Professional Documents
Culture Documents
ECSE Troubleshooting v7.1
ECSE Troubleshooting v7.1
• Taking Breaks
• Restrooms
• Telephones
• Lunch
• Questions?
Instructor Director
3
Wired Network Before
Wired Network After
Wired Network Before
Wired Network After
Wireless Network Before
Wireless Network After
Wireless Network Before
Wireless Network After
12
Course Outline
13
“Theman who asks a question is a
fool for a minute, the man who
does not ask is a fool for life.”
- Confucius
14
Prerequisites
• Course Manual
• Lab Exercises
16
Course Objectives
• Learn how to properly Troubleshoot Wireless LAN’s using Ekahau Pro software,
WLAN Pi device, and other software tools
• This course enables you to take the ECSE-Troubleshooting exam the afternoon
of the fourth day.
17
Troubleshooting Process Steps 18
22
25
Tools Used in ECSE-Troubleshooting Course
Free
Wireshark, Kismet, Bettercap, HORST, Client Profiler, iPerf, HTML Tests
Low Cost
Wi-Fi Analyzer Pro, WLAN Pi, Netool.IO, Apps
Professional
Ekahau Pro v.10, Ekahau Sidekick,
• Modulation Schemes
28
How a Wired NIC Works
29
How a WLAN NIC Works
30
How Custom NICs Work
• Same as WLAN…
• Changes slightly with driver ‘shim’
• Promiscuous Mode (RF Monitor)
• Keeps CRC errors for Stats
• Sends data to
• “Data Ball”
31
End User
• Expectations
• Device on/off
• Knowledge
• Perceptions
• Skills
• Understanding of Device
• Wi-Fi vs Cellular
Wi-Fi Client Device
2.4 GHz
Wavelength Calculator
42
Comparison Between Radio Waves
Spread Spectrum
Narrowband
AMPLITUDE
AMPLITUDE
Spread Spectrum
FREQUENCY FREQUENCY
• Spreads an RF signal across more bandwidth than is necessary for the size of
the data
• Common Types: Direct Sequence, Frequency Hopping, OFDM
• Resists narrowband interference
44
Basic Types of Modulation
Baseband Signal
Original data bits in the radio’s 1 0 1 1 0 1 0 0
baseband
Baseband Signal
TIME
Amplitude Modulation
Varies the amplitude of the carrier
signal to encode data
Amplitude Shift Keying (ASK)
Frequency Modulation
Varies the frequency of the carrier
signal to encode data
Frequency Shift Keying (FSK)
Phase Modulation
Varies the phase of the carrier wave
to encode data
45
Phase Shift Keying (PSK)
Sine Wave (Front & Side View)
Sine Wave (Orthogonal View)
EVM
MODULATION •
(Error Vector Magnitude)
CONSTELLATIONS
BINARY PSK (BPSK)
• •
• 1 bit at a time
• Large EVM (Error Vector Magnitude)
•
0 1
•
• Very SIMPLE 270º 90º
• Very ROBUST
• Very SLOW (~6 Mbps)
• Around ~ 2-4dB SNR
• Very easy to achieve •
• •
MODULATION
CONSTELLATIONS •
01 11
QUADRATURE PSK (QPSK) (45º)
• 2 bits at a time
• 2X more throughput •
• 1/2 less EVM/Robustness 270º 90º
• EVM gets smaller
• A bit more complex
• Still ROBUST
• Still SLOW (~12 - 20 Mbps)
•X
• Around ~5-10 SNR 00 10
• Still easy to achieve
MODULATION
0010 0110 1100 1010
CONSTELLATIONS
16-QAM
•
1111
•1011
X
0011 0111
• 4 bits at a time
• EVM gets even tighter
• • •. • X
• 6 bits at a time X X
• 1.5 X more throughput
• • • • • • • •
270º 90º
• 1/4 less EVM/Robustness
• EVM is very small.
• • • • • • • •
• Very COMPLEX
• Very FAST (150, 300, 450+ Mbps)
• REQUIRES -65 to -67dBm
• SNR of ~18-25dB, or better
• Achievable with proper design • • • • • • • •
• • • • • • • •
• Difficult to SCALE
MODULATION • • • • • • • • • • • • • • • •
• • • • • • • • • • • • • • • •
CONSTELLATIONS • • • • • • • • • • • • • • • •
• • • • • • • • • • • • • • • •
256-QAM • • • • • • • • • • • • • • • •
• • • • • • • • • •X • • • • • •
• Introduced with 802.11ac • • • • • • • • •X• ••X ••X • • ••X • •
• 8 bits at a time
• • • • • • • • •• X.• •X ••X • • • •
10001000 11001000 11101000 10101000 10111000 11111000 11011000 10011000
Threshold
-62dBm
57
Virtual Carrier Sense
Intensity at
Source = I I/4
2D
Distance from
Source = D
4D
• Authentication Request
• Authentication Response
• Association Request
• Association Response
Association Identifier AID
“Green Diamond” Association/Roaming Algorithms
• SSID
• RSSI
• SNR
• Authentication Method
• Channel Switch Announcements
• De-Authentication Frame
• Dis-Association Frame
• Encryption Methods
• Error Ratios
• Heuristics
• Internal Lists - White/Grey/Black
• MCS/Data Rate
• Minimum Basic Rate
• Supported Data Rates
• 802.11k, 802.11r, 802.11v
Association is to Wireless
what a Link Light is to Wired
76
Authentication & Encryption
Open No Encryption
- None and None
- User Authentication
78
Pre-Shared Key
‣ Device Authentication
‣ SSID
‣ Pre-Shared Key
‣ 4-Way Handshake
802.1X - RADIUS
• Various EAP Types
• Controlled Port
• Supplicant
• Authenticator
• RADIUS Server
• Authentication Database
• EAP Flows
• 4-Way Handshake
• Fast Roaming Methods
802.1X/EAP Framework
Calculating
my key… Authentication
Supplicant Authenticator
Server
802.11 association Access
Need
access! blocked
Calculating
EAPoL-start this guy’s
key…
EAP-request/identity
82
Protocols
Captive Portal
‣ Location
‣ Certificate Issues
‣ Client Issues
‣ Control
‣ Encrypted DNS
‣ Friction
‣ Legal Issues
‣ Mi-Fi Issues
‣ Monetization
‣ Privacy Issues
‣ Triggers
85
• Beacon Report
Client Reports how sees other APs
• Channel Report
AP informs client of channels used
Over-the-Air
Client talks directly to target AP
Over-the-DS
Client talk through current AP to target AP
802.11 v - BSS Transition Management
91
Break
92
93
Review of Network Devices
• REPEATER
Regenerate Signal What is an Access Point?
• HUB
Multi-Port Repeater Repeater?
• BRIDGE Hub?
MAC based forwarding Bridge?
• SWITCH Switch?
Multi-port Bridge Router?
• ROUTER
Regenerate new Frame w/New MAC
Access Point
NOT a WAP!
Bridges Wireless to Wired
Fixed Location
Makes DFS Decisions
Radio Resource Management
Autonomous vs Controller
What is an Access Point?
96
Potential Troubleshooting Issues with Access Points
BSSID
•A Basic Service Set is
identified by a BSSID
• BSSID #1 - 2.4GHz
• MAC address of the 2.4GHz radio
• BSSID #2 - 5GHz
• MAC address of the 5GHz radio
Extended Service Set
ESS
Wired Medium Issues
• EIA/TIA 568A/B
• Cable Lengths
• Category Mismatch
• Grounding Issues
• Validation Testing
• Out of Spec Cabling
• Patch Cables
Evolution in Cabling
102
Wireless LAN Design Requirements
• Protection Modes
103
Edge Switch
•ACL(s) •PoE Settings
•Configurations •Port Speed/Duplex
•QoS (CoS vs DSCP) •How/Where to Packet Capture
•Distributed vs Centralized •Tagged vs Untagged Port
•NetFlow •VLANs
DHCP
•Address Pool Scopes
•APIPA Addressing
•Auto Renewal
•Broadcast Storms
•IPv4 vs IPv6
•DHCP Scope Options
•Latency
•Lease Durations
•Performance
•Scalability
DNS
• Location
• Accuracy
• Configuration
• Control/Blacklist
• Customization
• Latency
• Scalability
• Security
• Authentication Database
• Certificate Issues
• Configuration
• Custom VSA
• EAP Types
• Fast/Secure Roaming Types
• Licensing Issues
• Ports
• Ranges
• Resources
• Scalability
Authentication Database
• Accounts
• Certificates
• Infrastructure Credentials
• Custom RADIUS Attributes
• EAP Compatibility
• Login Credentials
• Ports
• Security
Application Services
Additional Security
MTU
Processing Time
Round Trip Time
TCP Retransmission
TCP Window
Tuned for Wired
Firewall Services
• Application Control
• Application Visibility
• Bandwidth Shaping
• Capacity
• Firewall Rules
• Rate Limiting
• Certificates
WAN Router
• Availability
• Bandwidth Throttling
• Consistency
• Costs
• Internet Connection Size
• Internet Destination Issues
• Jitter
• Latency
Wireless LAN Controller
• Bugs
• Code Versions
• Configurations
• Distributed vs Centralized
• Licensing Issues
• Local vs Cloud
• VLAN Choices
Homework
113
Homework Review
114
Doctor’s Visit / Triage
Blood Pressure - Channel Utilization
LCMI
Least
Capable
Most
Important
Survey Says: Top Wireless Issues
1 Wireless End User Skills, Knowledge Perceptions, Device on/off, Understanding of Concepts & Device capabilities, Wi-Fi vs Cellular
|
Drivers, Radio Capabilities, Authentication Profiles, Supported PHY, QoS, Power Save, Applications, Location, MPTCP, Vendor IE Support, Chipset Behavior, Roaming
2 Mobile Wi-Fi Client Device
Algorithms, Auto-Negotiated MCS, MDM, Protection
|
|
RSSI, SNR, SNiR, Primary & Secondary Coverage, CCI/ACI, Retry Rates, Average MCS, Jitter, Latency, Consistency, Regulatory Domains, Non-Wi-Fi Interference,
3 RF Media
Spectrum Analysis
|
4 Per Frame Tx Contention Process Preamble Detect, Energy Detect, Triggers, NAV Timers, TxOP, AIFS, Random Slots, QoS, WMM, Duration ID, Ch Capacity, Non-Wi-Fi Inteference
|
5 Per Frame Tx MCS Process Per Frame Decisions - Modulation Technique, Coding Technique, Ch Width, Guard Interval, Spatial Streams, Tx Power, ACK vs No ACK, TX decides
|
802.11 is NOT primary User - AP Scans for 60-Seconds, AP Enabled, Continuos Scanning, If RADAR detected, send CSA, Change to new CH, After 30-min can return,
6 Per Time DFS Process
after 60-second scan
|
|
Overhead to delivery IP Payload - AIFS, CW, BPSK Preamble, RTS, SIFS, Preamble BPSK, CTS, SIFS, Preamble, Preamble VHT, Header MBR, Payload PHY rate, CRC,
7 Per Frame Tx Single Frame on RF
SIFS, Preamble, ACK
|
|
Beacon, Probe Request, Probe Reponse, Authentication Request, Authentication Response, Association Request, Association Response, Decide on which AP by:
8 Per Timers Association Process RSSI, SNR, Auth Method, Encrypt Method, Channel Switch Announcement, Error Ratios, MCS/Data Rates Supported, Heuristics, Internal Lists, De-Authentication, Dis-
Associate, 802.11 k, v, r, MBR, Proprietary Methods!
9 802.11 k, v, r AP's try to influence the roaming decisions via 'standard' modes
|
10 Per Changes Authentication Process Open, Pre-Shared Key, 802.1X RADIUS, PSK includes Exchange of 4-Way Handshake to trigger Encryption Keys, 802.1X EAP Exchange, ending in 4-Way Handshake
|
11 Encrytion Process None, TKIP, AES/CCMP, Punishment for using TKIP, Confusion with Wi-Fi Alliance naming - WPA2 PSK… is PSK-WPA2
|
12 From LAN Upper Layers DHCP, IP , DNS, VLAN, Subnet Mask, Default Gateway, Captive Portal
13 Controlled Port AP Controls which 802.11 Frames can cross Wireless to Wired Boundary
|
14 Fixed Access Configurations, SSIDs, Minimum Basic Rates, Supported PHY Rates, Band Steering, Client Control, Radio Capabilities, Tx Rates, Client Isolation, Roaming, QOS
Wired Point PoE, Antenna Pattern, Mounting, 1GB backhaul limit, AP Locations, Physcial Layer Issues, Firmware Revisions, Custom Configurations, RRM/ARM, Proprietary
|
15 Local Cable Media EIA/TIA 568A/B, Category Mismatch, Validation Tests, Grounding, other issues
16 Network Edge Switch VLANs, Port Speeds, PoE, Configurations, QoS, End-to-End?, COS vs DSCP
17 Local Network Distributed vs Centralized Forwarding, ACLs, VLANs, QoS, Tunnels, Layers, NAT
18 TCP/UDP Following all TCP issues as well as UDP reasons for using each
19 Quality of Service Access Port vs Trunk Port, DSCP, WMM Categories, End-to-End QoS
20 Applicatons MTU, TCP Window, Round Trip Time, Processing Time, TCP Retransmission times
21 DHCP Server Lease Durations, Configurations, Broadcast Storms, Latency, Performance, Address Pool Scopes, Scalability, DHCP Options, Auto Renew
22 DNS Configuration, Scalability, Security, Accuracy, Customization, Control, Blacklists
23 802.1X/RADIUS Configuration, Ports, Ranges, Licensing Issues, EAP types, Custom VSA, Scalability, Resouces, Certificate Issues, Fast/Secure Roaming types
24 Active Directory Accounts, Credentials, EAP Compatibility, Custom RADIUS Attributes
25 Controller Functions Code Versions, Bugs, Configurations, Local vs Cloud, Licensing Issues, Distributed vs Centralized Forwarding, VLAN choices
26 Firewall Firewall Rules, Capacity, Compatibility, Rate Limiting, Bandwidth Shaping
27 WAN Router Size of Internet Pipe, Inernet Destination Issues, Costs, Availability, Consistency
Internet Internet Connection Bandwidth Throttling, Jitter, Latency
28 Captive Portal Security, Client Issues, Privacy, Friction, Triggers, Certificates, DNS, Captive Portal Location, Control, Monetization, Legal, MiFi
122
RF Media
Controller & Management
RSSI, SNR, SNIR, Primary Coverage,
Code Versions, Bugs, Configurations,
Secondary Coverage, CCI/ACI, Retry Rates,
Local vs Cloud, Licensing, Scale,
Average MCS, Jitter, Latency, Consistency,
VLANs, Centralized vs Distributed,
Regulatory Domains, Non-Wi-Fi Interference,
Control Plane, Mgmt Plane, Data Plane
Spectrum Analysis, RF Bands
Access Points
Wired Interfaces Configurations, SSIDs, MBR, PHY Rates, Band
EIA/TIA 568A/B, Cable Mismatch, Validation Testing, Steering, Client Control, Radio Capabilities, Tx
Grounding, VLANs, Port Speeds, Configurations, Power, Client Isolation, Roaming, RRM/ARM, QoS
QoS, COS vs DSCP, Distributed Forwarding vs Tagging, PoE Requirements, Antenna Patterns,
Centralized Forwarding, Access vs Trunk Ports Mounting, 1GB backhaul, AP Locations, PHY Layer
Issues, Firmware, Bugs, Custom Configs
Local Network Services
Troubleshooting Network Services 124
DHCP
All things IP Address Related,
Applications
VLANs, Default Gateway, Subnet
TCP Windowing, MTU,
Mask, Lease Duration, DHCP
RTT, Processing Time,
DHCP Options, Latency, Auto-Renew
TCP Retransmissions
Applications DNS
Configurations, Scalability,
DNS
Captive Portal Accuracy, Security,
Client Issues, Friction, Triggers, Controls, Blacklists,
Certificates, Encrypted DNS, Management
Control, Legal, MiFi Issues,
Where CP Resides, Privacy Issues Captive
Portal
RADIUS RADIUS/802.1X
Internet/Cloud Configuration, Ports, Ranges,
Size of Internet Pipe, Costs, Internet Licensing, EAP types,
Availability, Bandwidth Scalability, Certificates, Fast/
Shaping, Jitter, Latency, Secure Roaming,
Consistency, Firewall Issues Authentication Database Issues
Wireless LAN Troubleshooting Process
Break
126
How to NOT have WLAN issues
Before Installing AP…
Step 7 Step 2
Confirm you can connect to Confirm Power over Ethernet
Controller, WNMS, etc. meets AP’s requirements
Step 6 Step 3
Confirm DHCP, DNS Address,
Ping Default Gateway from DHCP Process
Default Gateway, IP Subnet Mask,
Ping server on far side of Default Gateway
& VLANs as designed
Step 5 Step 4
Document Switch Access
Test DNS for targets resolving correctly
Port, VLANs, Jack, Management VLAN
After Installing Access Point
130
Design Confirmation
Document AP as Installed Confirm Access Point is installed as designed
AP’s MAC Address, Assigned Name, Proper Location, Proper Orientation
Location, Switch & Port Used, IP Address,
Ethernet Jack, Photo of Installation
Really?
Most Wireless
Problems Aren’t…
132
Wired Issues
Use appropriate tools to check
Network connectivity in Upper Layers
Wireless Issues
Use appropriate tools to check Layer1
RF and Layer 2 MAC issues
Wired or Wireless Problem? 135
DHCP
All things IP Address Related, VLANs, Default
Applications Gateway, Subnet Mask, Lease Duration, DHCP
TCP Windowing, MTU, RTT,
Options, Latency, Auto-Renew
Processing Time, TCP
Retransmissions
DHCP
Applications DNS
Configurations, Scalability, Accuracy,
DNS Security, Controls, Blacklists, Management
Captive Portal
Client Issues, Friction, Triggers,
Certificates, Encrypted DNS, Control,
Legal, MiFi Issues, Where CP Resides,
Privacy Issues
Captive Portal
RADIUS RADIUS/802.1X
Configuration, Ports, Ranges, Licensing, EAP
Internet/Cloud types, Scalability, Certificates, Fast/Secure
Size of Internet Pipe, Costs, Availability, Internet Roaming, Authentication Database Issues
Bandwidth Shaping, Jitter, Latency,
Consistency, Firewall Issues
WiFi Signal Demo Lab
137
Netool.io Lab Exercise
Before installing an Access Point confirm
the Wireless LAN is providing all that is required.
138
Netool.io Labs
139
Lab 1 - netool.io Lab
140
141
Lunch
142
Wireless LAN Troubleshooting Process
WLAN Pi
Features:
Features:
•802.11 sniffing
•Standard PCAP logging (compatible with Wireshark, TCPDump, etc)
•Client/Server modular architecture
•Plug-in architecture to expand core features
•Multiple capture source support
•Live export of packets to other tools via tun/tap virtual interfaces
•Distributed remote sniffing via light-weight remote capture
150
Lab 3 - Introduction to Kismet
151
Lab 4 - Network Discovery with Kismet
152
Lab 5 - Linux Navigation
153
Network Troubleshooting CLI Commands
Windows macOS/*nix Description & Options
ping ping Test the network connection with a remote IP address
ping-t [IP or host] ping-l 1024 [IP or host]
tracert traceroute Displays all intermediate IP addresses through which a packet passes through,
between the local machine and the specified IP address.
tracert [@IP or host] tracert -d [@IP or host]
netstat netstat Displays the status of the TCP/IP stack on the local machine
netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
Arp Arp ARP: Resolving IP addresses to MAC addresses. Displays and modifies the
translation tables of IP addresses to physical addresses used by the ARP address
resolution protocol.
ARP -s adr_inet adr_eth [adr_if] ARP -d adr_inet [adr_if] ARP -
a [adr_inet] [-N adr_if]
1. SSH to WLAN Pi
2. Run Profiler Script
3. Test your client device
4. Review Results
5. Rinse & Repeat with other Devices
158
Lab 7 - Testing Wi-Fi Performance
159
Lab 8 - Advanced Performance
iPerf Testing
160
Lab 9 - Is it Wi-Fi or Not Wi-Fi
161
Ethernet over
USB connection
Homework
163
Homework Review
164
165
Wireless LAN Troubleshooting Process
Validating RF
167
Wireless LAN Design Requirements
• Protection Modes
168
Lab Exercise
Ekahau Validation Survey
169
Break
170
Spectrum Analysis using
Ekahau Sidekick
171
Tuning Fork Example
Additive Waves
Time –vs- Frequency
Time –vs- Frequency Views
Protocol –vs- RF
Types of RF Interferers
Ekahau Pro
RTFM
Spectrum Analysis Lab
179
Lunch
180
WIRELESS PACKET ANALYSIS
181
What Is a Wireless Packet Capture (PCAP)?
• Viewing & storing frames in the AIR (802.11), NOT the Wire (802.3)
• Necessary to see/understand the relation ship between a client & the WLAN
182
The Wireless Medium
• Unbound Medium
183
RF Monitor Mode 802.11 Frames
on Channel 36
Promiscuous-mode
regardless of destination on
NIC looks at all data that is being transmitted
the channel it’s monitoring. (But, no L1/2) )
o d e” ing)
l-m itor
“N orma m on
. k.a. ann el it’s
( a c h ,
de on th
e tors
uou s Mo lf ( o n i
i sc f o r itse l(s)
it m
n - Prom t ende
d
nne
No mes in cha
for f ra the
oks ar on
only lo nh )
e
NIC c a
h a t it i n fo!
es t L1/L2
o de fra m (
11
nit or-m L 802.
M o A L
RF s ees
NIC
Monitor Mode
185
Why PCAP?
186
Where to PCAP?
AP
a r
Ne
?
i ent
Cl
ear
N
187
Where to PCAP?
Near Client
?
188
First Thing’s First: Requirements
• Filters • Graphing
191
CUSTOM PROFILES
• Preset profiles with your favorite settings
• Columns
• Colorization Rules
• I/O Graphs
194
Backing Up Profiles (Mac)
195
Lab 11
Custom Profiles
196
CUSTOM COLUMNS
• CAPTURE Filters
• DISPLAY Filters
• Clients
• Frame types
203
204
802.11 Wireshark Filters
Management Frames wlan.fc.type == 0 Addresses
Association Request wlan.fc.type_subtype == 0 MAC address wlan.addr == MAC_address
Association Response wlan.fc.type_subtype == 1 Transmitter Address (TA) wlan.ta == MAC_address
Reassociation Request wlan.fc.type_subtype == 2 Receiver Address (RA) wlan.ra == MAC_address
Reassociation Response wlan.fc.type_subtype == 3 Source Address (SA) wlan.sa == MAC_address
Probe Request wlan.fc.type_subtype == 4 Destination Address (DA) wlan.da == MAC_address
Probe Response wlan.fc.type_subtype == 5
Beacon wlan.fc.type_subtype == 8 Access Points and SSIDs
Disassociation wlan.fc.type_subtype == 10 BSSID wlan.bssid == AP_radio_MAC_address
Authentication wlan.fc.type_subtype == 11 SSID wlan_mgt.ssid == SSID
Deauthentication wlan.fc.type_subtype == 12
Action wlan.fc.type_subtype == 13 Radio Tap Header
Specific Channel radiotap.channel.freq == frequency
Control Frames wlan.fc.type == 1 Specific Data Rate radiotap.datarate == rate_in_Mbps
Block ACK Request wlan.fc.type_subtype == 24 RSSI radiotap.dbm_antsignal == rate_in_dBm
Block ACK wlan.fc.type_subtype == 25
PS-Poll wlan.fc.type_subtype == 26 802.11k,v,r
Ready To Send (RTS) wlan.fc.type_subtype == 27 802.11v DMS request wlan.fixed.action_code == 23
Clear to Send (CTS) wlan.fc.type_subtype == 28 802.11v DMS response wlan.fixed.action_code == 24
ACK wlan.fc.type_subtype == 29 802.11k Neighbor request wlan.rm.action_code == 4
802.11k Neighbor response wlan.rm.action_code == 5
Data Frames wlan.fc.type == 2 802.11r FT auth req (wlan.fc.type_subtype==0) && (wlan.rsn.akms.type == 3)
Data wlan.fc.type_subtype == 32 802.11r FT auth res (wlan.fc.type_subtype==1) && (wlan.tag.number == 55)
Null wlan.fc.type_subtype == 36 802.11r FT reassoc req (wlan.fc.type_subtype==2) && (wlan.tag.number == 55)
QoS Data wlan.fc.type_subtype == 40 802.11r FT reassoc res (wlan.fc.type_subtype==3) && (wlan.tag.number == 55)
QoS Null wlan.fc.type_subtype == 44
Retries
Display Filter Operators Retry wlan.fc.retry==1
Equal == eq
Not Equal != ne Weak Signal and Probes
And && and Weak Signal wlan_radio.signal_dbm < -dB
Or || or Weak Probe responses wlan.fc.type_subtype == 5 && wlan_radio.signal_dbm < -dB
Xor ^^ xor Weak Probe requests wlan.fc.type_subtype == 4 && wlan_radio.signal_dbm < -dB
Not ! not
205 Contains wlan.xxx contains "xx:xx" 4-Way Handshake Filter wlan.addr == MAC && eapol
Lab 13
Display Filters
206
Color Rules
3
Lab 16
Comments & Marking
215
Importing/Exporting Custom Profiles
• Manual process
Exporting/Saving Custom Profiles
Go to your Personal Configuration folder
2. OR, open the “Profiles” folder and save only the Profile you want to share.
Importing Custom Profiles
Go to your Personal Configuration folder
1. Copy pre-existing files into your configuration folder (ethers, preferences, etc.)
New profile!
Importing Custom Profiles
Click on the Profile selector in the bottom left and you will see the newly imported profile.
LAB 8: Importing Profiles
220
Lab 17
Import/Export Profiles
221
I/O Graphs
Airtool by @AdrianGranados
CWAP Certified Wireless Analysis Professional Official Study Guide (PW0-270)
Options for Wireless Packet Capture in Windows
Wireshark · Display Filter Reference: IEEE 802.11 wireless LAN
Wireshark - Most Common 802.11 Display Filters by @VergesFrancois
Wireshark Color Profile – MetaGeek Support
Wireshark for Wireless LANs LiveLessons by Jerome Henry (@WirelessCCIE) & James Garringer (@JamesGarringer)
224
Homework
225
Homework Review
226
How many questions to find a
number between 1 and 100?
Why?
Questions to Ask 228
tracert traceroute Displays all intermediate IP addresses through which a packet passes through,
between the local machine and the specified IP address.
tracert [@IP or host] tracert -d [@IP or host]
netstat netstat Displays the status of the TCP/IP stack on the local machine
netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
Arp Arp ARP: Resolving IP addresses to MAC addresses. Displays and modifies the
translation tables of IP addresses to physical addresses used by the ARP address
resolution protocol.
ARP -s adr_inet adr_eth [adr_if] ARP -d adr_inet [adr_if] ARP -
a [adr_inet] [-N adr_if]
244
ECSE Student Resources
https://www.wlanpros.com/master-ecse-student-info-
page/
ECSE-Troubleshooting Exam
246
Exam
247