Wireless Packet Captures with Multiple Adapters
Yer Yang
2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Yer Yang• Over 15 years of professional wireless
experience• Wireless Project Involvement includes:
• Indoor / Outdoor Wireless (MetroWiFi) Design and Deployments
• Consulting and Troubleshooting
• Contact• I have no Twitter, Facebook,
Myspace, Instagram, etc• I have email: [email protected]
3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
VoceraStaff Network Engineer
• SME for Networking and Devices
• Escalation Manager for Networking and Devices
• Ensure Customer Success
• Develop skills for Tech Support Engineers
Day in Life
• Troubleshoot
• Anything wireless!
• Vocera / Smartphone devices
4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Objectives and Take Aways
• Wireless Packet Captures for a mobile VoWLAN
• Adapters Needed and why?
• Channel Prediction
• Additional data sets needed for troubleshooting
• Logs
• Detailed notes
• Spectrum Analysis
• Data Analysis
• Example
5© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Related Presentations
2018 WLAN Pro Conference Prague
Topic: Voice Traffic Protocol Analysis
• https://www.wlanpros.com/resources/voice-traffic-protocol-analysis-andrew-mchale-wlpc-prague-2018/
Presenter: Andrew McHale
@mac_wifi – mac-wifi.com – [email protected]
6© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Typical Voice Issues Scenario
• Choppy Audio with VoWLAN
• Users Report Issues
• Maybe - Who, Where, When
• Typical Wireless Steps:
• Check for Coverage
If only there were a special goggle to see packet transmissions …
there is the next best thing
7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Enter the Packets
• Packet captures are depicted from the perspective of the medium
• Packets are vendor neutral
• Challenges with wireless captures
• Adapter limitation
• Or Scanning channels and missing packets
• Roaming clients
8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Common AP Layout - Stationary
9© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Common AP Layout - Roam
1 0© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Capturing Packets on Multiple Channels
• One adapter per channel
• Wasteful?
• May capture unnecessary data but never missing packets for the targeted client
• Filter on the client later
36 40 44 48 149 153
157161
165
1 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Concept of Capture
CH36
CH161
CH149
CH44
1 2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Hardware SetupRequirements and Best Practices
• Laptops with 3 USB ports
• No more than 3 adapters per hub
• Hub needs to have external power
• This is drain battery and laptop will say insufficient power
• Need external battery
• Run Spectrum with the capture always
• Velcro
1 3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
How to Capture - Preplanning
You’ll want to plan out a few things before you start capturing:
• Channel to capture
• Channel bandwidth
• 20, 40, 80, 160MHz
• The path you’d like take when troubleshooting
• Client debugs (as needed)
• Capturing at the AP port (port mirroring)
1 4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Steps - Channel Prediction• Planning Channel / Roaming Path
• Handheld
• Ekahau/AirMagnet
1 5© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Steps - Channel Prediction
• Depending on channels, you may have enough adapters
• Common case with 20MHz channels
• Use up to 12 adapters
• 9 adapters is average
• UNII 1 and UNII 3 Channels
• 36, 40, 44, 48, 149, 153, 157, 161, (maybe 165)
1 6© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Capturing On All Channels- Roam
1 7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Starting the Capture – Adapter Set UpAdapter settings:
802.11(2.4GHz)
802.11a
802.11n
802.11ac
802.11ax???
Select the primary Channel
1 8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Test Scenario
• Solo
• Stream Audio File between two devices
• Have one device on laptop and one on body with headset
• Note any audio anomalies
• Assisted
• Ensure stationary testing is in a good area
• Or set up a static capture
• Test with one roaming and engaged in a conversation
1 9© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Packet Capture Logistics• Keep target client near the adapters
• RSSI will be close between STA and capture adapters
• Presents idea of RSSI of downstream packets
2 0© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Logs and Captures Perspective
2 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Packet Capture Logistics
• Be aware of file size
• Ring Buffers
• Capture Partitions to certain Max size
• Consider that the issue may stem from the other end of the call
• May need capture at both end
• Encrypted Wireless Data
• Decrypt
• How to capture?
• Need a full association
2 2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Capture Tool Considerations
• OmniPeek
• License Fee
• Cheaper Adapters
• Wireshark
• Free
• More expensive PCAP Adapters (Windows)
My Use Case
• OmniPeek for wireless packet captures
• Wireshark for analysis
2 3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Supporting Data Gather of Incident
• Spectrum Analyzer
• See the RF
• Client Logs
• TCP Dump
• Radio Logs
• Notes
• What?
• Where?
• Static
• Roaming
• Reproducible on demand?
• Time?
• Who?
• MAC of Client
2 4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Correlating Data – Client (Badge) Log
2 5© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Correlating Data – Packet Capture
2 6© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Supporting Data Gather – Spectrum Analyzer• Spectrum
• Capture spectrum data side by side with packet capture
• Correlate Spectrum data with Packet Capture/Client Logs
2 7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Data Analysis
Common Issues with VoWLAN
• Choppy Audio
• What it looks like in packet captures
• Common root cause(s) signature
2 8© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Before We Dive In - Wireshark Analysis
2 9© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Wireshark Analysis
You’ve manage to capture choppy audio with multiple adapters, now what?
3 0© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Wireshark Analysis – Choppy Audio Capture
Wireless Client MAC
00:09:EF:30:0e:31
To see all packets:
${BART:30:0e:31}
3 1© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Wireshark Analysis – Choppy Audio CaptureWireshark IO Graphs
3 2© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Choppy Audio - Packet Retries
Packet RetriesUpstream
Packet Retries Downstream
3 3© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Other Potential Root Cause of Choppy Audio• Coverage
• Ensure wherever devices are used has sufficient coverage
• Elevators and Stairwells are “Best Effort” for coverage
• Interference / Congestion
• 2.4GHz – Voice should avoid
• Implement QOS
• Trust DSCP Value End to End
3 4© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
In Summary
• Wireless Packet Captures for a mobile VoWLAN
• Adapters Needed and why?
• Channel Prediction
• Additional data sets needed for troubleshooting
• Logs
• Detailed notes
• Spectrum Analysis
• Data Analysis
• Use IO Graphs to Pin Point Issue in trace
Thank you!
Slide 35
mf97 https://www.istockphoto.com/photo/cheerful-hispanic-nurse-walks-in-hospital-corridor-gm639754308-115491557marin finerty, 12/7/2018
Cut for time slides
3 7© 2 0 1 9 V O C E R A C O M M U N I C A T I O N S . A L L R I G H T S R E S E R V E D .
Common Choppy Audio