10
© MarQuest Limited
Vendor Differences - Example
• Cisco – Beacon– WMM Parameter Element
Motorola/Zebra– Beacon WMM Information Element
11
© MarQuest Limited
Capture Before you Write
• Can’t I just read the Standard?
– Standard vs proprietary
– Standard interpretation
12
© MarQuest Limited
802.11 Power Save
Beacon ACK Data
(more =1)
ACK Data
(more =0)
Sleep PS-
Poll
ACK PS-
Poll
ACK
AP
Client
13
© MarQuest Limited
Power Save – As Implemented
14
© MarQuest Limited
Proprietary 802.11n Protection Mechanism
• Intel(R) Centrino(R) Ultimate-N 6300 AGN – Power Save
15
© MarQuest Limited
Win Arguments with Packets
• Prove it with a capture
• The packets never lie!
16
© MarQuest Limited
Missing
Data
Duration time
between CTS and
Block Ack is an
indication of the
data transmission
No data
17
© MarQuest Limited
MU-MIMO Data Exchange
MU Sounding
Exchange
MU Data
Data Ack
18
© MarQuest Limited
Thank you
