Troubleshooting Wireless Networks Last Update 2013.06.21 1.23.1 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Introduction • Troubleshooting a wireless network is difficult, as the wireless environment is hard.
Download ReportTranscript Troubleshooting Wireless Networks Last Update 2013.06.21 1.23.1 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Introduction • Troubleshooting a wireless network is difficult, as the wireless environment is hard.
Troubleshooting Wireless Networks Last Update 2013.06.21 1.23.1 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 1 Introduction • Troubleshooting a wireless network is difficult, as the wireless environment is hard to visualize and control • This presentation will discuss the common problems seen in wireless data networks and their solutions Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 2 Tools Used to Troubleshoot • There are two main tools used to troubleshoot wireless networks • These are – Spectrum Analyzer – Protocol Analyzer Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 3 Sources of Problems • There are many sources for the problems seen in wireless networks • They are all due to three reasons for the most part – First, the unbounded nature of a wireless network which makes it subject to interference in all its forms and manifestations • Fluke estimates that 60 percent of wireless LAN problems are related to interference Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 4 Sources of Problems – Second, for outside networks water infiltration is common – Third, the technology itself produces several problems for both inside and outside networks such as • • • • Hidden Node Near/Far Low throughout Fragmentation Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 5 Layer 1 Troubleshooting • Troubleshooting should begin at layer 1 • A spectrum analyzer is used to examine this layer Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 6 900 MHz Interference • Common sources of interference in the 900 MHz band include – Paging systems at 929 to 932 MHz are a common cause of problems – Analog based cellular phone systems stop at 896 MHz, but have been known to cause crosstalk all the way up to 914MHz – FEMA and ESMR high powered emergency service and dispatch equipment that can bleed as high as 904 MHz Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 7 900 MHz Interference – SCADA used for telemetry and monitoring uses the ISM band – The 940 to 960 MHz part of the 900 MHz range is licensed – 900 MHz near a TV antenna can cause interference on channels around 5 and 6 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 8 2.4 and 5 GHz Interference • In the 2.4 and 5 GHz bands sources of interference include, depending on the frequency – Amateur operations at least in the 2.4 GHz band – Microwave ovens – Cordless phones – Lights that use 2.4 GHz signals to excite the gas in the tube Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 9 2.4 and 5 GHz Interference – Satellite radio services that use 2.4 and 2.3 GHz – Cellular phone sites • They do not use the unlicensed frequencies for service, but they do use them for backhaul – Medical devices – Elevator motors – Television station transmission from remote vehicles back to the studio Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 10 2.4 and 5 GHz Interference – Bluetooth headsets • Especially when there are a large number of these, such as in a call center – Smartphones – Embedded wireless devices such as in MP3 players, watches, and so forth – Wireless game controllers – Zigbee devices – WiMax sites Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 11 2.4 and 5 GHz Interference – Wireless cameras – Some motion detectors – Harmonics and intermodulation products Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 12 Interference • These sources of interference will cause waits by stations to transmit, retransmissions, and in the worst case data rate reduction • The end result is that the actual data rate is even lower then the expected throughput, keeping in mind that the expected throughput is usually only 60 percent of the advertised capacity Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 13 Interference • For example, a capacity of 54 Mbps in the best case will only produce a throughput of 60 percent of that or 26.5 Mbps • Then the reduction from the effects of interference can lower that even further • Finally, this available bandwidth must be shared by all of the devices on the wireless access point as 802.11 networks of all kinds are shared media Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 14 Interference • These sources of interference manifest themselves as one of the following types – Narrowband – All band – Adjacent channel – Co-channel – Multipath Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 15 Narrowband Interference • Narrowband interference is basically another signal at a single or narrow range of frequencies • As such it blocks out part of the spread spectrum signal • An advantage to spread spectrum technology is its ability to work around limited narrowband interference Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 16 Narrowband Interference • To get rid of the narrowband interference – Shield it – Turn it off – Change channels on the wireless network equipment Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 17 All Band Interference • All band interference is from one end of the band to the other • A microwave oven is an example of this type of interference • About the only solution to all band interference other than getting rid of the source is to change bands, such as from 802.11b/g to 802.11a Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 18 All Band Interference • In the case of a microwave commercial, rather than consumer grade, microwave ovens will typically produce less interference Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 19 Adjacent Channel Interference • Adjacent channel interference is produced by co-locating access points where the channels overlap somewhat or completely • Metageek views this as the worst type of interference • Here is what they say about it – As one of the APs tries to talk to its clients, the transmissions become garbled because of the transmission interference of the other two Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 20 Adjacent Channel Interference – This drives down the performance of all of the networks • A network detection device or a spectrum analyzer is required to detect this problem • To prevent this – Do not use channels that overlap – Move the access points far enough apart that the cells do not overlap or turn the power down to achieve the same effect Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 21 Co-channel Interference • With co-channel interference there is a direct overlap of the channels • An example might be two different organizations using the same channels where one is on floor 1 and the other on floor 2 or in an adjacent office • To detect this a network detection device or wireless network analyzer is required Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 22 Co-channel Interference • Metageek says that this form of interference is not as bad as adjacent channel interference because – Co-channel congestion works in a similar manner – Performance is hindered by wait times, but the bandwidth is managed, and every device will eventually get a chance to talk to its associated AP Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 23 Co-channel Interference • To prevent this – Do not use channels that overlap – Move the access points far enough apart that the cells do not overlap or turn the power down to achieve the same effect – Change the orientation of the antennas, with one horizontal and the other vertical polarization Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 24 Co-channel Interference • Keep in mind that some devices will detect co-channel interference and move to another channel • This does not help if the device is a frequency hopper as it will move constantly from one channel to another Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 25 Detecting Interference • In 802.11 based networks interference will show up as increased fragmentation, decreased transmission rates, and increased retransmission Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 26 Multipath Interference • Another type of interference is multipath • When a radio frequency wave leaves an antenna it encounters objects off which it is reflected, this creates multiple wave fronts, one for each reflection point • Some of these waves go off in space, but others reach the receiving antenna along with the original wave front Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 27 Multipath Interference • Since the reflected waves cover the distance from the transmitter to the receiver over a different time interval than the original wave there is a delay between when the original wave front arrives and the reflected waves arrive • The time between the arrival of the original wave and the last reflected wave is the delay spread Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 28 Multipath Interference • The value for delay spread will vary • For an 802.11b or g network the delay spread is – < 50 nanoseconds for a typical home – 100 ns for office environments – 200 to 300 ns for a manufacturing floor • This is very much like an echo where the listener has trouble figuring out what is an original sound and what is an echo Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 29 Multipath Interference • Multipath causes several problems – Decreased signal amplitude or downfade – Corruption – Nulling – Increased signal amplitude or upfade • With decreased signal amplitude the reflected waves are added to the original wave Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 30 Multipath Interference • If the reflected waves are out of phase with the original wave, then a decrease in amplitude is seen • If a reflected signal is even more out of phase, then the reduction may be so great that the received signal cannot be read at all or only partially due to corruption • This is seen in a low signal to noise ratio Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 31 Multipath Interference • In nulling the phase of the reflected signal entirely cancels the original signal • When a reflected signal is in phase with the original signal then the total signal may be larger in amplitude • This causes a higher signal strength than would normally be expected at the antenna, but still lower than the transmitted signal strength Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 32 Detecting Multipath Interference • Multipath cannot be measured directly • Only its effects can be seen and from these multipath deduced • For example, if a link budget calculation is performed but the signal as measured is less, then multipath can be a reason • Holes, areas of no signal, detected when doing a site survey may be caused by multipath Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 33 Solving Multipath Interference • Moving objects that reflect the signal or moving the antennas so as to avoid the multipath path are possible solutions • Antenna diversity is another possible solution to multipath • Antenna diversity is the use of multiple antennas, inputs, and receivers • There are several types of antenna diversity that are commonly used Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 34 Types of Antenna Diversity • Types of antenna diversity include – Non-active diversity, which uses multiple antennas and a single receiver input is common on LANs – Active diversity utilizes multiple antennas and multiple inputs to a single receiver • It reads the signal from one antenna at a time Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 35 Types of Antenna Diversity – Switching diversity uses multiple antennas and multiple receivers • It switches receivers based on the signal strength at each antenna – Transmission diversity transmits out the last antenna used for reception • It can alternate antennas for retransmissions • It too is common on LANs Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 36 Harmonics • Interference can appear from odd locations, such as the result of harmonics and intermodulation products • Harmonics are exact multiples of a fundamental frequency, starting with two times the fundamental frequency Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 37 Harmonics • For example, a common source of interference for 2.4 GHz mounted on the same tower as paging equipment that operates in the 800 MHz range is a third harmonic from the paging transmitter • For a fundamental frequency of 800 MHz the second harmonic is 1600 MHz and the third is 2400 MHz Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 38 Harmonics • This third harmonic appears as interference in the unlicensed 2.4 GHz range • As the power of the harmonic goes up, the strength of the signal goes down • The ones most likely to create problems are the low order harmonics as the filtering in the receiver may not be able to keep these out Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 39 Harmonics • Harmonics are generated by almost all amplifiers • When a harmonic is produced by a transmitter it is normally the result of insufficient transmitter filtering Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 40 Intermodulation Products • At a site with multiple transmitters the harmonics from two different ones can combine to form an intermodulation product • For example if the second harmonic from one transmitter combines with the third harmonic from another transmitter, a fifth order intermodulation product is produced Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 41 Intermodulation Products • This new frequency can be the result of either adding or subtracting the two harmonics • The intermodulation can occur at the transmitter itself, in the receivers, or even be the result of poor connections on a tower Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 42 Harmonics and Intermodulation • Harmonics and intermodulation products are the result of nonlinear process • In a radio it is best if the amplifier amplifies without distortion, the mixer produces a perfect signal, and the radio receives perfectly • This does not happen • Everything is nonlinear Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 43 Harmonics and Intermodulation • The output does not follow the input perfectly • In other words, distortion is created • Prevention of harmonics and intermodulation products is done with good radio design, filtering, and sound construction practices Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 44 Passive Intermodulation • The most difficult type of intermodulation to find is that caused by passive sources • This occurs when two or more frequencies mix together in devices such as – Antennas – Loose joints – Joints of dissimilar metals – Micro gaps between metal surfaces Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 45 Water Infiltration • Regardless of the frequency, one of the most common problems for wireless equipment mounted outside is water infiltration • Water is always bad for a wireless connection • In general there is no way to remove all the water from a part, so just replace it Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 46 Water Infiltration • This type of problem typically occurs in connections, where the water works through the waterproofing • Refer to the presentation on Installing Equipment for Outside Wireless Networks for details on how to prevent water penetration • One way to check for water is to measure the VSWR Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 47 Water Infiltration • A VSWR of 1.5:1 is very good, while 2:1 is acceptable • This type of test is done with a device designed for this purpose • The Anritsu Site Master line of products is commonly used for this Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 48 Water Infiltration • As Anritsu says – Covering the 625 MHz to 2500 MHz frequency band, the Site Master S251C site management tool is designed to accurately locate and identify cable and antenna system faults and conduct isolation and gain measurements – This model is ideally suited for users working in cellular, PCS/GSM and ISM applications Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 49 Water Infiltration – Measurement capability includes return loss, VSWR, cable loss and distance-to-Fault (DTF) analysis Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 50 Technology Problems • The way the technology behind wireless networks works subjects these types of networks to problems not seen anywhere else Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 51 Hidden Node • The hidden node problem occurs when one node cannot hear another node transmitting • This occurs when they are separated by an obstruction or when they are too far apart • Both nodes can see the access point, but not each other Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 52 Hidden Node • This causes excessive collisions on the network, retransmissions, and therefore reduced throughput Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 53 Detecting Hidden Node • Degraded throughput on the network is the common sign of hidden node • Examining the layout of the network may show hidden nodes • Moving or disconnecting possible hidden nodes and then examining the throughput may show these as well • This is a trial and error process Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 54 Solutions for Hidden Node • The solutions for hidden node depend on the type of network • For a LAN solutions include – Use RTS/CTS – Adjust the point where the wireless packets are fragmented – Increase the power used by the far nodes and decrease the power used by the nearby nodes Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 55 Solutions for Hidden Node – Remove the obstacle – Move the node closer – Use a polling mechanism to control access • RTS/CTS does not solve the hidden node problem, but it may improve the throughput if the node or obstacle cannot be moved Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 56 Solutions for Hidden Node • If network throughput is slow or if there are a large number of retransmissions, enable RTS by lowering the RTS threshold • On systems where a polling mode is not supported, Cisco recommends adjusting the RTS/CTS parameter by reducing the packet size from its default of 2048 to a value where CRC errors become acceptable Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 57 Solutions for Hidden Node • By adjusting the fragmentation level to a value where more and more packets are fragmented it may increase throughput • Being smaller in size the packet may make it to the access point before colliding with another packet • Another way is to increase power to the node, which will increase the cell around the node allowing it to detect other nodes Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 58 Solutions for Hidden Node • This is done through trial and error • When 802.11b is used as an outside network solution such as creating a CAN or MAN to provide access to a LAN or the Internet the use of RTS/CTS is different • The correct approach to take in this type of network is to set RTS Threshold very low on each client device and above the average packet size for each access point Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 59 Solutions for Hidden Node • The maximum sized packet typically seen is 1500 bytes • The minimum is 64 bytes • By setting the access point’s RTS Threshold to something higher than 1500, such as 1600 bytes, the access point will never have to ask permission to transmit Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 60 Solutions for Hidden Node • To maintain collision control on the network the RTS Threshold setting for every client is set to 60 bytes • Keeping in mind that all conversations in a MAN size network should be between clients and access points, never client to client, this forces the client to always ask the access point for permission to transmit Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 61 Solutions for Hidden Node • While the access point can transmit anytime • In a CAN either the LAN or the MAN settings just discussed can be used depending on whether clients need to talk to each other by going though the access point or just talk to only the access point and devices behind it on the wired network Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 62 Near/Far • The near/far problem occurs when there are nodes near the access point that have high power settings and other nodes far from the access point with low power settings • The near, high power nodes overwhelm the far, low power nodes Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 63 Detecting Near/Far • To detect this, check the network design • Look at the power output level of the nodes Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 64 Solutions for Near/Far • Possible solutions to the near/far problem include – Reduce the power of the nearby nodes – Increase the power of the far off nodes – Move the far off nodes closer to the access point – Move the access point to a more central location Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 65 Low Throughput • The throughput of a wireless system is dependent on – Amount of interference – Type of interference – Security solutions that add overhead – Distance, since the data rate falls off as distance increases – Older, slower computers – Fragmentation – Power saving turned on Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 66 Solutions for Low Throughput – Use of RTS/CTS – Use of PCF – Polling mode • The most common solution to low throughput is the co-location of access points in a single area • For 802.11b for example three nonoverlapping channels are possible –1 –6 – 11 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 67 Solutions for Low Throughput • A single AP will provide from 4.5 to 5.5 Mbps in practice • In theory three APs should provide 15 Mbps or so • In reality they will produce slightly less • The reason is there is actually some overlap even among these sets of channels Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 68 Solutions for Low Throughput • Of course it is possible to use fewer than three APs, two may be used on channels 1 and 11 • This may make sense if three access points each producing 4 Mbps are compared to two producing 5.5 Mbps each Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 69 Solutions for Low Throughput • It may also make sense to force fragmentation so as to produce smaller frames, this means that the lost frames when retransmitted are smaller • When a packet must be fragmented this adds overhead as each fragment requires an ACK Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 70 Solutions for Low Throughput • Fragmentation can be adjusted to improve efficiency on the network • If the network is experiencing more than 5 percent retransmissions or high packet error rates, then increase the fragmentation threshold • This is done by starting with the maximum size and gradually dropping the threshold until an improvement is seen Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 71 Solutions for Low Throughput • As the frame size is increased, there is less overhead, but increased chance of collision • As the frame size decreases there is more overhead, but less chance of collision • Start with a setting of 1024 bytes Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 72 Solutions for Low Throughput • In a network where the average packet size is greater than 800 bytes, then it may benefit the network to lower the fragmentation setting, then see if performance improves • This can be determined by transferring a large file, such as 1GB as the test data must be larger than the fragmentation threshold, and timing how long it takes Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 73 Solutions for Low Throughput • Adjust the value in 100 byte increments above and below 1024 bytes and see when the most improvement occurs Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 74 Solutions for Low Throughput • An easy, but not always inexpensive, way to save bandwidth in the backhaul from the access point to the wider network is to use a caching server • This speeds the loading at the customer end of the connection of popular sites Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 75 Solutions for Low Throughput • In environments with high noise levels it may help to reduce the sensitivity of the radio • By doing this distance between the transmitting and receiving radios is reduced, but the radios will not see the noise as they are no longer sensitive enough to pick it up Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 76 Solutions for Low Throughput • An article in Network World in June 2013 mentioned this problem related to power saving settings – Some routers are set up with their power savings mode on by default – The goal is to save a few milliwatts – Unfortunately, this commendable approach reduced bandwidth disproportionately Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 77 Solutions for Low Throughput – Although my trusty Linksys WRT610N router wasn't set up with unnecessary power savings in mind, I turned on its low power modes just to see the effects – The low setting lowered the power output of my 802.11n router from 19 to 18 watts – Bandwidth was reduced from an already low 19Mbps down to 5Mbps with my clients and router being only separated by a single concrete wall Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 78 Wireless Analysis • Let’s switch now to a discussion of how a wireless network should be analyzed • In the view of Laura Chappell a wireless network should be examined from the bottom layer up • She summarizes the wireless network analysis steps this way Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 79 Wireless Analysis Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 80 Wireless Analysis • Beginning at the physical layer – Look at the signal level and noise level – For a good signal the difference between the two should be as wide as possible – In general a strong signal is -40 to -60 and a low noise floor is -85 to -95, thus creating a gap of 30 to 40 dBs as the signal to noise ratio – Here is a summary of the quality of the signal at various values Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 81 Signal to Noise Ratio Guidelines • 40 dB or higher – Excellent – Always associated – Very Fast • 25 to 40 dB – Very good – Always associated – Fast Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 82 Signal to Noise Ratio Guidelines • 15 to 25 dB – Low – Always associated – Usually fast • 10 to 15 dB – Very low – Mostly associated – Usually slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 83 Signal to Noise Ratio Guidelines • 5 to 10 dB – No signal – Not associated – Not useable Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 84 Duty Cycle Guidelines • Fluke in a Webinar from August 2011 points out that the duty cycle or the amount of the channel capacity being used impacts how well different types of traffic go through the network • If the duty cycle is too high, the traffic does not successfully pass through the network • As they state Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 85 Duty Cycle Guidelines Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 86 Wireless Analysis • A protocol analyzer is used to examine layer 2 • To do this using Wireshark some changes must be made to the default configuration • Wireshark does not directly display signal, noise, or signal to noise ratio • These can be added • Let’s see how we setup Wireshark to do this 87 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireshark Setup • Install and setup the AirPcap adapter • Select the AirPcap adapter as the capture interface • Stop the capture • Click Wireless Settings in the Wireless Toolbar Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 88 Wireshark Setup • If the Wireless Toolbar is not on select – View – Wireless Toolbar • On the toolbar click – Wireless Settings… • In the popup box select – 802.11+Radio • Then Ok Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 89 Wireshark Setup • The signal and noise data is contained in the Radiotap Header which appear when 802.11+Radio is selected • To see a sample of the data – Select a frame – Expand the Radiotap Header – Scroll down to the Channel type section Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 90 Wireshark Setup Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 91 Wireshark Setup • Here is what it looks like Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 92 Wireshark Setup Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 93 Wireshark Setup • To see this in the main display a column for each must be added • Let’s add – SSI Signal – SSI Noise – SSI Signal – which is the signal to noise ratio Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 94 Wireshark Setup • Highlight the SSI Signal field in a frame • Right click and select – Copy - Fieldname • Select – Edit – Preferences – Columns – Add • In Field type select Custom • In the Field name paste the copied value • Click Apply, and then Ok Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 95 Wireshark Setup Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 96 Wireshark Setup Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 97 Wireshark Setup Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 98 Wireshark Setup • Then edit the column name and press Enter after each one • Do this for all three values as follows – SSI Signal • Signal dBm – SSI Noise • Noise dBm – SSI Signal • SNR dB Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 99 Wireshark Setup • These values are defined as – SSI Signal • IEEE80211_RADIOTAP_DB_ANTSIGNAL – This field contains a single unsigned 8-bit value, which indicates the RF signal power at the antenna, in decibels difference from an arbitrary, fixed reference – SSI Noise • IEEE80211_RADIOTAP_DB_ANTNOISE – This field contains a single unsigned 8-bit value, which indicates the RF noise power at the antenna, in decibels difference from an arbitrary, fixed reference Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 100 Wireshark Setup – SSI Signal • Even though the signal to noise ratio is called a ratio for which there are standard equations in practice it is a simple subtraction Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 101 dB Values Caution • These dB values cannot be used for any purpose other than in comparison to each as they are from the device’s 802.11 chipset • These are then not calibrated values • Comparison between devices can only be done with a calibrated unit such as a spectrum analyzer Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 102 Wireshark Setup • Other columns may be removed or the new columns moved over to make the display easier to see • For example I moved these three to the left of the Info column Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 103 Signal Noise SNR Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 104 RSSI • Wireshark has a predefined column named – IEEE 802.11 RSSI • This column is displayed as – RSSI • This is the same as the signal to noise ratio although it implies it is the signal strength, it is not Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 105 Graphing Values • These values for signal, noise, and signal to noise ratio can be graphed by outputting the data to a CSV file, then importing it into Excel • Let’s see how that is done as described by Laura Chappell using a file already containing data Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 106 Graphing Values – To create this graph, open wlansignalissue.pcap – You will notice that these packets were captured with a PPI header – I created a column for ppi.80211common.dbm.antsignal and called it “PPI-Sig” – The next step is to select File > Export> File – Save your file in .csv format Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 107 Graphing Values – To create the graph in Excel, open the .csv file and select the PPI-Sig column (or a portion of it, as I did above – I only selected the first 169 packets) – Choose Insert > Line and choose the line graph style you want • Here is an example of this with some color bars added Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 108 Graphing Values Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 109 Wireless Statistics • A trace file can be analyzed for some basic statistics by using – Statistics – WLAN Traffic Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 110 Wireless Statistics Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 111 Wireless Statistics Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 112 Wireless Analysis • The next step is to look at the connection process where the station authenticates and associates with the access point – During the authentication process a station establishes its identity with the access point – Stations must authenticate before associating with an access point – After authentication a station can associate with an access point in order to pass data through the access point to the wired network113 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Wireless Analysis – During this process the access point records information about each station Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 114 Wireless Analysis Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 115 Wireless Analysis • After this the rest of the analysis is just as on a wired network as we have reached IP at the Network layer Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 116 802.11 Frame Types • As discussed in detail elsewhere there are three types of frames seen on a 802.11 network • This slide from Laura Chappell summaries these Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 117 802.11 Frame Types Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 118 802.11 Filters • Filters can be created to show just some of these frames types • Examples include as she goes on to say Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 119 802.11 Filters Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 120 802.11 Filters • Other filters she lists include – 802.11 retransmissions • wlan.fc.retry == 1 – Probe requests • wlan.fc.type_subtype == 0x05 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 121 Wireless Analysis Procedure • When analyzing a wireless network these steps provide a good procedure to follow in order to assess how well it is working as well as to identify problem areas • This procedure was suggested by Benjamin Miller in a 2009 White Paper from Global Knowledge Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 122 Wireless Analysis Procedure • Steps – Look for interference signs • Data rate used • Percentage of retransmissions Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 123 Examine Data Rates • As Mr. Miller writes – WLAN analyzers are able to indicate the exact data rate of every transmitted frame – If you know how to use your analyzer correctly, you can use filters to see what data rates are being used on a channel, or by an AP, or even by a single station Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 124 Examine Data Rates – If you see a station that is consistently sending and receiving low rate frames, that’s a great indicator that there could be RF problems in the area – It can mean the difference between wondering and knowing if the wireless link is causing a user’s problems Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 125 Compute Retransmissions • The percentage of retransmissions is a key measure of the amount of interference being seen on the network • Lets let Mr. Miller describe this process – Retrys are retransmitted frames – 802.11 frames may require a retransmission for any number of reasons: interference, simultaneous data transmission, obstructions, etc Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 126 Compute Retransmissions – Whatever the reason, the bottom line with retransmitted frames is that they are wasted time on the wireless channel – The same data is being transmitted more than once, thereby decreasing channel efficiency – Now, sometimes it gets a bit confusing because a WLAN analyzer will give retry and error statistics Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 127 Compute Retransmissions – Those two sets of data would seem to be redundant, but actually, they are distinct – Retrys are indicated in the 802.11 header – That means that Retry statistics are network statistics – The percentage of Retrys shown in a wireless sniffer is the actual percentage of Retrys on the network Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 128 Compute Retransmissions – Errors, on the other hand, are indicated by having the receiving network interface (in this case, the wireless adapter that’s being used for sniffing) calculate the 802.11 frame check sequence (FCS) value after receiving the frame – Because the FCS is calculated by the card doing the sniffing rather than an actual station or AP on the WLAN, errors being seen in a WLAN analyzer are not necessarily network errors 129 Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com Compute Retransmissions – Errors are really a channel statistic – If the channel has interference near the wireless sniffer, or if the transmitting AP on the channel is too far away, then error percentages will increase – The bottom line here is that you don’t want to look at the error percentage in a WLAN analyzer if you are trying to gauge the health of a network – You want to look at the Retry percentage Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 130 Compute Retransmissions • As mentioned elsewhere in this presentation a filter can be used to display just the retrys • Miller expands on this when he writes – For example, let’s say you want to analyze Retrys – Wireshark allows you to create a Retry filter using a series of specific steps – You first navigate to the Main Toolbar Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 131 Compute Retransmissions – Click the “Edit/Apply Display Filter” icon – From there, you can click “New” and give your filter a name – After you’ve named your filter, click “Expression” to get to the proper command – Under the IEEE 802.11 tree of the Field name area, you’ll see the wlan.fc.retry command. Select that, configure the value to equal 1, and you’ve got your Retry filter Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 132 Compute Retransmissions – Once you’ve got a Retry filter created, you can capture as little or as much data as you’d like – When you’re finished, apply the Retry filter by clicking on the “Edit/Apply Display Filter” icon and selecting the Retry filter you previously – When you click “OK” or “Apply,” all nonretransmitted frames will be filtered out of the Wireshark display Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 133 Compute Retransmissions – To analyze the percentage of Retrys – which is really the important thing when looking at a WLAN – navigate to the Statistics menu and select “Summary” – Now you can compare what was captured (everything) against what is displayed (Retrys only) in order to calculate a Retry percentage – Now you may want to drill down and see which station or AP is sending all of these Retrys Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 134 Compute Retransmissions – In Wireshark, there are wireless statistics, but they don’t cover the parameters that really affect WLAN performance like Retrys and data rates – You can still calculate the Retry percentage of a specific device, but you have to create multiple filters and then run the calculations yourself Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 135 Compute Retransmissions – For example, you could create one filter for frames with your AP as the transmitter address and then another filter for retransmitted frames with your AP as the transmitter address – You could run both filters and write down the Statistics Summary for each one Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 136 Compute Retransmissions – If you see 420,000 total bytes transmitted by the AP and 42,000 bytes of Retrys transmitted by the AP, then you know you’ve got a 10% Retry rate for that AP Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 137 Common User Complaints • Let’s next discuss some common user complaints related to wireless networks and how we might approach solving these problems • As always the first step is to ask what just happened, what changed • If that does not suggest a course to follow, then begin to isolate the problem domain Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 138 Common User Complaints • These common complaints include – The wireless network is slow – There is no wireless network at all – There is no wireless connection to a device Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 139 The Wireless Network is Slow • The first thing to do is to check to see if the wireless network is up at all – The users might be connecting to a nearby open network or a rogue access point • To check this any device or program that displays wireless access points and signal strength can be used • For example, here is the output shown by Inssider from MetaGeek Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 140 2.4 GHz Access Point Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 141 5 GHz Access Point Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 142 The Wireless Network is Slow • Compare the current access point list to the baseline list – In this example the wireless network is available and both access points are showing up with the correct SSID – Each one is issuing a strong signal Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 143 The Wireless Network is Slow • If the expected access points are there, are all of them operating – The access points may be showing up on a list as they are issuing beacon frames or responding to probe request frames, but they may not actually be passing the wireless traffic through to the wired network at the expected data rate – A ping test will check this Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 144 The Wireless Network is Slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 145 The Wireless Network is Slow • The slowness may be due to the user connecting to an access point that is farther away from their location than they should be connecting to – See what access point a sample of clients are connected to Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 146 The Wireless Network is Slow • If they are connecting to an access point further away than they should be, then either the expected access points are overloaded or otherwise not working as expected Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 147 The Wireless Network is Slow • If the wireless network is up and running as it should be, interference may be causing throughput to be lower than expected • This interference may be due to 802.11 devices or to other pieces of equipment using the same band Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 148 The Wireless Network is Slow • A spectrum analyzer that can show both the spectrum and 802.11 devices overlaid on the spectrum is the most useful for this • For example, Chanalyzer from MetaGeek will display this • First for the 2.4 GHz range with and without the network overlay • Then for the 5 GHz range with and without the network overlay Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 149 The Wireless Network is Slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 150 The Wireless Network is Slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 151 The Wireless Network is Slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 152 The Wireless Network is Slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 153 The Wireless Network is Slow • Finally look to see if an access point is overloaded • Typically only 15 to 50 users should be passing traffic through an access point depending on the type of traffic • Log into the access point itself to see how many devices are attached to it • For example Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 154 The Wireless Network is Slow Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 155 There is No Wireless Network • In the next case the users are saying there is no wireless network • The first thing to do is to see if the wireless network to which they should be connecting is showing in their area • It might be that one network is there, but not the one they need Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 156 There is No Wireless Network • For example, a secured network might be seen, but not the open access one for visitors Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 157 There is No Wireless Network • Use a tool such as Inssider to see if the SSID they need is showing • Next see if the access point that should be providing service to their area is up and transmitting at the expected strength and data rate Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 158 2.4 GHz Access Point Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 159 5 GHz Access Point Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 160 There is No Wireless Network • If it is not, then find out why the SSID or access point is missing Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 161 A Device Cannot Connect • In this last case a single device cannot connect • The configuration of the device should be examined – Is it looking for the correct SSID – Is it looking for the correct channel – Does it have the required security settings – Should the NIC driver be reinstalled or updated Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 162 A Device Cannot Connect • If all of this is correct, then examine the access point – Is it set to filter out all but certain MAC addresses • If the device is to and through the access point, is there something on the wired network stopping just it, such as an Access Control List or other security setting Copyright 2005-2013 Kenneth M. Chipps Ph.D. www.chipps.com 163