Using WiFi to overcome a weak cellular coverage

credit: Ankit Tuteja
credit: Ankit Tuteja

So we have all had issues with our cell phone.  So says Ankit Tuteja in an article which gives some ideas on boosting performance which you can find here:   But wait “…you are  WiFi Superman, not SmartPhone Superman” you say.  This is true but there is much overlap in the RF/Wireless world not to mention within devices like SmartPhones.  This leads me to my next point.  If you have a bad cell signal for voice or data you can sometimes fix this by establishing a good WiFi connection.

In addition to Mr. Tuteja’s tips on boosting your cell phones performanceI recommend the following workarounds:

  1. For voice Issues use Skype, Google Voice, or others listed here:
  2. For Data Issues tether your device to a friend who has stronger coverage from a different provider.  To find out more about tethering / mobile hotspots check out this article:
  3. To help your signal for both voice and data use BlueTooth or even better an ear bud as it will reduce attenuation of the device while reducing your brain’s exposure to LTE, WiFi, and BlueTooth (if you choose the ear bud option)

I hope between the info in this blog and in Ankit’s article your mobile experience will be a little better each day!

Using WiFi to find Someone?


How could WiFi Superman use his knowledge of 802.11 technologies to help apprehend the escapees of the Clinton Correctional Facility?  Well first we will need to suspend reality a bit as inmates get very limited access to the Internet and cell phones are strictly forbidden.  But in our little story let’s suppose that the accomplice of this love triangle, “Tillie” Mitchell, gave the escaped convicts her smart phone.

So at the Clinton Correctional Facility there is a BYOD network that Tillie uses for her smart phone.  Let’s say that law enforcement finds out that she gave her phone to the escapees.  There are a couple avenues a crime fighter could take, although a little far-fetched it would be possible.  The first thing that could be investigated is what the MAC address of the wireless card was.

This could be determined in several different ways.  Most of the WiFi manufacturers have client information that will remain in memory for some time, if we knew the hostname of the device we could correlate this.  ClearPass and ISE will have data regarding clients and may allow us to narrow down to a handful of MAC addresses if we only know the make and model of the device.  Once we have a MAC or a few MACs then we can proceed to search for these on the airwaves.

Let say Richard Matt has relatives in Albany and police have a strong suspicion that he is on the lam and hunkered down in Albany.  WiFi Superman could war-fly (akin to war-driving) until he finds the MAC address and try to pinpoint the building where they are hiding.  If Optimum Online was willing to help they could look for the MAC and if they saw it on 3 or more access points we could locate them by triangulation.

Now let’s say we have no idea what the MAC address is.  Another plan of attack could theoretically work.  Clients discover networks in one of two ways: passive or active.   The prison has a specific SSID for its BYOD and we know what it is.  When scanning the client is looking for info on available wireless networks.   In the passive scan the wireless NIC listens for beacons or probe responses.   Beacons will not help us.  They could hurt our effort if an access point happened to be broadcasting the same SSID.

In active scanning the wireless client SSID portion of the probe request is NULL or empty.  This is also of no use to us.  However in an active scan the probe request will request info in one of two manners.  The client will either ask “Is anyone there?” (FF:FF:FF:FF:FF:FF).  The client’s other option is to ask “Are you there Bill?” this request contain specific SSIDs stored in the clients wireless profiles of the clients software (e.g. Wireless Zero Config).  Since we know the SSID from the prison we can snoop for the SSID.  By putting a laptop in promiscuous mode and collecting all packets in an area we suspect the duo to be hiding we can later filter packets to show only probe requests and further filter on the SSID.

And there you have it, if we see the SSID in question we could ascertain is the inmates are in the area.  It is a little far-fetched, but super hero work always is.

WiFi for Chicks & Jocks…



WiFi for Dummies sounded too cliche and I suspect is a registered trademark, so I am going with WIFI for CHICKS & JOCKS.  This topic reminds me of when my old friend and former governor of California called WiFi Superman asking for help understanding WiFi.  He explained that although he had played superheroes, he was not actually a superhero nor was he extremely technical.  So I will try to recreate the primer I shared with him, this will teach you the basics.

WiFi is a technology that uses radio-frequency waves (electro-magnetic energy) that allows devices to communicate.  The standards that WiFi adheres to were developed by the IEEE under 802.11 (there are numerous amendments).  Two other bodies exist to regulate and provide interoperability for you and your WiFi devices.

The FCC regulates which frequencies you can “talk” on and how many watts are allowed.  The WiFi Alliance certifies devices by testing the functionality of devices to make sure that they comply with 802.11 standards and the amendments that add features and functionality.  The FCC is responsible for fining Marriott Hotels for jamming non-hotel signals as WiFi operates in an unlicensed frequency band and therefore anyone can transmit or receive on those bands.  The WiFi Alliance is responsible for making sure that your Dell laptop’s WiFi card can secure and communicate with  your Linksys wireless router.

WiFi exists in the 2.4 GHz (ISM band) and 5.0 GHz (U-NII) bands.  Not all cards support both.  802.11 started with data rates of 1 and 2 Mbps.  After amendments a,b,g,n,and ac we are looking at data rates in the Gbps range.  802.11n and 802.11ac have included many enhancement such as MIMO (multiple-input and multiple-outputand beamforming that make these high-throughput (HT) data rates possible.  Now might be a good time to get a cup of coffee if your brain is exploding or if you have had enough.


Okay apparently you want to know more.  So what is an Ad-Hoc network?  Essentially an Ad-Hoc network is a wireless network that does not use an Access Point as the central point of communication.  In an Ad-Hoc WLAN one device acts as the central coordinator (like a cell-phone Mi-Fi).  Having your device set to deny ad-hoc connections is a good security practice otherwise it is easy to be compromised by someone.  Other good practices are to avoid Open SSIDs as they do not use encryption and leave you vulnerable to eavesdropping.

“warchalking”           symbol for an             open SSID

So when setting up your home WiFi always use the strongest encryption.  Choose WPA2 over WPA,  AES over TKIP, and never use WEP: an easy WEP passphrase can be broken in seconds.  If you have advanced hardware and some time and patience you may be able to set up 802.1x/EAP as opposed to just PSK.  This also increases your security,  using 802.1x/EAP will prompt a mobile device for username and password.  The keys used by the AP when you use this method are more complex and change more often, they are therefore superior.

I remember Arnold had a specific question for me.  He asked, why is it that my wireless is always set to CHANNEL 6?”  I explained to the Governator that there are 14 channels in the ISM band, however one can only use 1 through 11 in North America.  Out of these 11 channels there are 3 that do not overlap.  They are 1, 6, and 11.  For some reason manufacturers almost always default to channel 6.


I think that is enough for the first WIFI for CHICKS & JOCKS.  If you have specific questions you can leave me a message and I will reply on this blog.

Heating up Wifi with Heat Maps


Patrick Hubbard of SolarWinds has written an article called “Wi-Fi heat map: Secret weapon for wireless network admins”.

It is an interesting read and I agree with most of the article.  I will present one warning: heat maps are only as good as the information that has been fed to them.  When loading maps into WNMS systems it is critical to calibrate the floor plan accurately otherwise your coverage will be over or under represented.  Some systems allow you to select polarization of antennas this orientation is also critical for keeping the prediction somewhat accurate.  If you do not add attenuation values for objects like walls, doors, and windows then the heat map is just a general estimation.  Adding attenuation will make the prediction more realistic.

So as valuable as it is to see the estimation of your RF coverage, remember it is not a panacea and only as good as the info it has been fed.


Coaxing Wifi Clients to make the right choice…

cant make me

It is a wireless client that determines when it will roam and to which access point it will roam.  All we can do as designers is design and implement WLANs that make the clients’ decisions better.  There are also two amendments to 802.11 that aid in this effort.

802.11k and 802.11r (which have been rolled up into 802.11-2012) were both spearheaded to aid clients in making wise roaming choices.  If a client can roam faster and roam to the access point that will provide the best performance, all clients in the ESSID (a group of APs that share the same SSIDs and corresponding security) benefit.

802.11r or Fast BSS Transition (FT) is an amendment that provides for continuous connectivity via faster secure roaming.  This is achieved in the following manner.  Essentially a client completes a portion of the key exchange and that key is cached and waiting for the client should it roam to that particular AP.  This reduces the time it takes to complete a secure roam between APs.  There is another less-robust method that exists called OKC (Opportunistic Key Caching).

802.11k or Radio Resource Management (sometimes referred to as RRM).  The purpose of 802.11k is to help a mobile unit roam to the best possible access point.  Wikipedia list 4 steps how RRM achieves this…

  1. Access point determines that client is moving away from it.
  2. Informs client to prepare to switch to a new access point.
  3. Client requests list of nearby access points
  4. Access point gives site report
  5. Client moves to best access point based on report

So no Mr. Mobile Client we cannot make you roam, but we can use the recommendations that the IEEE made to give you a strong incentive.  There is yet one more amendment which I know little about (802.11v) and it seems not many others know much about.  Furthermore it has not received much traction by vendors.  There is some interesting info posted on Ben Miller’s blog…