I was analyzing a set of surveys and found some interesting interference sources. Except for the first three, they are all above 5.725 GHz which is home to the U-NII-3 (5.725-5.850 GHz) and the 5.8 GHz ISM band (5.725-5.875 GHz).
Feel free to comment if you have seen it in the wild.
A new subway line has opened in Milan, the M4 connecting the city airport with the city center. It’s a driverless fully automated transport system.
There’s a WPA2-Personal SSID in every station, powered by Cisco APs. No wi-fi in the tunnel between stations.
As usual, quick wi-fi analysis and packet capture done with my Analiti for Android app.
You can download the pcap file here.
At my local cinema, an Apple AirPort (possibly Extreme 802.11n) quietly keeps the show running. The pcapng was captured with Analiti on Android.
I was called to discuss the installation of an access point in a chemistry research facility where a Nuclear Magnetic Resonance (NMR) spectrometer by Bruker is operating. It’s a model slightly smaller than the one pictured below.
Researchers operating the laboratory were concerned about the signal from a wi-fi access point in the same room possibly interfering with the instrument. My concern was in turn that the NMR would interfere with the wi-fi operations, given the much higher energy in play in an NMR spectrometer.
Upon discussion with the lead researcher, it was ascertained that the spectrometer works with RF below 1 Ghz, mainly in the 400 Mhz range. According to Wikipedia, it operates in the 60-1000 Mhz range.
Interestingly, a spectrum analysis with Metageek Chanalizer in the lab showed a distinctive interference on 2.4 Ghz centered on channel 2 and a lesser signal on channel 1. The measure was taken from a fixed position at 3m from the spectrometer, while it was operating.
The signal on channel 2 has a high duty cycle with 95% at -50dBm in a 20 minute interval.
At -70 dBm the duty cycle on channel 1 was above 80%.
Moving away from the NMR into adjacent rooms, the interference weakened and wasno longer detectable. I was not able to identify the exact source of the interference, besides it being related to the Bruker device operations. The access point was moved out of the room into the corridor.
Early Aygust I was surveying one of the university buildings in Milano with my colleague. A heatwave was underway with outside temperatures of 35°C and in-building 30°C. We moved by bike, carrying survey kit and spare APs in my bike bags.
The building itself is interesting: a former cinema belonging to the nearby church, later rented by our university, the cinema transformed into a 200-seat lecture hall, the above floors offices. The view on the nearby XVI century church and art-nouveau buildings is wonderful.
We spent the morning surveying the building. Most of the time was used picking keys from a huge keyring and opening offices – then closing them again. After a couple of hours the tethered survey device was really hot and I didn’t want to stuff it back in the bag, even if it was turned off. So I found a creative solution:
Using all 5 Ghz channels available in your regulatory domain is not a choice, it’s a matter of fact. Here’s my experience.
I did a validation survey at one of our remote sites. The survey data showed severe co-channel interference almost everywhere. The site lies in open countryside and has no detectable neighboring APs: all of the APs are our own and they all transmit in the same 4 non-DFS channels as shown in the reading taken at location A on site:
Some wifi spotting (or wifi watching) at a hardware and home improvement store in Milano, Italy. I went there to buy a set of TORX tamper-resistant drivers to unscrew an old AP at the office and found myself looking at the ceiling all the time.
It’s a huge warehouse about 10m high with industrial metal shelves packed full of metal hardware, tools, building materials, piping, electric gear and wood sheets. It’s open to the public and there is a perpetual flow of customers, forklifts and elevating platforms.
The company opened 4 years ago, there is a good ethernet infrastructure at every cashier desk and aisle station, but the wireless gear was hard to spot.
Many PDAs and inventory scanners, forklifts. I did not take pictures of the handheld devices because the employees might have objected. Price tags on the shelves are low-tech.
I could not identify the devices that were hanging from the ceiling, some in a structured fashion, but pointed slantly across the aisles and not along it. Perhaps because the AP mount is not stable and the devices rotate freely.
Some devices were just hanging from the ceiling or the fire extinguisher piping, like jungle vine.
I recorded 97 BSSID with Airport Utility standing still near the cashiers. 92 BSSID were from a locally administered MAC OUI, 5 from universal OUIs. Here’s a list of the manufacturers:
00:A0:57 LANCOM LANCOM Systems GmbH
38:08:FD Silca Silca Spa
50:D4:F7 Tp-LinkT Tp-Link Technologies Co.,Ltd.
8C:34:FD HuaweiTe Huawei Technologies Co.,Ltd
02:18:4A Locally administered MAC address
02:18:5A Locally administered MAC address
E2:55:7D Locally administered MAC addressThe BSSIDs where evenly spread on 2.4 Ghz and 5 Ghz. The SSID list, redacted for privacy:
(hidden SSID)
CLIENT
GUEST
PDA
SESWifi
Silca-Futura_XXXX
SMARTPHONE
TP-Link_XXXX
WebPocket-XXX SES is a proprietary WPS solution from Cisco Linksys:
SecureEasySetup, or SES is a proprietary technology developed by Broadcom to easily set up wireless LANs with Wi-Fi Protected Access. A user presses a button on the wireless access point, then a button on the device to be set up (printer, etc.) and the wireless network is automatically set up. This technology has been succeeded by the industry-standard Wi-Fi Protected Setup.
https://en.wikipedia.org/wiki/SecureEasySetup
Silca Futura is a key cutting machinery manufacturer, so the SSID comes from the locks and safes area.
WebPocket is a 4G mobile wifi hostspot device made by Huawei.
Do you know what kind of devices/solution is behind the 92 local mac addresses? The comments are there for you.
Went to the hospital for a health check and spent the waiting time looking up to the ceiling. I spotted some RTLS devices from Centrak:
I did a quick scan with Airport Utility and found about 90 APs with hidden SSID and a Local mac address, plus other assorted OUIS. Here’s the OUI list:
02:18:4A Locally administered MAC address 02:18:5A Locally administered MAC address 00:A0:57 LANCOM Systems GmbH 38:08:FD Silca Spa 50:D4:F7 Tp-Link Technologies Co.,Ltd. 8C:34:FD Huawei Technologies Co.,Ltd
The locally administered Macs were broadcasting a hidden SSID, plus CLIENT, GUEST,PDA,SMARTPHONE.
The Silca OUI does not make sense here, unless it’s an access control system with intelligent door locks, the kind you operate with a keycard or a FOB.
Lancom Systems Gmbh is a network equipment manufacturer and solutions provider.
Channels in 2.4 Ghz are 1,6,11 as expected, and some 7 (what the heck?) and 9.
Channels in 5 Ghz: 36,44,64,104,112,140. Don’t know about channel width from the Airport Utility.