We’ve all been there – or at least most of us have, anyway. The Wi-Fi network appears to be misbehaving and users are frustrated.
Your users will be working for several hours, and then, it looks to them as if someone shut the entire WLAN off. Their workstation’s Wi-Fi icon, when hovered, states “no Wi-Fi connections are available”.
Now comes the fun part – well, to me it’s fun, anyway. Let’s start out with what the normal operation of the WLAN client looks like. This particular client is stationary. It’s a laptop that is used like a stationary desktop, and is cabled to the desk via lock and key. I wanted to clarify that because you won’t see any roaming in this packet capture, and you shouldn’t see any.
Since the client is associated to an AP on channel 36, I set my protocol analyzer to only look at that channel, and then set a filter to only look at the client adapter. This makes is a lot easier to what’s going on. I will use this as my baseline, since I want to know what it looks like when everything is working normally. Here’s normal for this client:
Encrypted data from AP to client
Client Request to Send to the AP
AP responds with Clear to Send
Client sends data
AP acknowledges data with ACK packet
Now we will fast forward a few hours. The user called you and told you “The Wi-Fi is down”. Or is it? To them, it is!
We start our same packet capture as before – same filter, same channel.
Now the picture is very clear. The Client doesn’t see the beacon of the AP’s BSSID because it is sending probe request to ff:ff:ff:ff:ff:ff and we are seeing the unicast probe responses from the APs (only on channel 36 because of the filter) to the client. I believe the client should send unicast probe request to the AP.
The c lient does not appear to see the beacon of the APs, and starts sending out probe requests. The APs respond, but the client does not appear to see the probe response. Almost as if they WLAN client has gone deaf.
Thankfully, the “quick fix” is to turn the WLAN adapter off and then back on. Long-term fix will most likely entail downloading and installing new WLAN client drivers.
Nice post. Which protocol analyzer you were using ?
ReplyDelete