Presentation on theme: "Troubleshooting Wireless Networks"— Presentation transcript:
1Troubleshooting Wireless Networks Last Update1.23.1Copyright Kenneth M. Chipps Ph.D.
2Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com IntroductionTroubleshooting a wireless network is difficult, as the wireless environment is hard to visualize and controlThis presentation will discuss the common problems seen in wireless data networks and their solutionsCopyright Kenneth M. Chipps Ph.D.
3Tools Used to Troubleshoot There are two main tools used to troubleshoot wireless networksThese areSpectrum AnalyzerProtocol AnalyzerCopyright Kenneth M. Chipps Ph.D.
4Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Sources of ProblemsThere are many sources for the problems seen in wireless networksThey are all due to three reasons for the most partFirst, the unbounded nature of a wireless network which makes it subject to interference in all its forms and manifestationsFluke estimates that 60 percent of wireless LAN problems are related to interferenceCopyright Kenneth M. Chipps Ph.D.
5Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Sources of ProblemsSecond, for outside networks water infiltration is commonThird, the technology itself produces several problems for both inside and outside networks such asHidden NodeNear/FarLow throughoutFragmentationCopyright Kenneth M. Chipps Ph.D.
6Layer 1 Troubleshooting Troubleshooting should begin at layer 1A spectrum analyzer is used to examine this layerCopyright Kenneth M. Chipps Ph.D.
7Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 900 MHz InterferenceCommon sources of interference in the 900 MHz band includePaging systems at 929 to 932 MHz are a common cause of problemsAnalog based cellular phone systems stop at 896 MHz, but have been known to cause crosstalk all the way up to 914MHzFEMA and ESMR high powered emergency service and dispatch equipment that can bleed as high as 904 MHzCopyright Kenneth M. Chipps Ph.D.
8Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 900 MHz InterferenceSCADA used for telemetry and monitoring uses the ISM bandThe 940 to 960 MHz part of the 900 MHz range is licensed900 MHz near a TV antenna can cause interference on channels around 5 and 6Copyright Kenneth M. Chipps Ph.D.
9Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2.4 and 5 GHz InterferenceIn the 2.4 and 5 GHz bands sources of interference include, depending on the frequencyAmateur operations at least in the 2.4 GHz bandMicrowave ovensCordless phonesLights that use 2.4 GHz signals to excite the gas in the tubeCopyright Kenneth M. Chipps Ph.D.
10Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2.4 and 5 GHz InterferenceSatellite radio services that use 2.4 and 2.3 GHzCellular phone sitesThey do not use the unlicensed frequencies for service, but they do use them for backhaulMedical devicesElevator motorsTelevision station transmission from remote vehicles back to the studioCopyright Kenneth M. Chipps Ph.D.
11Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2.4 and 5 GHz InterferenceBluetooth headsetsEspecially when there are a large number of these, such as in a call centerSmartphonesEmbedded wireless devices such as in MP3 players, watches, and so forthWireless game controllersZigbee devicesWiMax sitesCopyright Kenneth M. Chipps Ph.D.
12Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2.4 and 5 GHz InterferenceWireless camerasSome motion detectorsHarmonics and intermodulation productsCopyright Kenneth M. Chipps Ph.D.
13Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com InterferenceThese sources of interference will cause waits by stations to transmit, retransmissions, and in the worst case data rate reductionThe end result is that the actual data rate is even lower then the expected throughput, keeping in mind that the expected throughput is usually only 60 percent of the advertised capacityCopyright Kenneth M. Chipps Ph.D.
14Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com InterferenceFor example, a capacity of 54 Mbps in the best case will only produce a throughput of 60 percent of that or 26.5 MbpsThen the reduction from the effects of interference can lower that even furtherFinally, this available bandwidth must be shared by all of the devices on the wireless access point as networks of all kinds are shared mediaCopyright Kenneth M. Chipps Ph.D.
15Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com InterferenceThese sources of interference manifest themselves as one of the following typesNarrowbandAll bandAdjacent channelCo-channelMultipathCopyright Kenneth M. Chipps Ph.D.
16Narrowband Interference Narrowband interference is basically another signal at a single or narrow range of frequenciesAs such it blocks out part of the spread spectrum signalAn advantage to spread spectrum technology is its ability to work around limited narrowband interferenceCopyright Kenneth M. Chipps Ph.D.
17Narrowband Interference To get rid of the narrowband interferenceShield itTurn it offChange channels on the wireless network equipmentCopyright Kenneth M. Chipps Ph.D.
18Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com All Band InterferenceAll band interference is from one end of the band to the otherA microwave oven is an example of this type of interferenceAbout the only solution to all band interference other than getting rid of the source is to change bands, such as from b/g to aCopyright Kenneth M. Chipps Ph.D.
19Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com All Band InterferenceIn the case of a microwave commercial, rather than consumer grade, microwave ovens will typically produce less interferenceCopyright Kenneth M. Chipps Ph.D.
20Adjacent Channel Interference Adjacent channel interference is produced by co-locating access points where the channels overlap somewhat or completelyMetageek views this as the worst type of interferenceHere is what they say about itAs one of the APs tries to talk to its clients, the transmissions become garbled because of the transmission interference of the other twoCopyright Kenneth M. Chipps Ph.D.
21Adjacent Channel Interference This drives down the performance of all of the networksA network detection device or a spectrum analyzer is required to detect this problemTo prevent thisDo not use channels that overlapMove the access points far enough apart that the cells do not overlap or turn the power down to achieve the same effectCopyright Kenneth M. Chipps Ph.D.
22Co-channel Interference With co-channel interference there is a direct overlap of the channelsAn example might be two different organizations using the same channels where one is on floor 1 and the other on floor 2 or in an adjacent officeTo detect this a network detection device or wireless network analyzer is requiredCopyright Kenneth M. Chipps Ph.D.
23Co-channel Interference Metageek says that this form of interference is not as bad as adjacent channel interference becauseCo-channel congestion works in a similar mannerPerformance is hindered by wait times, but the bandwidth is managed, and every device will eventually get a chance to talk to its associated APCopyright Kenneth M. Chipps Ph.D.
24Co-channel Interference To prevent thisDo not use channels that overlapMove the access points far enough apart that the cells do not overlap or turn the power down to achieve the same effectChange the orientation of the antennas, with one horizontal and the other vertical polarizationCopyright Kenneth M. Chipps Ph.D.
25Co-channel Interference Keep in mind that some devices will detect co-channel interference and move to another channelThis does not help if the device is a frequency hopper as it will move constantly from one channel to anotherCopyright Kenneth M. Chipps Ph.D.
26Detecting Interference In based networks interference will show up as increased fragmentation, decreased transmission rates, and increased retransmissionCopyright Kenneth M. Chipps Ph.D.
27Multipath Interference Another type of interference is multipathWhen a radio frequency wave leaves an antenna it encounters objects off which it is reflected, this creates multiple wave fronts, one for each reflection pointSome of these waves go off in space, but others reach the receiving antenna along with the original wave frontCopyright Kenneth M. Chipps Ph.D.
28Multipath Interference Since the reflected waves cover the distance from the transmitter to the receiver over a different time interval than the original wave there is a delay between when the original wave front arrives and the reflected waves arriveThe time between the arrival of the original wave and the last reflected wave is the delay spreadCopyright Kenneth M. Chipps Ph.D.
29Multipath Interference The value for delay spread will varyFor an b or g network the delay spread is< 50 nanoseconds for a typical home100 ns for office environments200 to 300 ns for a manufacturing floorThis is very much like an echo where the listener has trouble figuring out what is an original sound and what is an echoCopyright Kenneth M. Chipps Ph.D.
30Multipath Interference Multipath causes several problemsDecreased signal amplitude or downfadeCorruptionNullingIncreased signal amplitude or upfadeWith decreased signal amplitude the reflected waves are added to the original waveCopyright Kenneth M. Chipps Ph.D.
31Multipath Interference If the reflected waves are out of phase with the original wave, then a decrease in amplitude is seenIf a reflected signal is even more out of phase, then the reduction may be so great that the received signal cannot be read at all or only partially due to corruptionThis is seen in a low signal to noise ratioCopyright Kenneth M. Chipps Ph.D.
32Multipath Interference In nulling the phase of the reflected signal entirely cancels the original signalWhen a reflected signal is in phase with the original signal then the total signal may be larger in amplitudeThis causes a higher signal strength than would normally be expected at the antenna, but still lower than the transmitted signal strengthCopyright Kenneth M. Chipps Ph.D.
33Detecting Multipath Interference Multipath cannot be measured directlyOnly its effects can be seen and from these multipath deducedFor example, if a link budget calculation is performed but the signal as measured is less, then multipath can be a reasonHoles, areas of no signal, detected when doing a site survey may be caused by multipathCopyright Kenneth M. Chipps Ph.D.
34Solving Multipath Interference Moving objects that reflect the signal or moving the antennas so as to avoid the multipath path are possible solutionsAntenna diversity is another possible solution to multipathAntenna diversity is the use of multiple antennas, inputs, and receiversThere are several types of antenna diversity that are commonly usedCopyright Kenneth M. Chipps Ph.D.
35Types of Antenna Diversity Types of antenna diversity includeNon-active diversity, which uses multiple antennas and a single receiver input is common on LANsActive diversity utilizes multiple antennas and multiple inputs to a single receiverIt reads the signal from one antenna at a timeCopyright Kenneth M. Chipps Ph.D.
36Types of Antenna Diversity Switching diversity uses multiple antennas and multiple receiversIt switches receivers based on the signal strength at each antennaTransmission diversity transmits out the last antenna used for receptionIt can alternate antennas for retransmissionsIt too is common on LANsCopyright Kenneth M. Chipps Ph.D.
37Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com HarmonicsInterference can appear from odd locations, such as the result of harmonics and intermodulation productsHarmonics are exact multiples of a fundamental frequency, starting with two times the fundamental frequencyCopyright Kenneth M. Chipps Ph.D.
38Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com HarmonicsFor example, a common source of interference for 2.4 GHz mounted on the same tower as paging equipment that operates in the 800 MHz range is a third harmonic from the paging transmitterFor a fundamental frequency of 800 MHz the second harmonic is 1600 MHz and the third is 2400 MHzCopyright Kenneth M. Chipps Ph.D.
39Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com HarmonicsThis third harmonic appears as interference in the unlicensed 2.4 GHz rangeAs the power of the harmonic goes up, the strength of the signal goes downThe ones most likely to create problems are the low order harmonics as the filtering in the receiver may not be able to keep these outCopyright Kenneth M. Chipps Ph.D.
40Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com HarmonicsHarmonics are generated by almost all amplifiersWhen a harmonic is produced by a transmitter it is normally the result of insufficient transmitter filteringCopyright Kenneth M. Chipps Ph.D.
41Intermodulation Products At a site with multiple transmitters the harmonics from two different ones can combine to form an intermodulation productFor example if the second harmonic from one transmitter combines with the third harmonic from another transmitter, a fifth order intermodulation product is producedCopyright Kenneth M. Chipps Ph.D.
42Intermodulation Products This new frequency can be the result of either adding or subtracting the two harmonicsThe intermodulation can occur at the transmitter itself, in the receivers, or even be the result of poor connections on a towerCopyright Kenneth M. Chipps Ph.D.
43Harmonics and Intermodulation Harmonics and intermodulation products are the result of nonlinear processIn a radio it is best if the amplifier amplifies without distortion, the mixer produces a perfect signal, and the radio receives perfectlyThis does not happenEverything is nonlinearCopyright Kenneth M. Chipps Ph.D.
44Harmonics and Intermodulation The output does not follow the input perfectlyIn other words, distortion is createdPrevention of harmonics and intermodulation products is done with good radio design, filtering, and sound construction practicesCopyright Kenneth M. Chipps Ph.D.
45Passive Intermodulation The most difficult type of intermodulation to find is that caused by passive sourcesThis occurs when two or more frequencies mix together in devices such asAntennasLoose jointsJoints of dissimilar metalsMicro gaps between metal surfacesCopyright Kenneth M. Chipps Ph.D.
46Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Water InfiltrationRegardless of the frequency, one of the most common problems for wireless equipment mounted outside is water infiltrationWater is always bad for a wireless connectionIn general there is no way to remove all the water from a part, so just replace itCopyright Kenneth M. Chipps Ph.D.
47Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Water InfiltrationThis type of problem typically occurs in connections, where the water works through the waterproofingRefer to the presentation on Installing Equipment for Outside Wireless Networks for details on how to prevent water penetrationOne way to check for water is to measure the VSWRCopyright Kenneth M. Chipps Ph.D.
48Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Water InfiltrationA VSWR of 1.5:1 is very good, while 2:1 is acceptableThis type of test is done with a device designed for this purposeThe Anritsu Site Master line of products is commonly used for thisCopyright Kenneth M. Chipps Ph.D.
49Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Water InfiltrationAs Anritsu saysCovering the 625 MHz to 2500 MHz frequency band, the Site Master S251C site management tool is designed to accurately locate and identify cable and antenna system faults and conduct isolation and gain measurementsThis model is ideally suited for users working in cellular, PCS/GSM and ISM applicationsCopyright Kenneth M. Chipps Ph.D.
50Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Water InfiltrationMeasurement capability includes return loss, VSWR, cable loss and distance-to-Fault (DTF) analysisCopyright Kenneth M. Chipps Ph.D.
51Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Technology ProblemsThe way the technology behind wireless networks works subjects these types of networks to problems not seen anywhere elseCopyright Kenneth M. Chipps Ph.D.
52Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Hidden NodeThe hidden node problem occurs when one node cannot hear another node transmittingThis occurs when they are separated by an obstruction or when they are too far apartBoth nodes can see the access point, but not each otherCopyright Kenneth M. Chipps Ph.D.
53Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Hidden NodeThis causes excessive collisions on the network, retransmissions, and therefore reduced throughputCopyright Kenneth M. Chipps Ph.D.
54Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Detecting Hidden NodeDegraded throughput on the network is the common sign of hidden nodeExamining the layout of the network may show hidden nodesMoving or disconnecting possible hidden nodes and then examining the throughput may show these as wellThis is a trial and error processCopyright Kenneth M. Chipps Ph.D.
55Solutions for Hidden Node The solutions for hidden node depend on the type of networkFor a LAN solutions includeUse RTS/CTSAdjust the point where the wireless packets are fragmentedIncrease the power used by the far nodes and decrease the power used by the nearby nodesCopyright Kenneth M. Chipps Ph.D.
56Solutions for Hidden Node Remove the obstacleMove the node closerUse a polling mechanism to control accessRTS/CTS does not solve the hidden node problem, but it may improve the throughput if the node or obstacle cannot be movedCopyright Kenneth M. Chipps Ph.D.
57Solutions for Hidden Node If network throughput is slow or if there are a large number of retransmissions, enable RTS by lowering the RTS thresholdOn systems where a polling mode is not supported, Cisco recommends adjusting the RTS/CTS parameter by reducing the packet size from its default of 2048 to a value where CRC errors become acceptableCopyright Kenneth M. Chipps Ph.D.
58Solutions for Hidden Node By adjusting the fragmentation level to a value where more and more packets are fragmented it may increase throughputBeing smaller in size the packet may make it to the access point before colliding with another packetAnother way is to increase power to the node, which will increase the cell around the node allowing it to detect other nodesCopyright Kenneth M. Chipps Ph.D.
59Solutions for Hidden Node This is done through trial and errorWhen b is used as an outside network solution such as creating a CAN or MAN to provide access to a LAN or the Internet the use of RTS/CTS is differentThe correct approach to take in this type of network is to set RTS Threshold very low on each client device and above the average packet size for each access pointCopyright Kenneth M. Chipps Ph.D.
60Solutions for Hidden Node The maximum sized packet typically seen is 1500 bytesThe minimum is 64 bytesBy setting the access point’s RTS Threshold to something higher than 1500, such as 1600 bytes, the access point will never have to ask permission to transmitCopyright Kenneth M. Chipps Ph.D.
61Solutions for Hidden Node To maintain collision control on the network the RTS Threshold setting for every client is set to 60 bytesKeeping in mind that all conversations in a MAN size network should be between clients and access points, never client to client, this forces the client to always ask the access point for permission to transmitCopyright Kenneth M. Chipps Ph.D.
62Solutions for Hidden Node While the access point can transmit anytimeIn a CAN either the LAN or the MAN settings just discussed can be used depending on whether clients need to talk to each other by going though the access point or just talk to only the access point and devices behind it on the wired networkCopyright Kenneth M. Chipps Ph.D.
63Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Near/FarThe near/far problem occurs when there are nodes near the access point that have high power settings and other nodes far from the access point with low power settingsThe near, high power nodes overwhelm the far, low power nodesCopyright Kenneth M. Chipps Ph.D.
64Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Detecting Near/FarTo detect this, check the network designLook at the power output level of the nodesCopyright Kenneth M. Chipps Ph.D.
65Solutions for Near/Far Possible solutions to the near/far problem includeReduce the power of the nearby nodesIncrease the power of the far off nodesMove the far off nodes closer to the access pointMove the access point to a more central locationCopyright Kenneth M. Chipps Ph.D.
66Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Low ThroughputThe throughput of a wireless system is dependent onAmount of interferenceType of interferenceSecurity solutions that add overheadDistance, since the data rate falls off as distance increasesOlder, slower computersFragmentationPower saving turned onCopyright Kenneth M. Chipps Ph.D.
67Solutions for Low Throughput Use of RTS/CTSUse of PCF – Polling modeThe most common solution to low throughput is the co-location of access points in a single areaFor b for example three non-overlapping channels are possible1611Copyright Kenneth M. Chipps Ph.D.
68Solutions for Low Throughput A single AP will provide from 4.5 to 5.5 Mbps in practiceIn theory three APs should provide 15 Mbps or soIn reality they will produce slightly lessThe reason is there is actually some overlap even among these sets of channelsCopyright Kenneth M. Chipps Ph.D.
69Solutions for Low Throughput Of course it is possible to use fewer than three APs, two may be used on channels 1 and 11This may make sense if three access points each producing 4 Mbps are compared to two producing 5.5 Mbps eachCopyright Kenneth M. Chipps Ph.D.
70Solutions for Low Throughput It may also make sense to force fragmentation so as to produce smaller frames, this means that the lost frames when retransmitted are smallerWhen a packet must be fragmented this adds overhead as each fragment requires an ACKCopyright Kenneth M. Chipps Ph.D.
71Solutions for Low Throughput Fragmentation can be adjusted to improve efficiency on the networkIf the network is experiencing more than 5 percent retransmissions or high packet error rates, then increase the fragmentation thresholdThis is done by starting with the maximum size and gradually dropping the threshold until an improvement is seenCopyright Kenneth M. Chipps Ph.D.
72Solutions for Low Throughput As the frame size is increased, there is less overhead, but increased chance of collisionAs the frame size decreases there is more overhead, but less chance of collisionStart with a setting of 1024 bytesCopyright Kenneth M. Chipps Ph.D.
73Solutions for Low Throughput In a network where the average packet size is greater than 800 bytes, then it may benefit the network to lower the fragmentation setting, then see if performance improvesThis can be determined by transferring a large file, such as 1GB as the test data must be larger than the fragmentation threshold, and timing how long it takesCopyright Kenneth M. Chipps Ph.D.
74Solutions for Low Throughput Adjust the value in 100 byte increments above and below 1024 bytes and see when the most improvement occursCopyright Kenneth M. Chipps Ph.D.
75Solutions for Low Throughput An easy, but not always inexpensive, way to save bandwidth in the backhaul from the access point to the wider network is to use a caching serverThis speeds the loading at the customer end of the connection of popular sitesCopyright Kenneth M. Chipps Ph.D.
76Solutions for Low Throughput In environments with high noise levels it may help to reduce the sensitivity of the radioBy doing this distance between the transmitting and receiving radios is reduced, but the radios will not see the noise as they are no longer sensitive enough to pick it upCopyright Kenneth M. Chipps Ph.D.
77Solutions for Low Throughput An article in Network World in June 2013 mentioned this problem related to power saving settingsSome routers are set up with their power savings mode on by defaultThe goal is to save a few milliwattsUnfortunately, this commendable approach reduced bandwidth disproportionatelyCopyright Kenneth M. Chipps Ph.D.
78Solutions for Low Throughput Although my trusty Linksys WRT610N router wasn't set up with unnecessary power savings in mind, I turned on its low power modes just to see the effectsThe low setting lowered the power output of my n router from 19 to 18 wattsBandwidth was reduced from an already low 19Mbps down to 5Mbps with my clients and router being only separated by a single concrete wallCopyright Kenneth M. Chipps Ph.D.
79Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisLet’s switch now to a discussion of how a wireless network should be analyzedIn the view of Laura Chappell a wireless network should be examined from the bottom layer upShe summarizes the wireless network analysis steps this wayCopyright Kenneth M. Chipps Ph.D.
80Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisCopyright Kenneth M. Chipps Ph.D.
81Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisBeginning at the physical layerLook at the signal level and noise levelFor a good signal the difference between the two should be as wide as possibleIn general a strong signal is -40 to -60 and a low noise floor is -85 to -95, thus creating a gap of 30 to 40 dBs as the signal to noise ratioHere is a summary of the quality of the signal at various valuesCopyright Kenneth M. Chipps Ph.D.
82Signal to Noise Ratio Guidelines 40 dB or higherExcellentAlways associatedVery Fast25 to 40 dBVery goodFastCopyright Kenneth M. Chipps Ph.D.
83Signal to Noise Ratio Guidelines 15 to 25 dBLowAlways associatedUsually fast10 to 15 dBVery lowMostly associatedUsually slowCopyright Kenneth M. Chipps Ph.D.
84Signal to Noise Ratio Guidelines 5 to 10 dBNo signalNot associatedNot useableCopyright Kenneth M. Chipps Ph.D.
85Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Duty Cycle GuidelinesFluke in a Webinar from August 2011 points out that the duty cycle or the amount of the channel capacity being used impacts how well different types of traffic go through the networkIf the duty cycle is too high, the traffic does not successfully pass through the networkAs they stateCopyright Kenneth M. Chipps Ph.D.
86Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Duty Cycle GuidelinesCopyright Kenneth M. Chipps Ph.D.
87Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisA protocol analyzer is used to examine layer 2To do this using Wireshark some changes must be made to the default configurationWireshark does not directly display signal, noise, or signal to noise ratioThese can be addedLet’s see how we setup Wireshark to do thisCopyright Kenneth M. Chipps Ph.D.
88Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupInstall and setup the AirPcap adapterSelect the AirPcap adapter as the capture interfaceStop the captureClick Wireless Settings in the Wireless ToolbarCopyright Kenneth M. Chipps Ph.D.
89Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupIf the Wireless Toolbar is not on selectView – Wireless ToolbarOn the toolbar clickWireless Settings…In the popup box selectRadioThen OkCopyright Kenneth M. Chipps Ph.D.
90Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupThe signal and noise data is contained in the Radiotap Header which appear when Radio is selectedTo see a sample of the dataSelect a frameExpand the Radiotap HeaderScroll down to the Channel type sectionCopyright Kenneth M. Chipps Ph.D.
91Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupCopyright Kenneth M. Chipps Ph.D.
92Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupHere is what it looks likeCopyright Kenneth M. Chipps Ph.D.
93Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupCopyright Kenneth M. Chipps Ph.D.
94Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupTo see this in the main display a column for each must be addedLet’s addSSI SignalSSI NoiseSSI Signal – which is the signal to noise ratioCopyright Kenneth M. Chipps Ph.D.
95Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupHighlight the SSI Signal field in a frameRight click and selectCopy - FieldnameSelectEdit – Preferences – Columns – AddIn Field type select CustomIn the Field name paste the copied valueClick Apply, and then OkCopyright Kenneth M. Chipps Ph.D.
96Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupCopyright Kenneth M. Chipps Ph.D.
97Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupCopyright Kenneth M. Chipps Ph.D.
98Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupCopyright Kenneth M. Chipps Ph.D.
99Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupThen edit the column name and press Enter after each oneDo this for all three values as followsSSI SignalSignal dBmSSI NoiseNoise dBmSNR dBCopyright Kenneth M. Chipps Ph.D.
100Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupThese values are defined asSSI SignalIEEE80211_RADIOTAP_DB_ANTSIGNALThis field contains a single unsigned 8-bit value, which indicates the RF signal power at the antenna, in decibels difference from an arbitrary, fixed referenceSSI NoiseIEEE80211_RADIOTAP_DB_ANTNOISEThis field contains a single unsigned 8-bit value, which indicates the RF noise power at the antenna, in decibels difference from an arbitrary, fixed referenceCopyright Kenneth M. Chipps Ph.D.
101Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupSSI SignalEven though the signal to noise ratio is called a ratio for which there are standard equations in practice it is a simple subtractionCopyright Kenneth M. Chipps Ph.D.
102Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com dB Values CautionThese dB values cannot be used for any purpose other than in comparison to each as they are from the device’s chipsetThese are then not calibrated valuesComparison between devices can only be done with a calibrated unit such as a spectrum analyzerCopyright Kenneth M. Chipps Ph.D.
103Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark SetupOther columns may be removed or the new columns moved over to make the display easier to seeFor example I moved these three to the left of the Info columnCopyright Kenneth M. Chipps Ph.D.
104Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Signal Noise SNRCopyright Kenneth M. Chipps Ph.D.
105Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com RSSIWireshark has a predefined column namedIEEE RSSIThis column is displayed asRSSIThis is the same as the signal to noise ratio although it implies it is the signal strength, it is notCopyright Kenneth M. Chipps Ph.D.
106Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Graphing ValuesThese values for signal, noise, and signal to noise ratio can be graphed by outputting the data to a CSV file, then importing it into ExcelLet’s see how that is done as described by Laura Chappell using a file already containing dataCopyright Kenneth M. Chipps Ph.D.
107Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Graphing ValuesTo create this graph, open wlan-signalissue.pcapYou will notice that these packets were captured with a PPI headerI created a column for ppi common.dbm.antsignal and called it “PPI-Sig”The next step is to select File > Export> FileSave your file in .csv formatCopyright Kenneth M. Chipps Ph.D.
108Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Graphing ValuesTo create the graph in Excel, open the .csv file and select the PPI-Sig column (or a portion of it, as I did above – I only selected the first 169 packets)Choose Insert > Line and choose the line graph style you wantHere is an example of this with some color bars addedCopyright Kenneth M. Chipps Ph.D.
109Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Graphing ValuesCopyright Kenneth M. Chipps Ph.D.
110Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless StatisticsA trace file can be analyzed for some basic statistics by usingStatistics – WLAN TrafficCopyright Kenneth M. Chipps Ph.D.
111Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless StatisticsCopyright Kenneth M. Chipps Ph.D.
112Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless StatisticsCopyright Kenneth M. Chipps Ph.D.
113Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisThe next step is to look at the connection process where the station authenticates and associates with the access pointDuring the authentication process a station establishes its identity with the access pointStations must authenticate before associating with an access pointAfter authentication a station can associate with an access point in order to pass data through the access point to the wired networkCopyright Kenneth M. Chipps Ph.D.
114Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisDuring this process the access point records information about each stationCopyright Kenneth M. Chipps Ph.D.
115Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisCopyright Kenneth M. Chipps Ph.D.
116Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless AnalysisAfter this the rest of the analysis is just as on a wired network as we have reached IP at the Network layerCopyright Kenneth M. Chipps Ph.D.
117Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Frame TypesAs discussed in detail elsewhere there are three types of frames seen on a networkThis slide from Laura Chappell summaries theseCopyright Kenneth M. Chipps Ph.D.
118Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Frame TypesCopyright Kenneth M. Chipps Ph.D.
119Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com FiltersFilters can be created to show just some of these frames typesExamples include as she goes on to sayCopyright Kenneth M. Chipps Ph.D.
120Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com FiltersCopyright Kenneth M. Chipps Ph.D.
121Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com FiltersOther filters she lists includeretransmissionswlan.fc.retry == 1Probe requestswlan.fc.type_subtype == 0x05Copyright Kenneth M. Chipps Ph.D.
122Wireless Analysis Procedure When analyzing a wireless network these steps provide a good procedure to follow in order to assess how well it is working as well as to identify problem areasThis procedure was suggested by Benjamin Miller in a 2009 White Paper from Global KnowledgeCopyright Kenneth M. Chipps Ph.D.
123Wireless Analysis Procedure StepsLook for interference signsData rate usedPercentage of retransmissionsCopyright Kenneth M. Chipps Ph.D.
124Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Examine Data RatesAs Mr. Miller writesWLAN analyzers are able to indicate the exact data rate of every transmitted frameIf you know how to use your analyzer correctly, you can use filters to see what data rates are being used on a channel, or by an AP, or even by a single stationCopyright Kenneth M. Chipps Ph.D.
125Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Examine Data RatesIf you see a station that is consistently sending and receiving low rate frames, that’s a great indicator that there could be RF problems in the areaIt can mean the difference between wondering and knowing if the wireless link is causing a user’s problemsCopyright Kenneth M. Chipps Ph.D.
126Compute Retransmissions The percentage of retransmissions is a key measure of the amount of interference being seen on the networkLets let Mr. Miller describe this processRetrys are retransmitted framesframes may require a retransmission for any number of reasons: interference, simultaneous data transmission, obstructions, etcCopyright Kenneth M. Chipps Ph.D.
127Compute Retransmissions Whatever the reason, the bottom line with retransmitted frames is that they are wasted time on the wireless channelThe same data is being transmitted more than once, thereby decreasing channel efficiencyNow, sometimes it gets a bit confusing because a WLAN analyzer will give retry and error statisticsCopyright Kenneth M. Chipps Ph.D.
128Compute Retransmissions Those two sets of data would seem to be redundant, but actually, they are distinctRetrys are indicated in the headerThat means that Retry statistics are network statisticsThe percentage of Retrys shown in a wireless sniffer is the actual percentage of Retrys on the networkCopyright Kenneth M. Chipps Ph.D.
129Compute Retransmissions Errors, on the other hand, are indicated by having the receiving network interface (in this case, the wireless adapter that’s being used for sniffing) calculate the frame check sequence (FCS) value after receiving the frameBecause the FCS is calculated by the card doing the sniffing rather than an actual station or AP on the WLAN, errors being seen in a WLAN analyzer are not necessarily network errorsCopyright Kenneth M. Chipps Ph.D.
130Compute Retransmissions Errors are really a channel statisticIf the channel has interference near the wireless sniffer, or if the transmitting AP on the channel is too far away, then error percentages will increaseThe bottom line here is that you don’t want to look at the error percentage in a WLAN analyzer if you are trying to gauge the health of a networkYou want to look at the Retry percentageCopyright Kenneth M. Chipps Ph.D.
131Compute Retransmissions As mentioned elsewhere in this presentation a filter can be used to display just the retrysMiller expands on this when he writesFor example, let’s say you want to analyze RetrysWireshark allows you to create a Retry filter using a series of specific stepsYou first navigate to the Main ToolbarCopyright Kenneth M. Chipps Ph.D.
132Compute Retransmissions Click the “Edit/Apply Display Filter” iconFrom there, you can click “New” and give your filter a nameAfter you’ve named your filter, click “Expression” to get to the proper commandUnder the IEEE tree of the Field name area, you’ll see the wlan.fc.retry command. Select that, configure the value to equal 1, and you’ve got your Retry filterCopyright Kenneth M. Chipps Ph.D.
133Compute Retransmissions Once you’ve got a Retry filter created, you can capture as little or as much data as you’d likeWhen you’re finished, apply the Retry filter by clicking on the “Edit/Apply Display Filter” icon and selecting the Retry filter you previouslyWhen you click “OK” or “Apply,” all non-retransmitted frames will be filtered out of the Wireshark displayCopyright Kenneth M. Chipps Ph.D.
134Compute Retransmissions To analyze the percentage of Retrys – which is really the important thing when looking at a WLAN – navigate to the Statistics menu and select “Summary”Now you can compare what was captured (everything) against what is displayed (Retrys only) in order to calculate a Retry percentageNow you may want to drill down and see which station or AP is sending all of these RetrysCopyright Kenneth M. Chipps Ph.D.
135Compute Retransmissions In Wireshark, there are wireless statistics, but they don’t cover the parameters that really affect WLAN performance like Retrys and data ratesYou can still calculate the Retry percentage of a specific device, but you have to create multiple filters and then run the calculations yourselfCopyright Kenneth M. Chipps Ph.D.
136Compute Retransmissions For example, you could create one filter for frames with your AP as the transmitter address and then another filter for retransmitted frames with your AP as the transmitter addressYou could run both filters and write down the Statistics Summary for each oneCopyright Kenneth M. Chipps Ph.D.
137Compute Retransmissions If you see 420,000 total bytes transmitted by the AP and 42,000 bytes of Retrys transmitted by the AP, then you know you’ve got a 10% Retry rate for that APCopyright Kenneth M. Chipps Ph.D.
138Common User Complaints Let’s next discuss some common user complaints related to wireless networks and how we might approach solving these problemsAs always the first step is to ask what just happened, what changedIf that does not suggest a course to follow, then begin to isolate the problem domainCopyright Kenneth M. Chipps Ph.D.
139Common User Complaints These common complaints includeThe wireless network is slowThere is no wireless network at allThere is no wireless connection to a deviceCopyright Kenneth M. Chipps Ph.D.
140The Wireless Network is Slow The first thing to do is to check to see if the wireless network is up at allThe users might be connecting to a nearby open network or a rogue access pointTo check this any device or program that displays wireless access points and signal strength can be usedFor example, here is the output shown by Inssider from MetaGeekCopyright Kenneth M. Chipps Ph.D.
141Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2.4 GHz Access PointCopyright Kenneth M. Chipps Ph.D.
142Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 5 GHz Access PointCopyright Kenneth M. Chipps Ph.D.
143The Wireless Network is Slow Compare the current access point list to the baseline listIn this example the wireless network is available and both access points are showing up with the correct SSIDEach one is issuing a strong signalCopyright Kenneth M. Chipps Ph.D.
144The Wireless Network is Slow If the expected access points are there, are all of them operatingThe access points may be showing up on a list as they are issuing beacon frames or responding to probe request frames, but they may not actually be passing the wireless traffic through to the wired network at the expected data rateA ping test will check thisCopyright Kenneth M. Chipps Ph.D.
145The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D.
146The Wireless Network is Slow The slowness may be due to the user connecting to an access point that is farther away from their location than they should be connecting toSee what access point a sample of clients are connected toCopyright Kenneth M. Chipps Ph.D.
147The Wireless Network is Slow If they are connecting to an access point further away than they should be, then either the expected access points are overloaded or otherwise not working as expectedCopyright Kenneth M. Chipps Ph.D.
148The Wireless Network is Slow If the wireless network is up and running as it should be, interference may be causing throughput to be lower than expectedThis interference may be due to devices or to other pieces of equipment using the same bandCopyright Kenneth M. Chipps Ph.D.
149The Wireless Network is Slow A spectrum analyzer that can show both the spectrum and devices overlaid on the spectrum is the most useful for thisFor example, Chanalyzer from MetaGeek will display thisFirst for the 2.4 GHz range with and without the network overlayThen for the 5 GHz range with and without the network overlayCopyright Kenneth M. Chipps Ph.D.
150The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D.
151The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D.
152The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D.
153The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D.
154The Wireless Network is Slow Finally look to see if an access point is overloadedTypically only 15 to 50 users should be passing traffic through an access point depending on the type of trafficLog into the access point itself to see how many devices are attached to itFor exampleCopyright Kenneth M. Chipps Ph.D.
155The Wireless Network is Slow Copyright Kenneth M. Chipps Ph.D.
156There is No Wireless Network In the next case the users are saying there is no wireless networkThe first thing to do is to see if the wireless network to which they should be connecting is showing in their areaIt might be that one network is there, but not the one they needCopyright Kenneth M. Chipps Ph.D.
157There is No Wireless Network For example, a secured network might be seen, but not the open access one for visitorsCopyright Kenneth M. Chipps Ph.D.
158There is No Wireless Network Use a tool such as Inssider to see if the SSID they need is showingNext see if the access point that should be providing service to their area is up and transmitting at the expected strength and data rateCopyright Kenneth M. Chipps Ph.D.
159Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2.4 GHz Access PointCopyright Kenneth M. Chipps Ph.D.
160Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 5 GHz Access PointCopyright Kenneth M. Chipps Ph.D.
161There is No Wireless Network If it is not, then find out why the SSID or access point is missingCopyright Kenneth M. Chipps Ph.D.
162A Device Cannot Connect In this last case a single device cannot connectThe configuration of the device should be examinedIs it looking for the correct SSIDIs it looking for the correct channelDoes it have the required security settingsShould the NIC driver be reinstalled or updatedCopyright Kenneth M. Chipps Ph.D.
163A Device Cannot Connect If all of this is correct, then examine the access pointIs it set to filter out all but certain MAC addressesIf the device is to and through the access point, is there something on the wired network stopping just it, such as an Access Control List or other security settingCopyright Kenneth M. Chipps Ph.D.