Category: WiFi

Capturing Wi-Fi 6E on Windows (and a Kali VM) for Fun and Profit

Picture this horror, you are a wireless pro without a Mac.  Now get out of the fetal position and stop self soothing, we can do a Wi-Fi 6E .pcap with a Windows box with a little work.  After messing about, I was able to get a capture of my MacBook and iPad Pro connecting to a 6Ghz only SSID – yeah, I know I should have a 5Ghz of the same SSID for discovery, but I wanted to force the dumb clients to 6Ghz and see it all natively.  There may be a lot easier way to do it, but this was my process.  Thanks to Alex Six for sanity checking my Linux Fu.

My setup (these are not sponsored/affiliate links):

I first created the 6Ghz SSID “Order66” with WPA3 and set it to channel 37 for testing.  On the PC I started by downloading and installing the Windows “driver” executable for the AWUS036AXML here.  I am annoyed that to get the driver you need to use their installer, but it was the only way to get it that I could find.  It took a couple of tries to get the adapter to enable.  Eventually I had to go into Device Mangler and disable the in-built WLAN adapter on the PC, unplug the Alfa adapter, then reboot and plug it back in to get it to actually work.  Total PITA, but it worked eventually.

Once Windows was finally seeing and enabling the Alfa adapter, I downloaded the ready to go VirtualBox KALI image.  I did try this all in VMWare Workstation 17 without much luck – so I continued with VirtualBox.  After importing the VM image and before booting VM, I went to Settings for the Kali VM in VirtualBox and selected “USB” and ticked “Enable USB Controller” and “USB 3.0 (xHCI Controller)” :

Choose USB

 

 

 

 

 

Next I clicked the USB cable icon with the plus symbol on it.  In the dialog that opened, I selected only “MediaTek Inc. Wireless_Device [0100]”:

 

 

 

 

 

 

I also mounted the host machine’s file system for easy file transfer by clicking Sharing, then chose my home directory in Windows and mounted it to /rdg (just my initials to make it easy to find).  I have my Wireshark the way I like it on Windows, so easier for me than setting it up in Kali:

 

 

 

 

 

I clicked OK to leave the dialogue box and booted up the VM.  Once the VM booted, I drank the Root Beer – this is a critical step.  Did I mention what a tank this little PC is?  I logged into Kali (UN: kali PW: kali), then I opened the Terminal and issued the ever controversial:

sudo su

If you aren’t cool with elevated privileges for the whole exercise, you can add “sudo” before the commands, but ain’t nobody got time for that.  After inputting the password, to make it easy to get to my files from Windows I moved into the /rdg mount point:

cd /rdg

To test and make sure we were able to go into Monitor mode and get to the right channel, I issued:

sudo airodump-ng wlan0 -C 6135

The response was “Checking available frequencies, this could take few seconds.”, then after said few seconds, the airodump-ng interface came up:

 

 

 

 

 

We are in business!  We can now see the SSIDs and verify that we are on the right channel.  We can CTRL-C out of this now, and start the capture with:

tcpdump -i wlan0 -n -w 6Ghz_Test.pcap

One thing to look out for, if you get an error here, issue this command to view your interfaces:

iwconfig

Look for it to say “wlan0” and that it says “Mode:Monitor”.  If you see an interface called “wlan0mon” that shows “Mode:Monitor” substitute it for anywhere that I have referenced “wlan0”.

You should now see the pcap in your home directory on Windows.  You can screenshot it and make a t-shirt!

WLAN Pi Battery Testing

Man, I love this little guy.  I have mentioned it before, I will do it again…and again….and again.  It is so incredibly easy to drop on a network, see the IP pop up on the OLED and start iPerf3 to check network speeds, get speeds from ePerf in your  Ekahau site survey,  use a graphical speed test, use HORST to grab packets, launch Kismet to see the WLANs around, have an endpoint for WiFi Explorer Pro, or add anything else a Raspberry Pi can run to customize it.  I’ll follow up with the junk I have added to mine at a later date.

One shortcoming of the current crop of Single Board Computers, including the one used in the WLAN Pi, is the lack of real PoE.  Some can use the phony bologna “passive PoE”  a certain prosumer WiFi vendor uses, but who has time for such nonsense?   You end up having to either use a USB PoE splitter or add a hat to the device.  Bummer.  The nice thing is that they draw very little power.  One great way to pop one up quickly is to just use a USB battery pack.  Rather than dealing with the splitters or finding wall power, I’ve found the battery pack to be a quick and easy solution.  I carry one anyway, and my bag is pretty full, so why not use it?  I like everything possible in my backpack to have at least two uses.  I don’t have any other reason to carry a USB PoE splitter.

I have amassed many of these battery packs over the years as charging technologies have changed.  I harbor a mild obsession with using the fastest possible charging technology for my current phone.  Most recently that is the Pixel 2 XL, which uses USB Power Delivery as does my Macbook.  The battery packs I used are specifically because I am most likely to have one of them in my bag (I also obsessively re-organize my bag so it can change depending on the day).  I hope to test with some others if I can pull them from my son’s hands.

First the setup – I used a WLAN Pi running  WLAN Pi v1.3 (Released 06-03-2018).  I had the Comfast CF-912AC in it, plugged into one of my Aruba switches.  I booted it and immediately started Kismet to make sure the WLAN adapter was being used.  I then started a ping from one of my servers with a timestamp (used this on Windows) and let it sit and cook.

The first battery I tested was my light and quick one.  It’s an Auckley (not to be confused with Auckey) 10,000 mAh pack that is actually pretty slim.  Now that I have a phone with a decent battery I carry it with me most of the time.  It’s just a little oomph if I am in a single meeting and need to make sure I have enough juice.  It is USB-PD and works fairly well for a generic. It was one of the only PD packs on the market for quite a while, so I went with the generic.  Most that do PD are gigantuon (like the second one I tested).

So, the Auckley actual gave me 14 hours 22 minutes of use!  If you need to be running this thing for THAT long straight, you’ve got big issues.  REALLY impressive.  These things sip power through a Capri Sun straw.

The second battery was my big daddy (he loves it when you call him Big Papa).  The RavPower 26,800 mAh is a BEAST.  This is the one I carry on planes or when I am going to be in meetings all day.  As one would expect, it lasted an amazingly long time.  I got 32 hours and 13 minutes out of it, using the same testing!

Mathing out the draw vs the capacity of the battery is one thing.  As you can see testing with all the variables is quite another.  I hope this helps give a feel for how long you can run these amazing little devices on the battery pack you probably already have with you!

Why I Review Customer’s Site Surveys With Them

Jealousy is an ugly trait

I don’t do site surveys anymore. My back thanks me for it. My airline status doesn’t.  As a manufacturer SE though, I see them every day. Why?  I ask for them!  I don’t step and click and click and step anymore.  Been there, done that (do people still say that?).  It’s just not part of my job anymore.  That said, I miss the hell out of them and try to see as many as possible.

Best in the biz

My employer’s partner community is top notch.  Best of the best.  They have engineers I would hire in a New York minute if I was an IT Director again.  They have the tools (I’m coveting your Ekahau SideKick….you know who you are).  They have the services teams.  They have the person-hours to justifiably bill a customer to do a thorough survey.  In my patch especially, I have some absolutely rock solid partner engineers to work with.  I trust that they are going to be extremely high-quality and thorough surveys.

My customers are all enterprise level WiFi commandos.  They have teams that breathe wireless, drink L2, and see radio waves.  They can tell when a warp core is misaligned by the hum of the nacelles.  They have the certs, the experience, and the feel for their environment to be able to provide enterprise service levels.

you get it, they rock, SO why do I review surveys?

Surveying is a skill and muscle that you need to work in order to keep strong.  Building and walking through reports is as well.  It’s a constantly changing science and a subjective art.  If you gave three WiFi surveyors a CAD, you could get seven designs.  There is not (as yet) an industry standard survey methodology.  There are best practices, there are individual methodologies and there are amazing training opportunities from CWNP, the survey software creators, and even the manufacturers.  There is no A-Z survey standard that a governing body prescribes though.  So the variety is incredible. Seeing as many surveys as possible, done by as many people as possible, just keeps filling my bag of tricks with more ideas.  I didn’t walk and click, but I get to see those walks and clicks.

it’s all about the community

Those are the selfish reasons.  Now let’s talk about the business reasons and how the selfish reasons help everyone.

If you take all of the above and you whip it together you get cream of the crop surveys.  I get a fantastic view into the minds of my betters.  I then get to add that cream to my customer’s and partner’s coffee.  With such a wide view, I get to share all those lessons and philosophies and be a clearinghouse of data.  I get to say “you know my buddy at XYZ partner found that there is a new lead lined sheetrock product on the market that eats signal” or “this is great, but my customer at the Widget Factory found that those same handhelds have crap antennas and super low power, so we want to scrunch the APs in a bit tighter than we  may have thought”.

So, we sit down and go through them together.  The customer, the partner, and me.  In the end, it helps the products I hawk work better.  It helps my customers achieve their business objectives.  It helps me hone skills.  Most importantly though, it allows me to spread knowledge that may not otherwise have a conduit, helping to better everyone’s designs.

Why I Use A Macbook – An Ode To DOS Snobs

I am writing this on my new(ish) BabyDoll.  I sold my Surface 4 and bought this MacBook Pro 13″ Touch Bar.  There were a lot of reason to re-evaluate the Surface, not least of which was that it didn’t actually work on my lap.  Despite what MS says in their “it’s lappable” dogma, it is not.  That dogma don’t hunt.  I have a work Macbook Pro, but I want my own box without a bunch of corporate software on it and that I can do personal junk on without feeling guilty.  I use my personal box full time for work for the above reasons as well.  So off I went to Best Buy.  I had an open mind and was initially looking at another DOS box.  As I over-analyzed though, I went with another Mac.

An OS is a tool to get a job done.  I used to spin up VMs a lot, but the main reason, Office, is usable on Mac at this point. To that point, I can load Windows on my Mac, but I can’t – at least ethically – load MacOS on other hardware.  So, why is MacOS my goto?  Chicks dig it.  Also, it has much better native tools for what I do and I can customize it more than a DOS box.

I love going to customer sites and getting crap from my Windows elitist buddies for using a Mac.  My usual response is “I understand that Unix can be intimidating, I get why you’d stay with DOS”.  Usually sometimes gets a begrudged laugh.  It’s true though.  I’m not an *nix snob.  I don’t want to compile the kernel to use a new mouse, but I want a bash shell damn it! Yeah, I get the Linux Services for Win10 thing, but it is bloaty and gross.  There are tools for Linux boxes that I can’t /easily/ use on my Mac as well though, so there is always a tradeoff.   MacOS gives me the happy medium.  I plug crap in and it works.  I get lots of native WiFi tools and several good suites not available on Windows or Linux (WiFi Explorer Pro being the one that comes to mind most readily).  I can capture packets natively and now I can even use Ekahau without spinning up a VM or BootCamping into Windows!

I love the customizability of the terminal on MacOS.  I use iTerm and a highly aliased .bash_profile to give me shortcuts and visuals I like, I love having nano, cat’ing a file so I don’t screw it up, and all that fun junk.  See my profile below.  It is a mashup of stuff my coworkers have found useful, stuff I’ve dug up around the web and a few things I came up with.

I also use my the ⌘+Space to open Spotlight and type in the app name almost exclusively for launching apps.  I hate mice, all of that hand movement and taking my hands off the keyboard,  so the more I can do to not move to it, the better.  It’s just so damned inefficient.  To that end, I actually prefer a laptop keyboard as the trackpad is closer than taking my hand off of the keyboard to dink with a mouse then moving it back over.  Most can agree that the trackpad on a Mac with its multitouch stuff is top of class.

I love virtual desktops that I can switch between easily with a 3 finger swipe on the trackpad.  I keep a Jump Desktop based RDP session open to my AD server, Jump Desktop VNC to my Ubuntu Box and sometimes one to my lab NUC running Windows 10 as a jump box.  Swipe Swipe done.

So in the end, I pretty much keep all OSs running in one form or another.  BabyDoll is the easiest way to do it.  It’s efficient, it’s extensible and its got the tools I need. I never open my iPad unless I am reading comics or reading Scootering magazine.  I use a Pixel 2 XL. I’m not an Apple fanboy, but my Mac is the best tool in the box for what I do in a day.  Also, chick digs it  (the only one I care about does anyway).

My .bash_profile, it’s all about the aliases baby.

alias ..='cd ../' #back that thing up
alias reload='source ~/.bash_profile' #since I constantly dink with this, I like to easily reload it
alias f='open -a Finder ./' # I avoid the trackpad when I can, one less movement and click to open finder at /
alias inet='curl ifconfig.me' # easier than opening the browser to whatsmyip.com so I can throw an nmap at the outside of the router
alias ip='ipconfig getifaddr en0' #cleaner than ifconfig if I just need my ip
alias speed='curl -o /dev/null http://speedtest.wdc01.softlayer.com/downloads/test10.zip' #decent but not perfect quick and dirty speedtest
alias tw='open -a /Applications/TextWrangler.app' #I use nano mostly, but if I need something more rich this makes it easy to open the file in TextWrangler (MUST HAVE for Mac nerds)
alias master='sshpass -p mypassword ssh rocky@aruba-master' #This is my lab, I don't mind cleartext passwords, this makes it easier to jump into my boxes
alias s3500='sshpass -p mypassword ssh rocky@s3500' #see above
alias s1500='sshpass -p mypassword ssh rocky@s1500' #see above above
alias dl380vm1='sshpass -p mypassword ssh rocky@dl380vm1' #see above above above
alias pi='sshpass -p mypassword ssh pi@192.168.0.96' #c'mon, you get the pictures
alias c='clear' #since I copy a lot of my ssh sessions for code snips for my customers, I clear a lot, that way I can do a ⌘A to snip it
alias weather="curl -s 'http://rss.accuweather.com/rss/liveweather_rss.asp?metric=2&locCode=en|us|portland-or|97209' | sed -n '/Currently:/ s/.*: \(.*\): \([0-9]*\)\([CF]\).*/\2°\3, \1/p'" #stupid terminal trick I found somewhere
alias ss="/System/Library/CoreServices/ScreenSaverEngine.app/Contents/MacOS/ScreenSaverEngine" #launch screensaver and lock screend
alias ls='ls -GFh' #We all have our ls fave, this is mine.
alias iscan=' nmap -p 1-65535 -T4 -A -v' # I forget command arguments because I am old this is for an intense can
alias osmap='nmap -A' # See above, this is a quick scan with OS
alias pscan='nmap -sn' #Quick ping scan

#borrowed from this post that has a LOT of great stuff https://natelandau.com/my-mac-osx-bash_profile/
# cleanupDS: Recursively delete .DS_Store files
# -------------------------------------------------------------------
alias cleanupDS="find . -type f -name '*.DS_Store' -ls -delete"

# finderShowHidden: Show hidden files in Finder
# finderHideHidden: Hide hidden files in Finder
# -------------------------------------------------------------------
Posted on Categories WiFi

Why I Buy Tools Out Of Pocket

Mechanics buy their own tools, plumbers do too, a lot of trades do. Most of us in technology are given a fair set of tools to do the job not long after signing the offer letter, and most of us take it for granted.

My employer is gracious enough to provide the current tech we have on offer.  They supply a lab server.  They provide a pretty beefy and regularly updated laptop.  I’ve got APs out the wazoo.  They even supply a car and the occasional polo shirt.  They provide the basics for me to get my job done.  They provide what I honestly think is a fair toolbox.  Could it be updated more often?  Sure, I’m a gearhound, who doesn’t want new and shiny stuff?

What they don’t provide is the incredible selection of fun wireless hardware that can help me to better understand my craft and ply my trade.  I didn’t get issued a WiFi Pineapple, but I wanted to see how well its Captive Portal could pass for an Aruba or Cisco one.  I wanted to be able to show my customers and to be able to talk about the threats these cute little devices can pose.  I wasn’t shipped a Hacker Arsenal WiMonitor and Winx and but I wanted to show my customers an inexpensive tool that can get some packets quick in a hurry.  I didn’t receive a WLAN Pi when it came out, but I wanted to be able to demonstrate to my customers that having a quick a solution for ePerf/iPerf, grabbing packets, and pulling speed tests is important and doesn’t have to mean buying expensive tools, requisitioning a MacBook or standing up a VM.

I got a desktop machine to use as a server when I started five years ago.  I got a Shuttle a few years later.  I wanted to be able to run multiple versions of all of our software, plus sundry stuff a customer may have in their environment.  Those boxes were out of gas as more and more of my company’s solutions are virtualized.  So I dug around on Craigslist and found a couple DL360s.  I wanted to be able to bounce gear out in the lab in my shop from my office in the house, so I went on eBay and picked up some IP PDUs.  I lock myself out, so I got an AirConsole.

Can I do my job without the kit above?  Yes.  Can I do it more easily with the above?  Hells yes.  When I mentor folks coming up in the trade I tell them that I’m willing to empower them, but that I don’t invest without return.  They have to put as much time into themselves as I do – and as much as I put into myself when my mentors helped me.  I expect them to fill their toolbox, and I expect to help them fill it.

So what’s the meat of this philosophical sandwich?  Easy: How can I expect someone to invest in me if I don’t invest in myself?

Also, I need the tax write-offs.