Presentation on theme: "Troubleshooting Wireless Networks Last Update 2013.06.21 1.23.1 1Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com."— Presentation transcript:
Troubleshooting Wireless Networks Last Update Copyright Kenneth M. Chipps Ph.D.
Introduction Troubleshooting a wireless network is difficult, as the wireless environment is hard to visualize and control This presentation will discuss the common problems seen in wireless data networks and their solutions 2 Copyright Kenneth M. Chipps Ph.D.
Tools Used to Troubleshoot There are two main tools used to troubleshoot wireless networks These are –Spectrum Analyzer –Protocol Analyzer Copyright Kenneth M. Chipps Ph.D. 3
Sources of Problems There are many sources for the problems seen in wireless networks They are all due to three reasons for the most part –First, the unbounded nature of a wireless network which makes it subject to interference in all its forms and manifestations Fluke estimates that 60 percent of wireless LAN problems are related to interference 4 Copyright Kenneth M. Chipps Ph.D.
Sources of Problems –Second, for outside networks water infiltration is common –Third, the technology itself produces several problems for both inside and outside networks such as Hidden Node Near/Far Low throughout Fragmentation Copyright Kenneth M. Chipps Ph.D. 5
Layer 1 Troubleshooting Troubleshooting should begin at layer 1 A spectrum analyzer is used to examine this layer Copyright Kenneth M. Chipps Ph.D. 6
900 MHz Interference Common sources of interference in the 900 MHz band include –Paging systems at 929 to 932 MHz are a common cause of problems –Analog based cellular phone systems stop at 896 MHz, but have been known to cause crosstalk all the way up to 914MHz –FEMA and ESMR high powered emergency service and dispatch equipment that can bleed as high as 904 MHz 7 Copyright Kenneth M. Chipps Ph.D.
900 MHz Interference –SCADA used for telemetry and monitoring uses the ISM band –The 940 to 960 MHz part of the 900 MHz range is licensed –900 MHz near a TV antenna can cause interference on channels around 5 and 6 Copyright Kenneth M. Chipps Ph.D. 8
2.4 and 5 GHz Interference In the 2.4 and 5 GHz bands sources of interference include, depending on the frequency –Amateur operations at least in the 2.4 GHz band –Microwave ovens –Cordless phones –Lights that use 2.4 GHz signals to excite the gas in the tube 9 Copyright Kenneth M. Chipps Ph.D.
2.4 and 5 GHz Interference –Satellite radio services that use 2.4 and 2.3 GHz –Cellular phone sites They do not use the unlicensed frequencies for service, but they do use them for backhaul –Medical devices –Elevator motors –Television station transmission from remote vehicles back to the studio Copyright Kenneth M. Chipps Ph.D. 10
2.4 and 5 GHz Interference –Bluetooth headsets Especially when there are a large number of these, such as in a call center –Smartphones –Embedded wireless devices such as in MP3 players, watches, and so forth –Wireless game controllers –Zigbee devices –WiMax sites Copyright Kenneth M. Chipps Ph.D. 11
2.4 and 5 GHz Interference –Wireless cameras –Some motion detectors –Harmonics and intermodulation products Copyright Kenneth M. Chipps Ph.D. 12
Interference These sources of interference will cause waits by stations to transmit, retransmissions, and in the worst case data rate reduction The end result is that the actual data rate is even lower then the expected throughput, keeping in mind that the expected throughput is usually only 60 percent of the advertised capacity Copyright Kenneth M. Chipps Ph.D. 13
Interference For example, a capacity of 54 Mbps in the best case will only produce a throughput of 60 percent of that or 26.5 Mbps Then the reduction from the effects of interference can lower that even further Finally, this available bandwidth must be shared by all of the devices on the wireless access point as networks of all kinds are shared media Copyright Kenneth M. Chipps Ph.D. 14
Interference These sources of interference manifest themselves as one of the following types –Narrowband –All band –Adjacent channel –Co-channel –Multipath 15 Copyright Kenneth M. Chipps Ph.D.
Narrowband Interference Narrowband interference is basically another signal at a single or narrow range of frequencies As such it blocks out part of the spread spectrum signal An advantage to spread spectrum technology is its ability to work around limited narrowband interference 16 Copyright Kenneth M. Chipps Ph.D.
Narrowband Interference To get rid of the narrowband interference –Shield it –Turn it off –Change channels on the wireless network equipment Copyright Kenneth M. Chipps Ph.D. 17
All Band Interference All band interference is from one end of the band to the other A microwave oven is an example of this type of interference About the only solution to all band interference other than getting rid of the source is to change bands, such as from b/g to a 18 Copyright Kenneth M. Chipps Ph.D.
All Band Interference In the case of a microwave commercial, rather than consumer grade, microwave ovens will typically produce less interference Copyright Kenneth M. Chipps Ph.D. 19
Adjacent Channel Interference Adjacent channel interference is produced by co-locating access points where the channels overlap somewhat or completely Metageek views this as the worst type of interference Here is what they say about it –As one of the APs tries to talk to its clients, the transmissions become garbled because of the transmission interference of the other two 20 Copyright Kenneth M. Chipps Ph.D.
Adjacent Channel Interference –This drives down the performance of all of the networks A network detection device or a spectrum analyzer is required to detect this problem To prevent this –Do not use channels that overlap –Move the access points far enough apart that the cells do not overlap or turn the power down to achieve the same effect Copyright Kenneth M. Chipps Ph.D. 21
Co-channel Interference With co-channel interference there is a direct overlap of the channels An example might be two different organizations using the same channels where one is on floor 1 and the other on floor 2 or in an adjacent office To detect this a network detection device or wireless network analyzer is required 22 Copyright Kenneth M. Chipps Ph.D.
Co-channel Interference Metageek says that this form of interference is not as bad as adjacent channel interference because –Co-channel congestion works in a similar manner –Performance is hindered by wait times, but the bandwidth is managed, and every device will eventually get a chance to talk to its associated AP Copyright Kenneth M. Chipps Ph.D. 23
Co-channel Interference To prevent this –Do not use channels that overlap –Move the access points far enough apart that the cells do not overlap or turn the power down to achieve the same effect –Change the orientation of the antennas, with one horizontal and the other vertical polarization Copyright Kenneth M. Chipps Ph.D. 24
Co-channel Interference Keep in mind that some devices will detect co-channel interference and move to another channel This does not help if the device is a frequency hopper as it will move constantly from one channel to another Copyright Kenneth M. Chipps Ph.D. 25
Detecting Interference In based networks interference will show up as increased fragmentation, decreased transmission rates, and increased retransmission 26 Copyright Kenneth M. Chipps Ph.D.
Multipath Interference Another type of interference is multipath When a radio frequency wave leaves an antenna it encounters objects off which it is reflected, this creates multiple wave fronts, one for each reflection point Some of these waves go off in space, but others reach the receiving antenna along with the original wave front 27 Copyright Kenneth M. Chipps Ph.D.
Multipath Interference Since the reflected waves cover the distance from the transmitter to the receiver over a different time interval than the original wave there is a delay between when the original wave front arrives and the reflected waves arrive The time between the arrival of the original wave and the last reflected wave is the delay spread Copyright Kenneth M. Chipps Ph.D. 28
Multipath Interference The value for delay spread will vary For an b or g network the delay spread is –< 50 nanoseconds for a typical home –100 ns for office environments –200 to 300 ns for a manufacturing floor This is very much like an echo where the listener has trouble figuring out what is an original sound and what is an echo 29 Copyright Kenneth M. Chipps Ph.D.
Multipath Interference Multipath causes several problems –Decreased signal amplitude or downfade –Corruption –Nulling –Increased signal amplitude or upfade With decreased signal amplitude the reflected waves are added to the original wave 30 Copyright Kenneth M. Chipps Ph.D.
Multipath Interference If the reflected waves are out of phase with the original wave, then a decrease in amplitude is seen If a reflected signal is even more out of phase, then the reduction may be so great that the received signal cannot be read at all or only partially due to corruption This is seen in a low signal to noise ratio Copyright Kenneth M. Chipps Ph.D. 31
Multipath Interference In nulling the phase of the reflected signal entirely cancels the original signal When a reflected signal is in phase with the original signal then the total signal may be larger in amplitude This causes a higher signal strength than would normally be expected at the antenna, but still lower than the transmitted signal strength Copyright Kenneth M. Chipps Ph.D. 32
Detecting Multipath Interference Multipath cannot be measured directly Only its effects can be seen and from these multipath deduced For example, if a link budget calculation is performed but the signal as measured is less, then multipath can be a reason Holes, areas of no signal, detected when doing a site survey may be caused by multipath 33 Copyright Kenneth M. Chipps Ph.D.
Solving Multipath Interference Moving objects that reflect the signal or moving the antennas so as to avoid the multipath path are possible solutions Antenna diversity is another possible solution to multipath Antenna diversity is the use of multiple antennas, inputs, and receivers There are several types of antenna diversity that are commonly used 34 Copyright Kenneth M. Chipps Ph.D.
Types of Antenna Diversity Types of antenna diversity include –Non-active diversity, which uses multiple antennas and a single receiver input is common on LANs –Active diversity utilizes multiple antennas and multiple inputs to a single receiver It reads the signal from one antenna at a time 35 Copyright Kenneth M. Chipps Ph.D.
Types of Antenna Diversity –Switching diversity uses multiple antennas and multiple receivers It switches receivers based on the signal strength at each antenna –Transmission diversity transmits out the last antenna used for reception It can alternate antennas for retransmissions It too is common on LANs Copyright Kenneth M. Chipps Ph.D. 36
Harmonics Interference can appear from odd locations, such as the result of harmonics and intermodulation products Harmonics are exact multiples of a fundamental frequency, starting with two times the fundamental frequency 37 Copyright Kenneth M. Chipps Ph.D.
Harmonics For example, a common source of interference for 2.4 GHz mounted on the same tower as paging equipment that operates in the 800 MHz range is a third harmonic from the paging transmitter For a fundamental frequency of 800 MHz the second harmonic is 1600 MHz and the third is 2400 MHz Copyright Kenneth M. Chipps Ph.D. 38
Harmonics This third harmonic appears as interference in the unlicensed 2.4 GHz range As the power of the harmonic goes up, the strength of the signal goes down The ones most likely to create problems are the low order harmonics as the filtering in the receiver may not be able to keep these out 39 Copyright Kenneth M. Chipps Ph.D.
Harmonics Harmonics are generated by almost all amplifiers When a harmonic is produced by a transmitter it is normally the result of insufficient transmitter filtering Copyright Kenneth M. Chipps Ph.D. 40
Intermodulation Products At a site with multiple transmitters the harmonics from two different ones can combine to form an intermodulation product For example if the second harmonic from one transmitter combines with the third harmonic from another transmitter, a fifth order intermodulation product is produced 41 Copyright Kenneth M. Chipps Ph.D.
Intermodulation Products This new frequency can be the result of either adding or subtracting the two harmonics The intermodulation can occur at the transmitter itself, in the receivers, or even be the result of poor connections on a tower Copyright Kenneth M. Chipps Ph.D. 42
Harmonics and Intermodulation Harmonics and intermodulation products are the result of nonlinear process In a radio it is best if the amplifier amplifies without distortion, the mixer produces a perfect signal, and the radio receives perfectly This does not happen Everything is nonlinear 43 Copyright Kenneth M. Chipps Ph.D.
Harmonics and Intermodulation The output does not follow the input perfectly In other words, distortion is created Prevention of harmonics and intermodulation products is done with good radio design, filtering, and sound construction practices Copyright Kenneth M. Chipps Ph.D. 44
Passive Intermodulation The most difficult type of intermodulation to find is that caused by passive sources This occurs when two or more frequencies mix together in devices such as –Antennas –Loose joints –Joints of dissimilar metals –Micro gaps between metal surfaces Copyright Kenneth M. Chipps Ph.D. 45
Water Infiltration Regardless of the frequency, one of the most common problems for wireless equipment mounted outside is water infiltration Water is always bad for a wireless connection In general there is no way to remove all the water from a part, so just replace it 46 Copyright Kenneth M. Chipps Ph.D.
Water Infiltration This type of problem typically occurs in connections, where the water works through the waterproofing Refer to the presentation on Installing Equipment for Outside Wireless Networks for details on how to prevent water penetration One way to check for water is to measure the VSWR Copyright Kenneth M. Chipps Ph.D. 47
Water Infiltration A VSWR of 1.5:1 is very good, while 2:1 is acceptable This type of test is done with a device designed for this purpose The Anritsu Site Master line of products is commonly used for this Copyright Kenneth M. Chipps Ph.D. 48
Water Infiltration As Anritsu says –Covering the 625 MHz to 2500 MHz frequency band, the Site Master S251C site management tool is designed to accurately locate and identify cable and antenna system faults and conduct isolation and gain measurements –This model is ideally suited for users working in cellular, PCS/GSM and ISM applications 49 Copyright Kenneth M. Chipps Ph.D.
Water Infiltration –Measurement capability includes return loss, VSWR, cable loss and distance-to-Fault (DTF) analysis Copyright Kenneth M. Chipps Ph.D. 50
Technology Problems The way the technology behind wireless networks works subjects these types of networks to problems not seen anywhere else Copyright Kenneth M. Chipps Ph.D. 51
Hidden Node The hidden node problem occurs when one node cannot hear another node transmitting This occurs when they are separated by an obstruction or when they are too far apart Both nodes can see the access point, but not each other 52 Copyright Kenneth M. Chipps Ph.D.
Hidden Node This causes excessive collisions on the network, retransmissions, and therefore reduced throughput Copyright Kenneth M. Chipps Ph.D. 53
Detecting Hidden Node Degraded throughput on the network is the common sign of hidden node Examining the layout of the network may show hidden nodes Moving or disconnecting possible hidden nodes and then examining the throughput may show these as well This is a trial and error process 54 Copyright Kenneth M. Chipps Ph.D.
Solutions for Hidden Node The solutions for hidden node depend on the type of network For a LAN solutions include –Use RTS/CTS –Adjust the point where the wireless packets are fragmented –Increase the power used by the far nodes and decrease the power used by the nearby nodes 55 Copyright Kenneth M. Chipps Ph.D.
Solutions for Hidden Node –Remove the obstacle –Move the node closer –Use a polling mechanism to control access RTS/CTS does not solve the hidden node problem, but it may improve the throughput if the node or obstacle cannot be moved Copyright Kenneth M. Chipps Ph.D. 56
Solutions for Hidden Node If network throughput is slow or if there are a large number of retransmissions, enable RTS by lowering the RTS threshold On systems where a polling mode is not supported, Cisco recommends adjusting the RTS/CTS parameter by reducing the packet size from its default of 2048 to a value where CRC errors become acceptable 57 Copyright Kenneth M. Chipps Ph.D.
Solutions for Hidden Node By adjusting the fragmentation level to a value where more and more packets are fragmented it may increase throughput Being smaller in size the packet may make it to the access point before colliding with another packet Another way is to increase power to the node, which will increase the cell around the node allowing it to detect other nodes Copyright Kenneth M. Chipps Ph.D. 58
Solutions for Hidden Node This is done through trial and error When b is used as an outside network solution such as creating a CAN or MAN to provide access to a LAN or the Internet the use of RTS/CTS is different The correct approach to take in this type of network is to set RTS Threshold very low on each client device and above the average packet size for each access point 59 Copyright Kenneth M. Chipps Ph.D.
Solutions for Hidden Node The maximum sized packet typically seen is 1500 bytes The minimum is 64 bytes By setting the access point’s RTS Threshold to something higher than 1500, such as 1600 bytes, the access point will never have to ask permission to transmit 60 Copyright Kenneth M. Chipps Ph.D.
Solutions for Hidden Node To maintain collision control on the network the RTS Threshold setting for every client is set to 60 bytes Keeping in mind that all conversations in a MAN size network should be between clients and access points, never client to client, this forces the client to always ask the access point for permission to transmit 61 Copyright Kenneth M. Chipps Ph.D.
Solutions for Hidden Node While the access point can transmit anytime In a CAN either the LAN or the MAN settings just discussed can be used depending on whether clients need to talk to each other by going though the access point or just talk to only the access point and devices behind it on the wired network Copyright Kenneth M. Chipps Ph.D. 62
Near/Far The near/far problem occurs when there are nodes near the access point that have high power settings and other nodes far from the access point with low power settings The near, high power nodes overwhelm the far, low power nodes 63 Copyright Kenneth M. Chipps Ph.D.
Detecting Near/Far To detect this, check the network design Look at the power output level of the nodes 64 Copyright Kenneth M. Chipps Ph.D.
Solutions for Near/Far Possible solutions to the near/far problem include –Reduce the power of the nearby nodes –Increase the power of the far off nodes –Move the far off nodes closer to the access point –Move the access point to a more central location 65 Copyright Kenneth M. Chipps Ph.D.
Low Throughput The throughput of a wireless system is dependent on –Amount of interference –Type of interference –Security solutions that add overhead –Distance, since the data rate falls off as distance increases –Older, slower computers –Fragmentation –Power saving turned on 66 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput –Use of RTS/CTS –Use of PCF – Polling mode The most common solution to low throughput is the co-location of access points in a single area For b for example three non- overlapping channels are possible –1 –6 –11 67 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput A single AP will provide from 4.5 to 5.5 Mbps in practice In theory three APs should provide 15 Mbps or so In reality they will produce slightly less The reason is there is actually some overlap even among these sets of channels Copyright Kenneth M. Chipps Ph.D. 68
Solutions for Low Throughput Of course it is possible to use fewer than three APs, two may be used on channels 1 and 11 This may make sense if three access points each producing 4 Mbps are compared to two producing 5.5 Mbps each 69 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput It may also make sense to force fragmentation so as to produce smaller frames, this means that the lost frames when retransmitted are smaller When a packet must be fragmented this adds overhead as each fragment requires an ACK Copyright Kenneth M. Chipps Ph.D. 70
Solutions for Low Throughput Fragmentation can be adjusted to improve efficiency on the network If the network is experiencing more than 5 percent retransmissions or high packet error rates, then increase the fragmentation threshold This is done by starting with the maximum size and gradually dropping the threshold until an improvement is seen 71 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput As the frame size is increased, there is less overhead, but increased chance of collision As the frame size decreases there is more overhead, but less chance of collision Start with a setting of 1024 bytes Copyright Kenneth M. Chipps Ph.D. 72
Solutions for Low Throughput In a network where the average packet size is greater than 800 bytes, then it may benefit the network to lower the fragmentation setting, then see if performance improves This can be determined by transferring a large file, such as 1GB as the test data must be larger than the fragmentation threshold, and timing how long it takes 73 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput Adjust the value in 100 byte increments above and below 1024 bytes and see when the most improvement occurs Copyright Kenneth M. Chipps Ph.D. 74
Solutions for Low Throughput An easy, but not always inexpensive, way to save bandwidth in the backhaul from the access point to the wider network is to use a caching server This speeds the loading at the customer end of the connection of popular sites 75 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput In environments with high noise levels it may help to reduce the sensitivity of the radio By doing this distance between the transmitting and receiving radios is reduced, but the radios will not see the noise as they are no longer sensitive enough to pick it up 76 Copyright Kenneth M. Chipps Ph.D.
Solutions for Low Throughput An article in Network World in June 2013 mentioned this problem related to power saving settings –Some routers are set up with their power savings mode on by default –The goal is to save a few milliwatts –Unfortunately, this commendable approach reduced bandwidth disproportionately Copyright Kenneth M. Chipps Ph.D. 77
Solutions for Low Throughput –Although my trusty Linksys WRT610N router wasn't set up with unnecessary power savings in mind, I turned on its low power modes just to see the effects –The low setting lowered the power output of my n router from 19 to 18 watts –Bandwidth was reduced from an already low 19Mbps down to 5Mbps with my clients and router being only separated by a single concrete wall Copyright Kenneth M. Chipps Ph.D. 78
Wireless Analysis Let’s switch now to a discussion of how a wireless network should be analyzed In the view of Laura Chappell a wireless network should be examined from the bottom layer up She summarizes the wireless network analysis steps this way Copyright Kenneth M. Chipps Ph.D. 79
Wireless Analysis Copyright Kenneth M. Chipps Ph.D. 80
Wireless Analysis Beginning at the physical layer –Look at the signal level and noise level –For a good signal the difference between the two should be as wide as possible –In general a strong signal is -40 to -60 and a low noise floor is -85 to -95, thus creating a gap of 30 to 40 dBs as the signal to noise ratio –Here is a summary of the quality of the signal at various values Copyright Kenneth M. Chipps Ph.D. 81
Signal to Noise Ratio Guidelines 40 dB or higher –Excellent –Always associated –Very Fast 25 to 40 dB –Very good –Always associated –Fast 82 Copyright Kenneth M. Chipps Ph.D.
Signal to Noise Ratio Guidelines 15 to 25 dB –Low –Always associated –Usually fast 10 to 15 dB –Very low –Mostly associated –Usually slow Copyright Kenneth M. Chipps Ph.D. 83
Signal to Noise Ratio Guidelines 5 to 10 dB –No signal –Not associated –Not useable 84 Copyright Kenneth M. Chipps Ph.D.
Duty Cycle Guidelines Fluke in a Webinar from August 2011 points out that the duty cycle or the amount of the channel capacity being used impacts how well different types of traffic go through the network If the duty cycle is too high, the traffic does not successfully pass through the network As they state Copyright Kenneth M. Chipps Ph.D. 85
Duty Cycle Guidelines Copyright Kenneth M. Chipps Ph.D. 86
Wireless Analysis A protocol analyzer is used to examine layer 2 To do this using Wireshark some changes must be made to the default configuration Wireshark does not directly display signal, noise, or signal to noise ratio These can be added Let’s see how we setup Wireshark to do this Copyright Kenneth M. Chipps Ph.D. 87
Wireshark Setup Install and setup the AirPcap adapter Select the AirPcap adapter as the capture interface Stop the capture Click Wireless Settings in the Wireless Toolbar Copyright Kenneth M. Chipps Ph.D. 88
Wireshark Setup If the Wireless Toolbar is not on select –View – Wireless Toolbar On the toolbar click –Wireless Settings… In the popup box select – Radio Then Ok Copyright Kenneth M. Chipps Ph.D. 89
Wireshark Setup The signal and noise data is contained in the Radiotap Header which appear when Radio is selected To see a sample of the data –Select a frame –Expand the Radiotap Header –Scroll down to the Channel type section Copyright Kenneth M. Chipps Ph.D. 90
Wireshark Setup Copyright Kenneth M. Chipps Ph.D. 91
Wireshark Setup Here is what it looks like Copyright Kenneth M. Chipps Ph.D. 92
Wireshark Setup Copyright Kenneth M. Chipps Ph.D. 93
Wireshark Setup To see this in the main display a column for each must be added Let’s add –SSI Signal –SSI Noise –SSI Signal – which is the signal to noise ratio Copyright Kenneth M. Chipps Ph.D. 94
Wireshark Setup Highlight the SSI Signal field in a frame Right click and select –Copy - Fieldname Select –Edit – Preferences – Columns – Add In Field type select Custom In the Field name paste the copied value Click Apply, and then Ok Copyright Kenneth M. Chipps Ph.D. 95
Wireshark Setup Copyright Kenneth M. Chipps Ph.D. 96
Wireshark Setup Copyright Kenneth M. Chipps Ph.D. 97
Wireshark Setup Copyright Kenneth M. Chipps Ph.D. 98
Wireshark Setup Then edit the column name and press Enter after each one Do this for all three values as follows –SSI Signal Signal dBm –SSI Noise Noise dBm –SSI Signal SNR dB Copyright Kenneth M. Chipps Ph.D. 99
Wireshark Setup These values are defined as –SSI Signal IEEE80211_RADIOTAP_DB_ANTSIGNAL –This field contains a single unsigned 8-bit value, which indicates the RF signal power at the antenna, in decibels difference from an arbitrary, fixed reference –SSI Noise IEEE80211_RADIOTAP_DB_ANTNOISE –This field contains a single unsigned 8-bit value, which indicates the RF noise power at the antenna, in decibels difference from an arbitrary, fixed reference Copyright Kenneth M. Chipps Ph.D. 100
Wireshark Setup –SSI Signal Even though the signal to noise ratio is called a ratio for which there are standard equations in practice it is a simple subtraction Copyright Kenneth M. Chipps Ph.D. 101
dB Values Caution These dB values cannot be used for any purpose other than in comparison to each as they are from the device’s chipset These are then not calibrated values Comparison between devices can only be done with a calibrated unit such as a spectrum analyzer Copyright Kenneth M. Chipps Ph.D. 102
Wireshark Setup Other columns may be removed or the new columns moved over to make the display easier to see For example I moved these three to the left of the Info column Copyright Kenneth M. Chipps Ph.D. 103
Signal Noise SNR Copyright Kenneth M. Chipps Ph.D. 104
RSSI Wireshark has a predefined column named –IEEE RSSI This column is displayed as –RSSI This is the same as the signal to noise ratio although it implies it is the signal strength, it is not Copyright Kenneth M. Chipps Ph.D. 105
Graphing Values These values for signal, noise, and signal to noise ratio can be graphed by outputting the data to a CSV file, then importing it into Excel Let’s see how that is done as described by Laura Chappell using a file already containing data Copyright Kenneth M. Chipps Ph.D. 106
Graphing Values –To create this graph, open wlan- signalissue.pcap –You will notice that these packets were captured with a PPI header –I created a column for ppi common.dbm.antsignal and called it “PPI-Sig” –The next step is to select File > Export> File –Save your file in.csv format Copyright Kenneth M. Chipps Ph.D. 107
Graphing Values –To create the graph in Excel, open the.csv file and select the PPI-Sig column (or a portion of it, as I did above – I only selected the first 169 packets) –Choose Insert > Line and choose the line graph style you want Here is an example of this with some color bars added Copyright Kenneth M. Chipps Ph.D. 108
Graphing Values Copyright Kenneth M. Chipps Ph.D. 109
Wireless Statistics A trace file can be analyzed for some basic statistics by using –Statistics – WLAN Traffic Copyright Kenneth M. Chipps Ph.D. 110
Wireless Statistics Copyright Kenneth M. Chipps Ph.D. 111
Wireless Statistics Copyright Kenneth M. Chipps Ph.D. 112
Wireless Analysis The next step is to look at the connection process where the station authenticates and associates with the access point –During the authentication process a station establishes its identity with the access point –Stations must authenticate before associating with an access point –After authentication a station can associate with an access point in order to pass data through the access point to the wired network Copyright Kenneth M. Chipps Ph.D. 113
Wireless Analysis –During this process the access point records information about each station Copyright Kenneth M. Chipps Ph.D. 114
Wireless Analysis Copyright Kenneth M. Chipps Ph.D. 115
Wireless Analysis After this the rest of the analysis is just as on a wired network as we have reached IP at the Network layer Copyright Kenneth M. Chipps Ph.D. 116
Frame Types As discussed in detail elsewhere there are three types of frames seen on a network This slide from Laura Chappell summaries these Copyright Kenneth M. Chipps Ph.D. 117
Frame Types Copyright Kenneth M. Chipps Ph.D. 118
Filters Filters can be created to show just some of these frames types Examples include as she goes on to say Copyright Kenneth M. Chipps Ph.D. 119
Filters Copyright Kenneth M. Chipps Ph.D. 120
Filters Other filters she lists include – retransmissions wlan.fc.retry == 1 –Probe requests wlan.fc.type_subtype == 0x05 Copyright Kenneth M. Chipps Ph.D. 121
Wireless Analysis Procedure When analyzing a wireless network these steps provide a good procedure to follow in order to assess how well it is working as well as to identify problem areas This procedure was suggested by Benjamin Miller in a 2009 White Paper from Global Knowledge Copyright Kenneth M. Chipps Ph.D. 122
Wireless Analysis Procedure Steps –Look for interference signs Data rate used Percentage of retransmissions Copyright Kenneth M. Chipps Ph.D. 123
Examine Data Rates As Mr. Miller writes –WLAN analyzers are able to indicate the exact data rate of every transmitted frame –If you know how to use your analyzer correctly, you can use filters to see what data rates are being used on a channel, or by an AP, or even by a single station Copyright Kenneth M. Chipps Ph.D. 124
Examine Data Rates –If you see a station that is consistently sending and receiving low rate frames, that’s a great indicator that there could be RF problems in the area –It can mean the difference between wondering and knowing if the wireless link is causing a user’s problems Copyright Kenneth M. Chipps Ph.D. 125
Compute Retransmissions The percentage of retransmissions is a key measure of the amount of interference being seen on the network Lets let Mr. Miller describe this process –Retrys are retransmitted frames – frames may require a retransmission for any number of reasons: interference, simultaneous data transmission, obstructions, etc Copyright Kenneth M. Chipps Ph.D. 126
Compute Retransmissions –Whatever the reason, the bottom line with retransmitted frames is that they are wasted time on the wireless channel –The same data is being transmitted more than once, thereby decreasing channel efficiency –Now, sometimes it gets a bit confusing because a WLAN analyzer will give retry and error statistics Copyright Kenneth M. Chipps Ph.D. 127
Compute Retransmissions –Those two sets of data would seem to be redundant, but actually, they are distinct –Retrys are indicated in the header –That means that Retry statistics are network statistics –The percentage of Retrys shown in a wireless sniffer is the actual percentage of Retrys on the network Copyright Kenneth M. Chipps Ph.D. 128
Compute Retransmissions –Errors, on the other hand, are indicated by having the receiving network interface (in this case, the wireless adapter that’s being used for sniffing) calculate the frame check sequence (FCS) value after receiving the frame –Because the FCS is calculated by the card doing the sniffing rather than an actual station or AP on the WLAN, errors being seen in a WLAN analyzer are not necessarily network errors Copyright Kenneth M. Chipps Ph.D. 129
Compute Retransmissions –Errors are really a channel statistic –If the channel has interference near the wireless sniffer, or if the transmitting AP on the channel is too far away, then error percentages will increase –The bottom line here is that you don’t want to look at the error percentage in a WLAN analyzer if you are trying to gauge the health of a network –You want to look at the Retry percentage Copyright Kenneth M. Chipps Ph.D. 130
Compute Retransmissions As mentioned elsewhere in this presentation a filter can be used to display just the retrys Miller expands on this when he writes –For example, let’s say you want to analyze Retrys –Wireshark allows you to create a Retry filter using a series of specific steps –You first navigate to the Main Toolbar Copyright Kenneth M. Chipps Ph.D. 131
Compute Retransmissions –Click the “Edit/Apply Display Filter” icon –From there, you can click “New” and give your filter a name –After you’ve named your filter, click “Expression” to get to the proper command –Under the IEEE tree of the Field name area, you’ll see the wlan.fc.retry command. Select that, configure the value to equal 1, and you’ve got your Retry filter Copyright Kenneth M. Chipps Ph.D. 132
Compute Retransmissions –Once you’ve got a Retry filter created, you can capture as little or as much data as you’d like –When you’re finished, apply the Retry filter by clicking on the “Edit/Apply Display Filter” icon and selecting the Retry filter you previously –When you click “OK” or “Apply,” all non- retransmitted frames will be filtered out of the Wireshark display Copyright Kenneth M. Chipps Ph.D. 133
Compute Retransmissions –To analyze the percentage of Retrys – which is really the important thing when looking at a WLAN – navigate to the Statistics menu and select “Summary” –Now you can compare what was captured (everything) against what is displayed (Retrys only) in order to calculate a Retry percentage –Now you may want to drill down and see which station or AP is sending all of these Retrys Copyright Kenneth M. Chipps Ph.D. 134
Compute Retransmissions –In Wireshark, there are wireless statistics, but they don’t cover the parameters that really affect WLAN performance like Retrys and data rates –You can still calculate the Retry percentage of a specific device, but you have to create multiple filters and then run the calculations yourself Copyright Kenneth M. Chipps Ph.D. 135
Compute Retransmissions –For example, you could create one filter for frames with your AP as the transmitter address and then another filter for retransmitted frames with your AP as the transmitter address –You could run both filters and write down the Statistics Summary for each one Copyright Kenneth M. Chipps Ph.D. 136
Compute Retransmissions –If you see 420,000 total bytes transmitted by the AP and 42,000 bytes of Retrys transmitted by the AP, then you know you’ve got a 10% Retry rate for that AP Copyright Kenneth M. Chipps Ph.D. 137
Common User Complaints Let’s next discuss some common user complaints related to wireless networks and how we might approach solving these problems As always the first step is to ask what just happened, what changed If that does not suggest a course to follow, then begin to isolate the problem domain Copyright Kenneth M. Chipps Ph.D. 138
Common User Complaints These common complaints include –The wireless network is slow –There is no wireless network at all –There is no wireless connection to a device Copyright Kenneth M. Chipps Ph.D. 139
The Wireless Network is Slow The first thing to do is to check to see if the wireless network is up at all –The users might be connecting to a nearby open network or a rogue access point To check this any device or program that displays wireless access points and signal strength can be used For example, here is the output shown by Inssider from MetaGeek Copyright Kenneth M. Chipps Ph.D. 140
2.4 GHz Access Point Copyright Kenneth M. Chipps Ph.D. 141
5 GHz Access Point Copyright Kenneth M. Chipps Ph.D. 142
The Wireless Network is Slow Compare the current access point list to the baseline list –In this example the wireless network is available and both access points are showing up with the correct SSID –Each one is issuing a strong signal Copyright Kenneth M. Chipps Ph.D. 143
The Wireless Network is Slow If the expected access points are there, are all of them operating –The access points may be showing up on a list as they are issuing beacon frames or responding to probe request frames, but they may not actually be passing the wireless traffic through to the wired network at the expected data rate –A ping test will check this Copyright Kenneth M. Chipps Ph.D. 144
The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D. 145
The Wireless Network is Slow The slowness may be due to the user connecting to an access point that is farther away from their location than they should be connecting to –See what access point a sample of clients are connected to Copyright Kenneth M. Chipps Ph.D. 146
The Wireless Network is Slow If they are connecting to an access point further away than they should be, then either the expected access points are overloaded or otherwise not working as expected Copyright Kenneth M. Chipps Ph.D. 147
The Wireless Network is Slow If the wireless network is up and running as it should be, interference may be causing throughput to be lower than expected This interference may be due to devices or to other pieces of equipment using the same band Copyright Kenneth M. Chipps Ph.D. 148
The Wireless Network is Slow A spectrum analyzer that can show both the spectrum and devices overlaid on the spectrum is the most useful for this For example, Chanalyzer from MetaGeek will display this First for the 2.4 GHz range with and without the network overlay Then for the 5 GHz range with and without the network overlay Copyright Kenneth M. Chipps Ph.D. 149
The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D. 150
The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D. 151
The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D. 152
The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D. 153
The Wireless Network is Slow Finally look to see if an access point is overloaded Typically only 15 to 50 users should be passing traffic through an access point depending on the type of traffic Log into the access point itself to see how many devices are attached to it For example Copyright Kenneth M. Chipps Ph.D. 154
The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D. 155
There is No Wireless Network In the next case the users are saying there is no wireless network The first thing to do is to see if the wireless network to which they should be connecting is showing in their area It might be that one network is there, but not the one they need Copyright Kenneth M. Chipps Ph.D. 156
There is No Wireless Network For example, a secured network might be seen, but not the open access one for visitors Copyright Kenneth M. Chipps Ph.D. 157
There is No Wireless Network Use a tool such as Inssider to see if the SSID they need is showing Next see if the access point that should be providing service to their area is up and transmitting at the expected strength and data rate Copyright Kenneth M. Chipps Ph.D. 158
2.4 GHz Access Point Copyright Kenneth M. Chipps Ph.D. 159
5 GHz Access Point Copyright Kenneth M. Chipps Ph.D. 160
There is No Wireless Network If it is not, then find out why the SSID or access point is missing Copyright Kenneth M. Chipps Ph.D. 161
A Device Cannot Connect In this last case a single device cannot connect The configuration of the device should be examined –Is it looking for the correct SSID –Is it looking for the correct channel –Does it have the required security settings –Should the NIC driver be reinstalled or updated Copyright Kenneth M. Chipps Ph.D. 162
A Device Cannot Connect If all of this is correct, then examine the access point –Is it set to filter out all but certain MAC addresses If the device is to and through the access point, is there something on the wired network stopping just it, such as an Access Control List or other security setting Copyright Kenneth M. Chipps Ph.D. 163