Friday, June 26, 2009

Wireless LAN Analysis Virtual Machine

Based on some of my experiences at the Sharkfest conference last week. I decided to start working on a new little 'side project' - getting a Virtual Machine developed for simpler Wireless LAN Analysis. The idea is to get a Virtual Machine that can easily be moved to different platforms, Mac, PC, Linux laptops that can perform Wireless LAN Analysis consistently across platforms. In order to do this... and since VMs can't have access to the PCMCIA hardware directly... I will have to use all USB-based devices. I've already configured one to work with Metageek's WiSpy spectrum analyzer, Wireshark's AirPcap (with three working together to cover channels 1, 6, and 11) Now on to work on getting AirMagnet's one supported USB device to work as well.

Any feedback or ideas you'd like to see in a Wireless Analysis 'Toolkit' would be helpful.


Saturday, June 20, 2009

iPhone 3G S Upgrade

I know people call me the 'gadget man' - even to my face sometimes. And so to stay on the 'cutting edge' of gadgetry, I went down on Friday to the local AT&T store and picked up a new iPhone 3G S - only about 15 minutes, in and out.The first thing I did, before even turning it on, was to go to the 'Invisishield' place in the mall to get a little protection put on.

This way I can get a newer phone, Jill can get a much faster phone with more space, and we'll have the 2G to help someone else get onto the iPhone bandwagon. (Perhaps someone who had an iPhone but it somehow stopped working... ;-)

It is a bit faster, has built-in compass, takes videos, and little things like that. It's also 32GB compared to my old 16GB, thus I can carry more videos with me on trips. Additionally, it should have the ability to carry data in the future.

But best of all, it has a much better built-in camera. With auto-focus. It is far superior to the older iPhone 3G I had before.

Here are some comparative photos - things that I use my camera for, like taking pictures of peoples' business cards. (try using this with Evernote to have a great searchable record that's available on you laptop, phone, or via Internet)
Now with this better focus, and better resolution this process will be much improved.

Can you tell the difference between the 3G and 3G S?


This week I had the chance to attend the 'Sharkfest' conference held on the Stanford campus in Palo Alto. Last year I was busy with other work and missed it... this year I had a gig fall through at the last minute. I'm glad it did! Sharkfest was great! - a chance to go and 'hang' with a bunch of other nerds/geeks/techies who like to talk about packets, networking, and stuff.

I was also able to finally put a face to many colleagues I've known and worked with for years, but only via phone calls, twitters, and e-mail exchanges. Quite enjoyable.

The campus was beautiful, the buildings architecturally intriguing, and the weather nearly perfect. (OK, the parking was a bit over a half-mile trek from the classrooms - but I needed the walking anyway)
There were many people here who do fantastic things keeping their own internal networks, as well as the Internet up and running - I was in awe of these folks. I'm not that into the whole wired network infrastructure thing. I'm a Wireless LAN guy. So I picked the sessions that would help me to better understand and work with Wireless LANs.

Hopefully, next year I'll be able to present at the 2010 Sharkfest conference. - Mark it on your calendars as soon as it's announced. You should attend!

Sessions I attended:

  • Ray Tompkins - How Protocols Work
  • Loris Degioanni (AirPcap) - Sneak Peek at Wireshark and Pilot - Cool Things!
  • Betty DuBois - I've just downloaded Wireshark... Now what do I do?
  • Rolf Leutert - Analyzing WLANs with Wireshark and AirPcap
  • Mike Kershaw (Kismet) - Get Thinking about WiFi Security
  • Ryan Woodings (WiSpy) - Complementing Wireshark in Wireless Troubleshooting
  • Laura Chappell - Network Forensics: Wireshark as Evidence Collector
  • Joe Bardwell - Wireshark Saves the Wireless LAN
Others I got to meet:
  • Gerald Combs - creator of Ethereal/Wireshark
  • Douglas Haider - the 'WiFi Jedi'
  • John Bruno - CACE Technologies
  • Janice Spampinato - CACE Technologies - (Thanks for all your help Janice!)
  • Fyodor - of NMAP fame
In case you missed the conference, most of the presentations are now available at the Sharkfest web page for download. I know it's not as good as sitting at the feet of these 'masters' - but reviewing the slides will be a good start toward adding some more knowledge.
Now for some highlights - in no particular order:

Browse over to this
site and download the latest Wireshark 1.2 - just released with some great new features.
Go and buy one of the new WiSpy 2.4i adapters - the price is only $99 and these are a great addition to your Wireless LAN toolkit. I've been teaching and using the AirMagnet (Cognio) Spectrum Analyzer for years - and it does a great job. But for $99 - EVERYONE who is in the wireless industry needs to have one! Pick yours up
All attendees received an AirPcap usb device for wireless packet capture in a Windows environment. These come in all sorts of 'flavors' from the simple 802.11 b/g 'classic' to a new 802.11n with external antennas. It is the ONLY way to do full 'promiscuous mode' capture of wireless frames on a Windows platform. You can find them
When you put three of them together, you have the ability to capture through a 'virtual' driver that allows you to see 'all' packets on channels 1, 6, and 11 simultaneously. The best way to help troubleshoot a roaming client. The drivers come with it, and work directly in Wireshark.

Use the Wireshark 'Wireless Toolbar' to be able to change and adapt your data capture on the fly.

Add appropriate Wireless specific columns to Wireshark to get the most out of your analysis.

Color code Wireshark to support wireless analysis better. Make special color sets for Management, Control and Data frames. (and even subsets of those for better analysis)
I'm very excited now to have seen lots of Macintosh folks at the conference - using Wireshark, either in a native mode (wireless doesn't work - only wired), or running in a VM or Parallels using USB devices. I've been prepping a couple of VMs to run on my Macbook 13" Unibody as a wireless analysis platform... cool!

If you haven't played with the CACE Pilot... go online and request an evaluation. The current version is fantastic. A great addition to the 'normal' Wireshark interface. With Pilot you can do much easier, pretty, and detailed analysis of your captures. Loris did a demo of some of the new features in the 2.0 product (to be out in a month or so) that will really 'blow your socks off' with respect to analyzing your network traffic and to help in troubleshooting.

The 'WiFi Pilot' is a subset of the full blown 'Pilot' product - but for me in my industry, it will give me a big step up from the simpler Wireshark analysis. I can't wait to get some 'face time' with the WiFi Pilot.

Go over to Laura Chappell's
site for more training and learning. Or at her new site with more online training.

By the way, I was reminded this week of what a great presenter Laura is. We travelled and taught together for years - through the White Hat, NAST, etc. class series... but it's been awhile since I've sat in one of her classes. I was again impressed with her inate ability to work the 'techie' crowd. Just the right about of humor, tech, stories, and information. Well done Laura!

Kudos to all the other presenters as well. I've been in this training/consulting/presenting business for many many years, and this was a great group of techincal presentations - based on experience, sprinkled with humor, and yet still able to deliver hard-core technology that the attendees can use.

Congratulations on all those who made this a great conference!

'The Shark... Go Deeper"