Troubleshooting done Motorola style!

The packets don’t lie. Any CWAP will tell you that. They’re the foundation of what we do in networking and one of the most troublesome things to get your hands on at times. One of the most significant challenges is that you rarely get to capture the ‘radio view’ of your packets. It’s usually a conversation about getting close enough to a radio, or putting an adapter or radio into promiscuous or sniffer mode and listening to what you can hear – this has always seemed somewhat ‘best effort’ to me since there’s always a small chance you’re not listening at the time that a packet is on the air. Wouldn’t it be much better to just have a copy of the packets that hit your Access Points radio interface just copied off somewhere for you to explore at your leisure? That way you have an honest view of what the actual infrastructure is either sending or receiving. Well, that’s exactly what Motorola allows us to do with a superbly easy to use, yet very powerful feature of their Wi-NG 5 Operating System. Once you have a radio up in Wi-NG 5, you can telnet/SSH to the Access Point and use the service pktcap command to capture your packets – while servicing clients!

In order to explore this feature, we need to know what we want to capture (1 client, all packets, arp traffic, etc), how much we want to capture (x number of packets), what direction we want to capture the packets (inbound, outbound, both), and where we want to save the packets to (terminal buffer to look at them, tftp, tzsp, etc). There are far more features that I’m glossing over for the sake of brevity, but this short look should be enough to get even the newest person up to speed! In my example, I want to capture the next 100 packets of all traffic that comes into all radios and I want to save it off to a tftp server.

ap6521-E3BEF4#service pktcap on radio all count 100 direction any write tftp://192.168.3.10/motorola.cap 
Capturing up to 100 packets. Use Ctrl-C to abort.
100
ap6521-E3BEF4#

Let’s dissect this command:

service pktcap on radio all

This tells the Access Point to start a packet capture on all radio interfaces and is the first component of ‘where to capture’ the packets from. You would usually pick a singular radio by using the numeric index (1 through 1024) or just leave it at all for seeing all packets in the air.

count 100

This tells the packet capture service to capture the next 100 packets and can be 1 to 1000000 packets.

direction any

Tells the packet capture service to capture inbound, outbound, or packets in both direction (coming into or leaving the radio).

write tftp://192.168.3.10/motorola.cap

Tells the packet capture service to copy the capture file out to my tftp server (192.168.3.10 in this case – expect yours to be different) and what to name the file (motorola.cap in this case). You can followup this command with a filter keyword to select type of traffic, src, dst, and a whole host of other options to pare down your capture.

Once you’ve captured the file, get it off of your tftp server in whatever way pleases you best (I run samba on my tftp server and can do a direct network neighborhood browse for it) and double click it. If you have wireshark or OmniPeek installed, it should open up into the default view for the packet analyzer and start showing you packets!

Screen Shot 2013-08-27 at 4.28.02 PM

Screen Shot 2013-08-27 at 4.28.09 PM

In all, a very elegant way to get packets out of your Access Points. These are the packets of your clients and the ability to capture them live off of your infrastructure (similar to a wired span port) is an invaluable feature when troubleshooting.

Full disclosure: As a delegate for Wireless Field Day 4 and 5, Motorola gave me an AP6521 and an AP6522 without commitment to comment or blog. If you want to know more about the Motorola wireless portfolio, you should follow @MotWireless on twitter!

Advertisements

The Unstoppable MetaGeek – now with CleanAir!

Rarely does such an organization come around that expresses it’s agility and prowess with as much regularity as MetaGeek. The most recently of which is their ability to use Chanalyzer Pro (their premium Spectrum Analyzer software) to talk to the Cognio chipset in a Cisco CleanAir Access Point. PC based Spectrum Analyzers have had a sordid history to say the least. Way back when, Cognio made what you would call ‘the best of the best’ PC based Spectrum Analyzer. This took the place of many of the bulkier, more expensive Spectrum Analyzers and proved to the world that a) it was important to get Layer 1 visibility for enterprise WLANs and b) that they could make it affordable for most services based partners. Everyone OEM’d the Cognio analyzer, AirMagnet, Fluke, and WildPackets. Along came Cisco. They purchased Cognio, killed off all of the OEM agreements, rolled the hardware into their Access Points, and started selling the Cognio product with the Cisco name on it (Cisco Spectrum Expert). Unfortunately, they didn’t do much with the CardBus product and let the non-AP components stale. The aging interface form factor left quite a few holes in the market and along came a few people here and there to make it all shake out like this (generally):

  • Cisco Spectrum Expert: Highest resolution, CleanAir AP and CardBus form factor, Cognio based
  • AirMagnet Spectrum XT: Middle resolution, USB form factor, bandspeed based
  • AP based Spectrum Analyzers: Low resolution, integrated into many APs, Atheros based
  • MetaGeek Wi-Spy: Low resolution, USB form factor, keyboard controller based

Ryan and team over at MetaGeek did an excellent job of using very affordable components to give us an alternative to the aging CardBus adapter and the newer, more expensive AirMagnet adapter. They were an awesome product for the money but never really achieved huge market penetration due to the fact that the Cognio and bandspeed products still offered higher resolution. With the Cognio hardware all locked up in the Cisco Access Points, it seemed inevitable that we’d never have a good way to access it. Imagine our surprise when at this years Cisco Live event, MetaGeek was there – showing off their integration between Chanalyzer and the CleanAir Access Points! Ladies and Gentlemen, this is the *exact* same Cognio hardware, high resolution Spectrum Analyzer goodness that we all know and love from the old days. When I first heard about this, there was much trepidation about MetaGeek perhaps not being able to address the ‘full power’ of the Cognio (ahem, CleanAir) chip in its rawest form, but I’m here to tell you, when compared side by side with a legacy CardBus based Cognio adapter, the data is identical! The user interface is the updated, Chanalyzer interface with all of the modern enhancements they’ve made over the years with the WiSpy products, but you’re using the high-fidelity data that Cognio gives us. Here’s how it works:

You can connect to a CleanAir AP that is autonomous or lightweight (registered to a WLC) and it can be either servicing clients or in dedicated ‘SE-Connect’ Mode. You get the highest resolution, widest image when it’s in this last mode so let’s start there. Log into your controller, select your AP from the wireless tab and change it from ‘local’ to ‘SE-Connect’. Click Apply and let the AP reboot and join back to the WLC.

Screen Shot 2013-08-12 at 9.02.03 PM

Once it’s joined back, select the AP again and you’ll find both the IP address of the AP and something called the NSI key:

Screen Shot 2013-08-12 at 9.08.06 PM

Lauch Chanalyzer Pro with CleanAir and goto the File Menu. Select the intuitive ‘Connect to a CleanAir AP:

Screen Shot 2013-08-12 at 9.12.25 PM

Once you do that, enter the values from the AP page that you previously saw including the IP address, NSI key and a friendly name for this AP:

Screen Shot 2013-08-12 at 9.13.07 PM

Once you’ve done that, mash the Connect button and you’ll start to see the familiar Chanalyzer Pro interface with all of the wonderful resolution we all grew so fond of all those years ago! For reference, I ran Chanalyzer Pro with CleanAir on the same machine at the same time as a Cisco Spectrum Expert instance (using the CardBus adapter). Aside from the waterfall flowing up in the Cisco product, and down in the Chanalyzer product, you’ll see striking similarities in the respective waterfall views:

Screen Shot 2013-08-12 at 9.21.24 PM

Screen Shot 2013-08-12 at 9.21.41 PM

and at the same time, getting all of the other awesome details out of the Cognio SaGE like interferer auto-classification and AirQuality Index. Proving once again that MetaGeek are the top kids on the block when it comes to innovation and integration – but don’t take my word for it, head on over to MetaGeek, grab yourself a copy and give it a spin!

Full Disclosure: As an delegate of the Wireless Field Day event, I was given a copy of Chanalyzer Pro with CleanAir to play with without promise or commitment to write anything – much less something positive. 🙂 MetaGeek is a regular supporter of the Tech Field day events and generally makes awesome products and is regularly engaged in Social Media – you should go follow them at @metageek and catch up on the NoStringsAttached Show where Blake Krone and I also talk with MetaGeek about Chanalyzer with CleanAir!