Eye P.A. Update

Today marks the release of an update to Eye P.A., our packet analysis and visualization software.

Most noticeable is a new paint job for the treepies and timeline. This new color scheme comes as a result of feedback when looking at Eye P.A. at a distance from a non-standard viewing angle. I realize how weird that sounds, but hey, it looks pretty awesome now. One of our beta customers complimented the “crispness” of the visualization, and the smoother loading indicators.



Also new in this release are persistent columns in the Packets Table, faster crunching of large captures, and fixes around exporting to the latest version of Wireshark.

Feedback from customers like you is what helps ensure our software keeps getting better. If you ever have any questions, comments, or concerns, don’t hesitate to reach out via Twitter @metageek or via our KB at http://support.metageek.net.

Until next time,

Comments Off

Cities With The Best Wi-Fi Connection

Did you know that Google Fiber has an average download speed of 190.45 Mb/s? Thats over 22x faster than the national average of 8.6Mb/s.

Check out the Infographic below for more interesting facts on Wi-Fi coverage! 

  Cities-with-Best-Wi-Fi-Coverage_IG-ForRent.com_   Infographic courtesy of ForRent.com

Comments Off

Are you seeing ALL Wi-Fi channels?

While teaching a Wi-Fi class recently, I had a conversation with one attendee that I’ve had more than just a couple of times before. It went something like: “Hey MetaGeek guy. Why doesn’t inSSIDer on my brand new laptop see this 802.11n network on channel 116, but my beat up Android phone does. What gives?” Without surprise, I looked over his shoulder and sure enough the phone displayed the network in question, while the shiny new laptop did not.

So what’s going on here?

It all has to do with a combination of things including thunderstorms, jet airplanes, the FAA, the FCC and various types of airport weather radar.

Let me explain: radar is used at airports and by the military in the United States and around the world to detect things like wind shear, which is quite a threat to jet traffic and has caused a number of plane crashes. In response, this specific weather radar technology was invented to make navigating through storms safer for pilots. However, in North America, radar uses the frequencies that inhabit the 5 GHz Wi-Fi channels 100 to 144. And, to allow that the radar gets uninhibited priority, every Wi-Fi base station must make sure that if it hears a radar pulse on those channels, it must move off of those frequencies in order to not interfere with radar operation. This FCC-mandated feature is called DFS—Dynamic Frequency Selection.

Not all Wi-Fi client devices see all channels

Here’s where this gets interesting. Since correct operation of DFS is 1) a matter of public safety and 2) non-compliance results in big fines from the FCC, many Wi-Fi gear makers do not even offer the use of these channels to the end user. Also, some vendors go as far as to not offer any operation with their 5 GHz-capable devices in the entire UNII-2-Ext band where these channels reside (which, by the way covers a pretty large swath of channels), just to be safe.

Valid 5 GHz Wi-Fi Channels

DFS makes up large share of 5 GHz band (Image credit: revolutionwifi.net)

What does this mean?

For starters, the first obvious result is that if your client device does not support the DFS channels or the UNII-2-Ext band you will not be able to connect to a network deployed on these channels. Additionally, since this client device does not scan or listen to beacons on these channels, your Wi-Fi utility will not even see them. This is also true for inSSIDer (and Chanalyzer’s Wi-Fi features) as well as any application that relies on this data. In short, you may not be seeing everything.

What to look for

If you’re interested in having visibility of all the Wi-Fi channels and the networks that may be on them, you’ll have to do some research on the client devices or adapters you buy. We’ve found that most vendors do have the channel capabilities listed in their sales material, although a lot of the time they’re found deep in spec tables at the bottom of datasheets.

Some NICs see DFS channels, some don't

Some NICs see DFS channels, some don’t.

After doing a random spot check on the Wi-Fi USB adapters and client devices that I have, I found that about half have the DFS channels available for inSSIDer, and half do not. If you’re interested in using DFS channels in your Wi-Fi deployment, or you need to look for ALL unauthorized wireless access points in your network, you will want to keep this in mind and make sure your Wi-Fi card sees what you think it sees.

Comments Off

War Kitteh!

Since 1993, Las Vegas has been a destination for some of the world’s smartest security pros, researchers, hackers, and government agents. It’s not the gambling or the magic that bring these White, Black, and Grey Hats to Vegas– it’s DEF CON.

DEF CON has hosted a variety of talks and contests covering myriad hacker-centric interests. One contest, the “Wi-Fi Shootout,” had teams compete to create the longest distance Wi-Fi links (in 2005, Team PAD created a link spanning 125 miles!).

One talk that caught my attention last summer was Gene Bransfield’s “Weaponizing your Pets,” in which the War Kitteh was introduced.


Photo by Tom Brewster/The Guardian

According to Bransfield, he started including pictures of (and stories about) cats during his security presentations. After one presentation an attendee offered loan of his GPS-enabled cat collar, which inspired Bransfield to create a Wi-Fi auditing collar based on the Spark Core development board.

After Coco the kitty ran through Bransfield’s neighborhood, the SD card in her collar had recorded over 20 vulnerable Wi-Fi networks, including GPS information of where they were spotted.

Wouldn’t it be nice to know your Wi-Fi is secure before an Evil Genius Cat Lady deploys an army of War Kittehs in your neighborhood? We’ve got you covered.

No word yet on whether MetaGeek will start development of the Wi-Spy Wallaby for RF Analysis in the Outback, but we will be sure to update our blog with any developments!

Comments Off

MetaGeek launches inSSIDer PCI Compliance

MetaGeek launches inSSIDer PCI Compliance to complete the wireless scanning requirement for PCI compliance.

Recent Gartner research estimated that almost 20% of corporations have rogue APs in their network at some time. Generally these are unknowledgeable or impatient employees. But without scanning your environment you will be unable to tell if this rogue AP is just that, an employee or a malicious intent attacking your wireless network.

For PCI Compliance, the purpose of PCI DSS requirement 11.1 is to ensure you are correctly scanning your network environment to identify rogue wireless devices that could have an adverse effect on the security of your cardholder data.

Working with individuals who are doing these quarterly scans, we have found that many either battle to get the scan done or are using cobbled-together tools that are not doing it correctly, and may actually bring extra scrutiny with their assessor or if they get audited.” says Mark Jensen, our MetaGeek Product Hacker, who has been a part of this new inSSIDer PCI Compliance product team.

With the new MetaGeek inSSIDer PCI Compliance tool, you are able to not only scan your wireless environment but also run and save your report (in CSV or PDF), as well as save your categorizations so you can return to it and run it the next quarter—and every subsequent quarter—in record time.

The ability to save the network categorizations has been super-popular with our beta testers” Mark goes on to say, “this has always been a time consuming process every quarter, but now with this new product our clients are actually able to rerun the scan and most of the networks are already categorized — saving them a lot of time when doing PCI Compliance.”

The MetaGeek inSSIDer PCI Compliance tool does it all for PCI DSS 11.1 audits:

  • Scan 2.4 GHz & 5 GHz bands
  • Remember your network classifications for subsequent scans
  • Export scan results to CSV or PDF

For more information or to purchase a license click here.

inSSIDer PCI Compliance Desktop

Comments Off

Chanalyzer 5 gets new Device Finder

Sometimes interfering devices are so bad and stomp all over your WLAN you have to do something about it. Those cheap-o security cameras, cordless phones, and so on take down YOUR critical WLAN, or at the very least leave you with fewer channels to choose from making things less optimal.

In situations like these just  avoiding the disruptive signal is not an option, you need you actually put eyes on it and see what you can do, whether it be to respectfully ask the owner to power it off .. or to shotgun the blasted thing. What you do with the device is up to you ;-). Leave the signal tracking to Chanalyzer 5.5.

Redesigned UI. More Sensitive.

Device Finder in Chanalyzer 5.5.0

Device Finder in Chanalyzer 5.5.0

Chanalyzer 5.5 brings a new Device Finder UI that helps you focus on the task at hand and walk right up to the offending device. Also, the accuracy and responsiveness of the Device Finder graph is improved as the frequency range is automatically zoomed giving Chanalyzer more data to give you the best possible reading for tracking. Use with Device Finder Directional Antenna, and your 2.4 GHz device hunting is even better.

Get your Wi-Spy and check it out!
Comments Off

Notes and AP Aliasing in Chanalyzer 5!

We’ve just pushed a new update to Chanalyzer 5 that has a couple of really cool new features!

First off, we’ve fulfilled one of the most common feature requests for Chanalyzer: the ability to add notes to your recordings!

The "Add Note" Button

The “Add Note” Button

There are lots of times when adding a note can be helpful for the troubleshooting process– when you move between rooms, change a network setting, or test a device. To add a note, move the Waterfall playhead to the right spot, then click the “+” button. If you find an interfering device, you can even include a photo!

Adding a note is pretty straight forward.

Adding a note is pretty straight forward.

The new “Notes” Tab is home to a list of your notes that allow you to quickly jump to the appropriate point in your recording. There is also an option to add your notes to your report. It’s pretty sweet.

The other new feature is AP Aliasing. This feature allows you to add a custom “nickname” for the access points in your vicinity, whether they’re “your” networks or not:

A snippet of the Networks Table showing custom aliases

A snippet of the Networks Table showing custom aliases

This feature is really handy for keeping track of different radios that share the same SSIDs. Also, if you have Cisco APs, the device names will be displayed in this spot by default (but you can still edit them to be more friendly!).

These new features are pretty cool, and will make your job even easier. If you’re not on Chanalyzer 5 yet, there’s no time like the present!


Comments Off

Announcing inSSIDer Wi-Fi Helper!

When your sister and brother-in-law move into a new house, who do they call for help with setting up a wireless router? When your buddy has streaming issues over Wi-Fi, who’s the one that gets a text pleading for help?

More than likely that someone is you! Keep reading if you want the low-down on an awesome tool that will make you more of a tech hero than you already are.

inSSIDer Wi-Fi Helper is just that.

It tells you (or your less-than-technical relative) exactly what’s up with the network and what to do for it to run as optimally as possible. Just go to each in room in the house, select what kind of wireless activities you do there (web browsing, HD video streaming, etc), and Wi-Fi Helper will scan the Wi-Fi band for congestion from neighboring WLANs. After which, the app will plainly tell you the best channel and encryption to set your gear to to get the best performance and security.

After the channel and security have been changed, inSSIDer Wi-Fi Helper takes it a step further and gives verification regarding the different rooms that have been scanned. Just hit the button in each location and a throughput test is run (upload and download) showing you both the speed in numbers as well as a pass/fail for your desired usage. Dead simple verification.

When done, you get a tidy room-by-room summary with any observed issues that may holding your Wi-Fi back.

We all love our friends and family, we just don’t want to spend all day fixing their Wi-Fi :-). Next time send them inSSIDer Wi-Fi Helper!

Check it out on inSSIDer.com

-Mark Jensen

Product Hacker

Comments Off

Put a (Radio/ESSID) Ring on it!

It’s no secret. We like Radio and ESSID grouping. It’s one of the key features of inSSIDer 4, and recently showed up in Chanalyzer 5, too. So it’s only natural that we decided to take Beyonce’s advice, and put a new ring into Eye P.A.!

Radio and ESSID grouping adjusts the data tables and Treepies in Eye P.A. similarly to our other applications.

Grouping by Radio shows which SSIDs are being broadcast from which APs. The radios present in your capture are listed by their MAC addresses (unless you use a Cisco or Aruba AP, in which case you’ll see the Device Name).

Associated Data Table

ESSID grouping provides lists of networks, and adjusts the counts accordingly.

Having the inner-most ring of the Treepies in Eye P.A. reflect either Radios or ESSIDs means you gain insight into your environment even faster than before.

Here’s a .gif of how the Treepies work when grouping by Radio:


…and with ESSID grouping:


Check out the Eye P.A. page for more on optimizing your wireless networks!

Comments Off

Chanalyzer 5 groups ESSID and Radio

Understanding Wi-Fi topology is dead simple, right? You set up an access point, give the network a name and then connect clients to it. Well, it stays that simple right up to the point you need another AP for more coverage, roaming or capacity, or you need to set up more SSIDs on your APs for different departments, users or guests. One of the inherently cool things about Wi-Fi, IMO, is that it can be scaled and customized this way for your needs by creating Extended Service Sets (ESS) as well as using multiple SSIDs. It’s an awesome example of interconnected cooperation.

How do you know which AP is which? Which network is which?

While these are greatand incredibly necessaryfeatures of Wi-Fi, having multiple SSIDs broadcast from the same radios in multiple APs can get a tad confusing when using Wi-Fi tools. Multiply this by tens, hundreds or thousands of access points in your deployment and it gets complex, to say the least. Additionally, let’s suppose you are not familiar with how the network is set up and you are troubleshooting a problem, or are working on it in some way. In this situation especially, you need all the help you can get to make sense of the scenario.

Chanalyzer 5 now groups by ESSID or by Radio

Taking a cue from inSSIDer 4, Chanalyzer now displays ESSID schemes from the data reported from your wireless NIC. That is, when grouping by “Radio” is selected, it groups them to show which SSIDs are being broadcasted from which APs, which and how many BSSIDs are associated to it and which channels they are using.

Screen Shot 2014-05-09 at 2.37.08 PM

Group by Radio

When group by “ESSID” is selected, Chanalyzer gives the number of BSSIDs and the channels they are on.

Screen Shot 2014-05-09 at 2.40.38 PM

Group by ESSID

In short, it shows you the lay of the WLAN. It’s a simple yet powerful feature that we hope helps you make sense of large WLANs. Download it, grab your Wi-Spy and try it out!

Mark Jensen, Product Hacker

Comments Off