What does FHSS have to do with the $10 bill?



The US Treasury department thinks that we need a woman on the $10 bill.  I don’t know why they want to take Old Hamilton off because he was for the central bank in the first place, but this is a tech blog not a political one.

So I nominate Hedley Lamarr! Sorry that’s Hedy Lamarr…

Hedy Lamarr was born in eastern Europe and fled to America during the rise of the Nazis and Facists.  She became a leading woman in Hollywood and is known as one of Hollywood’s most beautiful.  However few know that her intellect rivalled her beauty.

With the help of her Hollywood composer neighbor, George Antheil, she developed Spread Spectrum and Frequency Hopping technologies to thwart the jamming of Allied radio communications by the Axis.  Wifi, CDMA, and Bluetooth are all based on the work he initiated.

Differences between FHSS and DHSS:

  • DHSS has higher throughput than FHSS (as much as ten times)
  • FHSS resists jamming nlike DHSS
  • DHSS is much more efficient in an outdoor environment.
  • FHSS does well indoors as it reacts more efficiently multipath
  • FHSS is more suceptible to narrowband noise than DHSS
  • DHSS combats microwave oven interference  better than FHSS
  • The synchronization of FHSS is a fraction of that used by DHSS
  • DHSS suffers more from the challenges of Near-Far than FHSS




Using WiFi to overcome a weak cellular coverage

credit: Ankit Tuteja
credit: Ankit Tuteja

So we have all had issues with our cell phone.  So says Ankit Tuteja in an article which gives some ideas on boosting performance which you can find here:       http://www.ibnlive.com/news/tech/no-signal-6-simple-tricks-to-help-you-get-better-mobile-connectivity-1000301.html   But wait “…you are  WiFi Superman, not SmartPhone Superman” you say.  This is true but there is much overlap in the RF/Wireless world not to mention within devices like SmartPhones.  This leads me to my next point.  If you have a bad cell signal for voice or data you can sometimes fix this by establishing a good WiFi connection.

In addition to Mr. Tuteja’s tips on boosting your cell phones performanceI recommend the following workarounds:

  1. For voice Issues use Skype, Google Voice, or others listed here:  http://www.makeuseof.com/tag/fed-up-with-skype-here-are-6-of-the-best-free-alternatives/
  2. For Data Issues tether your device to a friend who has stronger coverage from a different provider.  To find out more about tethering / mobile hotspots check out this article:  http://www.pcadvisor.co.uk/how-to/mobile-phone/how-use-your-smartphone-as-wi-fi-hotspot-ios-android-windows-phone-3441165/
  3. To help your signal for both voice and data use BlueTooth or even better an ear bud as it will reduce attenuation of the device while reducing your brain’s exposure to LTE, WiFi, and BlueTooth (if you choose the ear bud option)

I hope between the info in this blog and in Ankit’s article your mobile experience will be a little better each day!

Using WiFi to find Someone?


How could WiFi Superman use his knowledge of 802.11 technologies to help apprehend the escapees of the Clinton Correctional Facility?  Well first we will need to suspend reality a bit as inmates get very limited access to the Internet and cell phones are strictly forbidden.  But in our little story let’s suppose that the accomplice of this love triangle, “Tillie” Mitchell, gave the escaped convicts her smart phone.

So at the Clinton Correctional Facility there is a BYOD network that Tillie uses for her smart phone.  Let’s say that law enforcement finds out that she gave her phone to the escapees.  There are a couple avenues a crime fighter could take, although a little far-fetched it would be possible.  The first thing that could be investigated is what the MAC address of the wireless card was.

This could be determined in several different ways.  Most of the WiFi manufacturers have client information that will remain in memory for some time, if we knew the hostname of the device we could correlate this.  ClearPass and ISE will have data regarding clients and may allow us to narrow down to a handful of MAC addresses if we only know the make and model of the device.  Once we have a MAC or a few MACs then we can proceed to search for these on the airwaves.

Let say Richard Matt has relatives in Albany and police have a strong suspicion that he is on the lam and hunkered down in Albany.  WiFi Superman could war-fly (akin to war-driving) until he finds the MAC address and try to pinpoint the building where they are hiding.  If Optimum Online was willing to help they could look for the MAC and if they saw it on 3 or more access points we could locate them by triangulation.

Now let’s say we have no idea what the MAC address is.  Another plan of attack could theoretically work.  Clients discover networks in one of two ways: passive or active.   The prison has a specific SSID for its BYOD and we know what it is.  When scanning the client is looking for info on available wireless networks.   In the passive scan the wireless NIC listens for beacons or probe responses.   Beacons will not help us.  They could hurt our effort if an access point happened to be broadcasting the same SSID.

In active scanning the wireless client SSID portion of the probe request is NULL or empty.  This is also of no use to us.  However in an active scan the probe request will request info in one of two manners.  The client will either ask “Is anyone there?” (FF:FF:FF:FF:FF:FF).  The client’s other option is to ask “Are you there Bill?” this request contain specific SSIDs stored in the clients wireless profiles of the clients software (e.g. Wireless Zero Config).  Since we know the SSID from the prison we can snoop for the SSID.  By putting a laptop in promiscuous mode and collecting all packets in an area we suspect the duo to be hiding we can later filter packets to show only probe requests and further filter on the SSID.

And there you have it, if we see the SSID in question we could ascertain is the inmates are in the area.  It is a little far-fetched, but super hero work always is.

WiFi for Chicks & Jocks…



WiFi for Dummies sounded too cliche and I suspect is a registered trademark, so I am going with WIFI for CHICKS & JOCKS.  This topic reminds me of when my old friend and former governor of California called WiFi Superman asking for help understanding WiFi.  He explained that although he had played superheroes, he was not actually a superhero nor was he extremely technical.  So I will try to recreate the primer I shared with him, this will teach you the basics.

WiFi is a technology that uses radio-frequency waves (electro-magnetic energy) that allows devices to communicate.  The standards that WiFi adheres to were developed by the IEEE under 802.11 (there are numerous amendments).  Two other bodies exist to regulate and provide interoperability for you and your WiFi devices.

The FCC regulates which frequencies you can “talk” on and how many watts are allowed.  The WiFi Alliance certifies devices by testing the functionality of devices to make sure that they comply with 802.11 standards and the amendments that add features and functionality.  The FCC is responsible for fining Marriott Hotels for jamming non-hotel signals as WiFi operates in an unlicensed frequency band and therefore anyone can transmit or receive on those bands.  The WiFi Alliance is responsible for making sure that your Dell laptop’s WiFi card can secure and communicate with  your Linksys wireless router.

WiFi exists in the 2.4 GHz (ISM band) and 5.0 GHz (U-NII) bands.  Not all cards support both.  802.11 started with data rates of 1 and 2 Mbps.  After amendments a,b,g,n,and ac we are looking at data rates in the Gbps range.  802.11n and 802.11ac have included many enhancement such as MIMO (multiple-input and multiple-outputand beamforming that make these high-throughput (HT) data rates possible.  Now might be a good time to get a cup of coffee if your brain is exploding or if you have had enough.


Okay apparently you want to know more.  So what is an Ad-Hoc network?  Essentially an Ad-Hoc network is a wireless network that does not use an Access Point as the central point of communication.  In an Ad-Hoc WLAN one device acts as the central coordinator (like a cell-phone Mi-Fi).  Having your device set to deny ad-hoc connections is a good security practice otherwise it is easy to be compromised by someone.  Other good practices are to avoid Open SSIDs as they do not use encryption and leave you vulnerable to eavesdropping.

“warchalking”           symbol for an             open SSID

So when setting up your home WiFi always use the strongest encryption.  Choose WPA2 over WPA,  AES over TKIP, and never use WEP: an easy WEP passphrase can be broken in seconds.  If you have advanced hardware and some time and patience you may be able to set up 802.1x/EAP as opposed to just PSK.  This also increases your security,  using 802.1x/EAP will prompt a mobile device for username and password.  The keys used by the AP when you use this method are more complex and change more often, they are therefore superior.

I remember Arnold had a specific question for me.  He asked, why is it that my wireless is always set to CHANNEL 6?”  I explained to the Governator that there are 14 channels in the ISM band, however one can only use 1 through 11 in North America.  Out of these 11 channels there are 3 that do not overlap.  They are 1, 6, and 11.  For some reason manufacturers almost always default to channel 6.


I think that is enough for the first WIFI for CHICKS & JOCKS.  If you have specific questions you can leave me a message and I will reply on this blog.

Heating up Wifi with Heat Maps


Patrick Hubbard of SolarWinds has written an article called “Wi-Fi heat map: Secret weapon for wireless network admins”.


It is an interesting read and I agree with most of the article.  I will present one warning: heat maps are only as good as the information that has been fed to them.  When loading maps into WNMS systems it is critical to calibrate the floor plan accurately otherwise your coverage will be over or under represented.  Some systems allow you to select polarization of antennas this orientation is also critical for keeping the prediction somewhat accurate.  If you do not add attenuation values for objects like walls, doors, and windows then the heat map is just a general estimation.  Adding attenuation will make the prediction more realistic.

So as valuable as it is to see the estimation of your RF coverage, remember it is not a panacea and only as good as the info it has been fed.


Coaxing Wifi Clients to make the right choice…

cant make me

It is a wireless client that determines when it will roam and to which access point it will roam.  All we can do as designers is design and implement WLANs that make the clients’ decisions better.  There are also two amendments to 802.11 that aid in this effort.

802.11k and 802.11r (which have been rolled up into 802.11-2012) were both spearheaded to aid clients in making wise roaming choices.  If a client can roam faster and roam to the access point that will provide the best performance, all clients in the ESSID (a group of APs that share the same SSIDs and corresponding security) benefit.

802.11r or Fast BSS Transition (FT) is an amendment that provides for continuous connectivity via faster secure roaming.  This is achieved in the following manner.  Essentially a client completes a portion of the key exchange and that key is cached and waiting for the client should it roam to that particular AP.  This reduces the time it takes to complete a secure roam between APs.  There is another less-robust method that exists called OKC (Opportunistic Key Caching).

802.11k or Radio Resource Management (sometimes referred to as RRM).  The purpose of 802.11k is to help a mobile unit roam to the best possible access point.  Wikipedia list 4 steps how RRM achieves this…

  1. Access point determines that client is moving away from it.
  2. Informs client to prepare to switch to a new access point.
  3. Client requests list of nearby access points
  4. Access point gives site report
  5. Client moves to best access point based on report

So no Mr. Mobile Client we cannot make you roam, but we can use the recommendations that the IEEE made to give you a strong incentive.  There is yet one more amendment which I know little about (802.11v) and it seems not many others know much about.  Furthermore it has not received much traction by vendors.  There is some interesting info posted on Ben Miller’s blog…



What’s in a (WiFi) word?


If I need a new WiFi access point, should I get an 802.11n access point, one that follows 802.11 Clause 20 access point, or an HT access point.? Why not get them all?  That’s easy enough you see because they are all the same!

Let’s look at how this whole mess began.  The IEEE created the 802 family of standards in 1980.  You probably recognize 802.3 as Ethernet and maybe even 802.5 for Token Ring if you’ve been around like me.  The IEEE specifications that I deal with on a daily basis are 802.11 (WLAN) and 802.15 (WPAN).  Way back in 1997 the original 802.11 standard was born and soon followed by 802.11a and b in 1999.  802.11g was born in 2003 which used the same modulation as 802.11a and ported it to 5.0GHz.

By the time 2007 came around the IEEE decided to reboot the standard to 802.11-2007 by rolling up all the amendments (a,b,d,e,g,h,i,j) into this one.  The clauses are a little confusing and to make matters worse they changed in 2012 after a subsequent roll up.

Here are all the amendments (from Wikipedia) up until 2012…

  • IEEE 802.11-1997: The WLAN standard was originally 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and infrared (IR) standard (1997), all the others listed below are Amendments to this standard, except for Recommended Practices 802.11F and 802.11T.

  • IEEE 802.11a: 54 Mbit/s, 5 GHz standard (1999, shipping products in 2001)

  • IEEE 802.11b: Enhancements to 802.11 to support 5.5 Mbit/s and 11 Mbit/s (1999)

  • IEEE 802.11c: Bridge operation procedures; included in the IEEE 802.1D standard (2001)

  • IEEE 802.11d: International (country-to-country) roaming extensions (2001)

  • IEEE 802.11e: Enhancements: QoS, including packet bursting (2005)

  • IEEE 802.11F: Inter-Access Point Protocol (2003) Withdrawn February 2006

  • IEEE 802.11g: 54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003)

  • IEEE 802.11h: Spectrum Managed 802.11a (5 GHz) for European compatibility (2004)

  • IEEE 802.11i: Enhanced security (2004)

  • IEEE 802.11j: Extensions for Japan (2004)

  • IEEE 802.11-2007: A new release of the standard that includes amendments a, b, d, e, g, h, i, and j. (July 2007)

  • IEEE 802.11k: Radio resource measurement enhancements (2008)

  • IEEE 802.11n: Higher-throughput improvements using MIMO (multiple-input, multiple-output antennas) (September 2009)

  • IEEE 802.11p: WAVE—Wireless Access for the Vehicular Environment (such as ambulances and passenger cars) (July 2010)

  • IEEE 802.11r: Fast BSS transition (FT) (2008)

  • IEEE 802.11s: Mesh Networking, Extended Service Set (ESS) (July 2011)

  • IEEE 802.11T: Wireless Performance Prediction (WPP)—test methods and metrics Recommendation cancelled

  • IEEE 802.11u: Improvements related to HotSpots and 3rd-party authorization of clients, e.g., cellular network offload (February 2011)

  • IEEE 802.11v: Wireless network management (February 2011)

  • IEEE 802.11w: Protected Management Frames (September 2009)

  • IEEE 802.11y: 3650–3700 MHz Operation in the U.S. (2008)

  • IEEE 802.11z: Extensions to Direct Link Setup (DLS) (September 2010)

  • IEEE 802.11-2012: A new release of the standard that includes amendments k, n, p, r, s, u, v, w, y, and z (March 2012)

Here is a handy little translator that explains further changes in the clauses from 2007 to 2012:



So that explains some things that are usually a little cloudy.  IEEE specs are not the only area in the wireless arena that can be confusing.  People’s definitions of Guest and BYOD often vary.  My understanding is that Guest is usually a specific type of BYOD, whereas BYOD implies that the user is an employee but owns their own mobile device.


Remember that networking is very technical stuff and knowing terms and what acronyms stand for can be half the battle.  I will spare you all the discussion on MPDU versus PSDU, I guess that will be a future blog.


Which wireless certification is right for you?



You want to get certified in the WiFi field, but which one is right for you?  Well Clark Kent will help you decide.  I presently have certifications granted by 3 of the biggest WiFi vendors and 3 vendor-neutral certifications.  First lets look at the biggest vendors out there.  Cisco bought Meraki in 2013 so that kept them in the top slot.  HP bought Aruba keeping them at a strong #2.

CWNP was founded by Planet3 Wireless but I think is simply CWNP now.  There are a total of 5 tests in the certification track.  CWTS, CWNA, CWSP, CWDP, CWAP

CWNP certs


I have taken all of these (except I skipped the CWTS)  I have passed all the exams except the CWAP which I am presently working on.  These are great exams that really dig into RF and 802.11.  They also test your knowledge of “the tools of the trade” like packet analyzers and spectrum analyzers.  The tests vary in price from $150 to $225.  It is good idea to get one of the bundles from CWNP.  They offer a bundle with practice exams, textbook, and exam voucher for $325.  At present there are only 163 CWNE’s in the world.  This certification is real deal.  Pass the CWNA and the 3 Professional level certs and you are eligible to apply for the CWNE.  After publishing WiFi related material and verification of employment and good character, the CWNP board will grant you CWNE status.

More info at CWNP website:          www.cwnp.com/certifications/

Cisco has a Wireless certification track which follows the same model as their other tracks take the CENT entry-level networking exam based on routing and switching.  Then take the CCNA.  To achieve the CCNP you will need to pass 4 exams.  The exams are based on Site Survey, Voice/QoS, Security, and Mobility (this encompassed RTLS, WNMS, and MESH).  Once you achieve this (which I have) you can go for the CCIE, that is only if you are a masochist.  I have passed the CCIE written, but failed the CCIE practical exam twice.  I am not 100% sure but I think I will subject myself to this again in the future. There are also very few Wireless CCIEs.  Cisco does not publish the exact number but it is around 150 last it was referenced.  The Cisco track is very vendor-specific and not nearly as deep as the CWNP in IEEE and RF fundamentals.  The exams vary from $125 – $250 for associate and professional level.  The CCIE written is $400 and the lab is $1600.

Cisco wireless certification page:


Aruba (an HP company) offers a similar track as Cisco to advance in the Aruba WiFi realm.  Aruba offers the ACMA, ACMP, ACMX and ACDX.  I presently hold the ACMA and the ACMP.  I would say that the Aruba is a hybrid of the Cisco and CWNP tracks as it is vendor-specific but strong on standards as well. Aruba’s exams are all $125 except for the expert level exams, they are $1000.  There is another track that is interesting and helpful; it is for Aruba’s ClearPass.  ClearPass is an access management platform that is great for BYOD and Guest Access as well as TACACS and RADIUS.

Find out more from Aruba here:


Meraki also has a certification called the CMNA.  It is based on taking a class and completing the labs and an exam.  I did complete this certification but it is in a different class of certs.  It is not taken at a Pearson Vue and it is free of charge.  Many of the vendors have this type of certification.  I have done these for Enterasys, Symbol, and Motorola in the past.  In general certifications are a great way to further your knowledge and education while increasing your potential for earning more.  Good luck and Happy studying!



How do Bluetooth and WiFi coexist?


Bluetooth and WiFi share a frequency band.  So how do they peacefully coexist?  WiFi on the 5.0 GHz range avoid Bluetooth altogether.  However what strange magic allows them to operate side by side?

 Both Bluetooth (802.15) and WiFi (802.11) share an 87 MHz swath of the ISM band.  Bluetooth uses Frequency Hopping Spread Spectrum (FHSS) and jumps around 79 different 1 MHz channels.  WiFi uses Direct Sequence Spread Spectrum (DSSS) and uses a 22 MHz channel.  There are 11 channels in the ISM band but they overlap each other.  So properly implemented networks will be implemented on one of three non-overlapping channels (1,6, and 11).

So when a Bluetooth radiator hops to channels within the same 22 MHz channel the WiFi stations are communicating, there is interference.  How “loud” the signals are and how close the radiators determine how much interference occurs.  Typically the latest hardware of both WiFi and Bluetooth operate harmoniously.

When Bluetooth does experience significant interference it hops to the next channel in an attempt to avoid the interference.  Bluetooth is similar to the now extinct protocol Token Ring (802.5) which used collision detection.  Wifi, unlike Bluetooth and Token Ring acts more like Ethernet (802.3).  Both Ethernet and WiFi use Collision Detection to combat collisions.  The competing stations determine a random backoff time and retry communication.  In addition 802.11bg networks with rate shift to slower data rates in an attempt to lower the BER (Bit Error Rate).

There are situations where harmonious coexistence will not be possible.  I did work for a well-known  electronic gaming company.  There was a floor with scores of quality control analysts with 3-4 gaming consoles all of which necessarily use Bluetooth.  Designing a WiFi network to operate efficiently in this environment was certainly a challenge.  Depite copious contention both continued working quite well.  Kudos to the IEEE (who set he standards for both 802.15 and 802.11).

 To learn more check out the following videos…

geekyranjitexplains (Aug 8, 2013). Understand WiFi Routers Basics – Part 1 Geekyranjit Explains. Retrieved from


profgustin (Apr 9, 2012). Android – Intro to Bluetooth. Retrieved fromhttps://www.youtube.com/watch?v=M5_EJ27xjMU



RF hero MIMO converts multipath to good


By now you have probably heard about 802.11ac which boasts data rates up to 1.3 Gbps.  If you haven’t I imagine you know about 802.11n.  So what makes these IEEE standards so good?  Well for one thing the “N” standard introduced Multiple Input/Multiple Output or MIMO.  Now hold that thought for a moment…

Back in the days prior to 2009 we had this ugly problem called Multipath.  To an RF signal there are many forces of evil working against successful transmission.  Reflection (RF Energy bounces off a smooth surface predictably), Diffraction (waves bend around sharp objects), and Scattering (RF Energy reflecting off the texture of a varied surface like stucco);  these are just some of the nefarious foes RF faces daily. Multipath is how RF energy waves react when parts of the wireless transmission meet at the antenna with differences in time and geometry.  Back in the beginning of the millennium multipath was a problem that was addressed by using antenna diversity.

If there was really a superhero called MIMO it would be Dr. Greg Raleigh.  The Qualcomm innovator was responsible for the development of MIMO which Qualcomm defines as follows: “MIMO systems divide a data stream into multiple unique streams to take advantage of multipath signal reflections to actually improve radio transmission performance.”  So when MIMO combines with other enhancements like TXBF, STBC, and SGI we see data rates really sky rocket.  To find out more about 802.11n and 802.11ac follow the links below.










Everything wireless: cut the cord and hack your life!