field notes troubleshooting

Non-wifi interferers

I was analyzing a set of surveys and found some interesting interference sources. Except for the first three, they are all above 5.725 GHz which is home to the U-NII-3 (5.725-5.850 GHz) and the 5.8 GHz ISM band (5.725-5.875 GHz).

Feel free to comment if you have seen it in the wild.

This looks like Godzilla, consistent interference in a wide area, source unknown.

Possibly some video surveillance system, there are two in the area, see next.
Possibly video surveillance systems

Movement sensors for lighting fixtures
Movement sensors for lighting fixtures
Movement sensors for lighting fixtures

Strong interference spilling over from U-NII-3 up to channel 136. Source unknown.
This interferer is spilling up to channel 132. Unknown source.
Different site, similar interference pattern.
Yet another site, same pattern with harmonics reaching channel 140.

Possibly a non-wi-fi security camera on channels 60-64.

field notes tools

Subway wi-fi

A new subway line has opened in Milan, the M4 connecting the city airport with the city center. It’s a driverless fully automated transport system.

The active section of M4 subway in Milan.

There’s a WPA2-Personal SSID in every station, powered by Cisco APs. No wi-fi in the tunnel between stations.

As usual, quick wi-fi analysis and packet capture done with my Analiti for Android app.

You can download the pcap file here.

field notes

Wi-fi at the cinema

At my local cinema, an Apple AirPort (possibly Extreme 802.11n) quietly keeps the show running. The pcapng was captured with Analiti on Android.

field notes troubleshooting

Bruker NMR interference?

I was called to discuss the installation of an access point in a chemistry research facility where a Nuclear Magnetic Resonance (NMR) spectrometer by Bruker is operating. It’s a model slightly smaller than the one pictured below.

Credits: Mike25. Source: Wikipedia

Researchers operating the laboratory were concerned about the signal from a wi-fi access point in the same room possibly interfering with the instrument. My concern was in turn that the NMR would interfere with the wi-fi operations, given the much higher energy in play in an NMR spectrometer.

Upon discussion with the lead researcher, it was ascertained that the spectrometer works with RF below 1 Ghz, mainly in the 400 Mhz range. According to Wikipedia, it operates in the 60-1000 Mhz range.

Interestingly, a spectrum analysis with Metageek Chanalizer in the lab showed a distinctive interference on 2.4 Ghz centered on channel 2 and a lesser signal on channel 1. The measure was taken from a fixed position at 3m from the spectrometer, while it was operating.

The signal on channel 2 has a high duty cycle with 95% at -50dBm in a 20 minute interval.

At -70 dBm the duty cycle on channel 1 was above 80%.

Moving away from the NMR into adjacent rooms, the interference weakened and wasno longer detectable. I was not able to identify the exact source of the interference, besides it being related to the Bruker device operations. The access point was moved out of the room into the corridor.

field notes

bikewifi device cooling

Early Aygust I was surveying one of the university buildings in Milano with my colleague. A heatwave was underway with outside temperatures of 35°C and in-building 30°C. We moved by bike, carrying survey kit and spare APs in my bike bags.

The building itself is interesting: a former cinema belonging to the nearby church, later rented by our university, the cinema transformed into a 200-seat lecture hall, the above floors offices. The view on the nearby XVI century church and art-nouveau buildings is wonderful.

We spent the morning surveying the building. Most of the time was used picking keys from a huge keyring and opening offices – then closing them again. After a couple of hours the tethered survey device was really hot and I didn’t want to stuff it back in the bag, even if it was turned off. So I found a creative solution:

field notes

How I learned to stop worrying and love all 5Ghz channels

Using all 5 Ghz channels available in your regulatory domain is not a choice, it’s a matter of fact. Here’s my experience.

I did a validation survey at one of our remote sites. The survey data showed severe co-channel interference almost everywhere. The site lies in open countryside and has no detectable neighboring APs: all of the APs are our own and they all transmit in the same 4 non-DFS channels as shown in the reading taken at location A on site:

The original situation at location A
field notes

Hardware store warehouse

Some wifi spotting (or wifi watching) at a hardware and home improvement store in Milano, Italy. I went there to buy a set of TORX tamper-resistant drivers to unscrew an old AP at the office and found myself looking at the ceiling all the time.

It’s a huge warehouse about 10m high with industrial metal shelves packed full of metal hardware, tools, building materials, piping, electric gear and wood sheets. It’s open to the public and there is a perpetual flow of customers, forklifts and elevating platforms.

The company opened 4 years ago, there is a good ethernet infrastructure at every cashier desk and aisle station, but the wireless gear was hard to spot.

Many PDAs and inventory scanners, forklifts. I did not take pictures of the handheld devices because the employees might have objected. Price tags on the shelves are low-tech.

I could not identify the devices that were hanging from the ceiling, some in a structured fashion, but pointed slantly across the aisles and not along it. Perhaps because the AP mount is not stable and the devices rotate freely.

This device is oriented across the aisle, not along it
Another orientation that does not make sense, probably it’s freely rotating due to air currents, thermal movements, machinery bumping it.
Definitely perpendicular to the aisles and shelves.

Some devices were just hanging from the ceiling or the fire extinguisher piping, like jungle vine.

Here you are!
welcome to the jungle
Looks like they want to cover the whole area above the shelving
Another view of the same.

I recorded 97 BSSID with Airport Utility standing still near the cashiers. 92 BSSID were from a locally administered MAC OUI, 5 from universal OUIs. Here’s a list of the manufacturers:

00:A0:57 LANCOM LANCOM Systems GmbH
38:08:FD Silca Silca Spa
50:D4:F7 Tp-LinkT Tp-Link Technologies Co.,Ltd.
8C:34:FD HuaweiTe Huawei Technologies Co.,Ltd
02:18:4A Locally administered MAC address
02:18:5A Locally administered MAC address
E2:55:7D Locally administered MAC address

The BSSIDs where evenly spread on 2.4 Ghz and 5 Ghz. The SSID list, redacted for privacy:

(hidden SSID)

SES is a proprietary WPS solution from Cisco Linksys:

SecureEasySetup, or SES is a proprietary technology developed by Broadcom to easily set up wireless LANs with Wi-Fi Protected Access. A user presses a button on the wireless access point, then a button on the device to be set up (printer, etc.) and the wireless network is automatically set up. This technology has been succeeded by the industry-standard Wi-Fi Protected Setup.

Silca Futura is a key cutting machinery manufacturer, so the SSID comes from the locks and safes area.

WebPocket is a 4G mobile wifi hostspot device made by Huawei.

Do you know what kind of devices/solution is behind the 92 local mac addresses? The comments are there for you.

field notes

Spotted some healthcare location services

Went to the hospital for a health check and spent the waiting time looking up to the ceiling. I spotted some RTLS devices from Centrak:

as usual, antennas are tilted randomly
What’s this? Aruba?

I did a quick scan with Airport Utility and found about 90 APs with hidden SSID and a Local mac address, plus other assorted OUIS. Here’s the OUI list:

02:18:4A Locally administered MAC address
02:18:5A Locally administered MAC address
00:A0:57 LANCOM Systems GmbH
38:08:FD Silca Spa
50:D4:F7 Tp-Link Technologies Co.,Ltd.
8C:34:FD Huawei Technologies Co.,Ltd

The locally administered Macs were broadcasting a hidden SSID, plus CLIENT, GUEST,PDA,SMARTPHONE.

The Silca OUI does not make sense here, unless it’s an access control system with intelligent door locks, the kind you operate with a keycard or a FOB.

Lancom Systems Gmbh is a network equipment manufacturer and solutions provider.

Channels in 2.4 Ghz are 1,6,11 as expected, and some 7 (what the heck?) and 9.

Channels in 5 Ghz: 36,44,64,104,112,140. Don’t know about channel width from the Airport Utility.