Early Aygust I was surveying one of the university buildings in Milano with my colleague. A heatwave was underway with outside temperatures of 35°C and in-building 30°C. We moved by bike, carrying survey kit and spare APs in my bike bags.
The building itself is interesting: a former cinema belonging to the nearby church, later rented by our university, the cinema transformed into a 200-seat lecture hall, the above floors offices. The view on the nearby XVI century church and art-nouveau buildings is wonderful.
We spent the morning surveying the building. Most of the time was used picking keys from a huge keyring and opening offices – then closing them again. After a couple of hours the tethered survey device was really hot and I didn’t want to stuff it back in the bag, even if it was turned off. So I found a creative solution:
Using all 5 Ghz channels available in your regulatory domain is not a choice, it’s a matter of fact. Here’s my experience.
I did a validation survey at one of our remote sites. The survey data showed severe co-channel interference almost everywhere. The site lies in open countryside and has no detectable neighboring APs: all of the APs are our own and they all transmit in the same 4 non-DFS channels as shown in the reading taken at location A on site:
Some wifi spotting (or wifi watching) at a hardware and home improvement store in Milano, Italy. I went there to buy a set of TORX tamper-resistant drivers to unscrew an old AP at the office and found myself looking at the ceiling all the time.
It’s a huge warehouse about 10m high with industrial metal shelves packed full of metal hardware, tools, building materials, piping, electric gear and wood sheets. It’s open to the public and there is a perpetual flow of customers, forklifts and elevating platforms.
The company opened 4 years ago, there is a good ethernet infrastructure at every cashier desk and aisle station, but the wireless gear was hard to spot.
Many PDAs and inventory scanners, forklifts. I did not take pictures of the handheld devices because the employees might have objected. Price tags on the shelves are low-tech.
I could not identify the devices that were hanging from the ceiling, some in a structured fashion, but pointed slantly across the aisles and not along it. Perhaps because the AP mount is not stable and the devices rotate freely.
Some devices were just hanging from the ceiling or the fire extinguisher piping, like jungle vine.
I recorded 97 BSSID with Airport Utility standing still near the cashiers. 92 BSSID were from a locally administered MAC OUI, 5 from universal OUIs. Here’s a list of the manufacturers:
00:A0:57 LANCOM LANCOM Systems GmbH
38:08:FD Silca Silca Spa
50:D4:F7 Tp-LinkT Tp-Link Technologies Co.,Ltd.
8C:34:FD HuaweiTe Huawei Technologies Co.,Ltd
02:18:4A Locally administered MAC address
02:18:5A Locally administered MAC address
E2:55:7D Locally administered MAC address
The BSSIDs where evenly spread on 2.4 Ghz and 5 Ghz. The SSID list, redacted for privacy:
SES is a proprietary WPS solution from Cisco Linksys:
SecureEasySetup, or SES is a proprietary technology developed by Broadcom to easily set up wireless LANs with Wi-Fi Protected Access. A user presses a button on the wireless access point, then a button on the device to be set up (printer, etc.) and the wireless network is automatically set up. This technology has been succeeded by the industry-standard Wi-Fi Protected Setup.
Silca Futura is a key cutting machinery manufacturer, so the SSID comes from the locks and safes area.
WebPocket is a 4G mobile wifi hostspot device made by Huawei.
Do you know what kind of devices/solution is behind the 92 local mac addresses? The comments are there for you.