Aliasing MAC Addresses with Wireshark

I love Wireshark, but one thing is for sure: tracking 802.11 conversations with my human brain is difficult. Coloring rules help, but I find it very difficult to remember which MAC address is which wireless station.

Fortunately, Wireshark has the ability to alias IP and MAC addresses! These are defined in the "ethers" file. You should be able to do nearly the same thing on Windows, but here's how to do it on macOS.

1. Open a terminal, and run:
nano ~/Users/your_username/.config/wireshark/ethers

2. Define the MAC address and the desired alias in the file. Separate the MAC and alias with any number of spaces. Aliases themselves can't contain spaces.

ab:cd:ef:12:34:56 (AP)Aruba205H
12:34:56:ab:cd:ef (Client)Nokia6.1
ab:12:ef:cd:34:56 (Client)MacBookPro

Tip: I like to lead with either (AP) or (Client) so I can immediately tell which side is talking.

3. Save the file by pressing Ctrl+X, then Y for yes, then Enter.
4. Restart Wireshark, and now friendly, readable aliases will…

Sounding Good on the Phone

As a Sales Engineer and part-time Technical Trainer (which is what sales engineering basically is), I spend a LOT of time talking to customers on the phone. Usually, these conversations are recorded for reference, and they're typically done in conjunction with video or screen sharing.

Usually, calls are done with a computer-based conferencing tool like GoToMeeting, Zoom, Cisco WebEx, Microsoft Teams, or Google Hangouts. Long ago, I decided that if I was going to spend so much time on the phone, why not ensure that my audio was crystal clear? This would make everyone on the call more comfortable, it would make me easier to understand, and it would make me sound more professional.

Here's where my setup is today:

Yeti Blue MicThis mic is about $140 on Amazon, but you can find it on sale for as low as $80, which is what I paid for mine. It connects with MiniUSB, and functions as both a microphone and soundcard. It also has a 3.5mm headphone jack on the bottom, which gives both ins…

Reading Mileage from a 1997 Volvo 850R

I'm a huge fan of Volvo 850's, but they aren't without a few flaws. One of them is the odometer: the mechanical odometer is driven by a small electric motor in the gauge cluster, and it has a tiny nylon gear that loses a tooth, causing it to stop counting miles.

Fixing it costs a couple of bucks, but it's a pain. The dash has to come out, which takes a couple of hours, and comes with the inherent risk of breaking things. As a result, there are many 850's on the road with inaccurate odometers.

Pre-OBDII Volvo 850's (1993-1995) provide the ability to plug in a fly wire under the hood, press a special button pattern, and then watch an LED blink back the mileage, which is stored digitally in the gauge cluster. Then, you can fix the odometer gear, and roll up the mileage to the correct number in the process.

Sadly, OBDII Volvo 850's (1996-1997) lack the fly wire, button, and LED. Fortunately, there's a way to read the mileage through the OBDII port with an E…

Octets, Bytes, and Nibbles in MAC Addresses

It's helpful to use terms like octet and nibble to refer to positions in a MAC address or BSSID, but I can never remember which is which. This chart labels them so I can remember.

Questions About the Early Days of 802.11

In the grand scheme of things, I'm pretty new to wireless networking. My journey in Wi-Fi began in high school (~2006), when I decided to wirelessly network our dial-up connection in my parent's house. I distinctly remember making the decision to invest in relatively new 802.11g gear, instead of buying budget 802.11b hardware. A few eBay auctions later, I had a respectable pile of WLAN gear on desk to play with. Despite the awesome 9 dBi omnidirectional antenna, the room directly below my router had terrible signal strength, and I couldn't figure out why.

In college (~2009), the school had Wi-Fi across a parking lot, very far away from the dorms. I taped a draft 802.11n adapter in the window, networked it to a couple of wireless routers in my dorm room, ultimately providing Wi-Fi for everyone in the dorms. It was very useful for rounds of Halo 3 and StarCraft. More antenna trouble: my experimentations with soup cantennas failed miserably.

A few years later (~2012), I was t…

CWSP Study Guide Exercise PCAP Files

I'm really, REALLY enjoying the CWSP Study Guide. One thing I noticed is that the provided link to exercise PCAP files in the book does not seem to work. I dug around and was able to find them on Sybex' website.

Here's a direct download link.

Replaying Beacons with the AirPcap Nx

The company I work for makes a Wi-Fi scanner, and while I think that it does a really good job of interpreting 802.11 beacons and probe responses, every now and then a customer finds a little bug, or at least a weird beacon from an access point or SOHO wireless router.

For a long time, I wished that I had a way to replay those beacons to see how our Wi-Fi scanner would interpret them, firsthand. Today, I had an epiphany. I have an AirPcap Nx, which in addition to being a packet capture device is also a packet injection tool!

If you have a PCAP file containing beacons, you can easily replay them with the AirPcap Nx. Here's how to do it:

1. Open the PCAP file in Wireshark.

2. Select the beacon that you wish to replay by clicking on it.

3. Save the selected beacon off to a new file in File > Export Specified Packet with the Selected Packet option.

4. Open AirPcapReplay.

5. Set the Transmit Mode to User-defined Packet Period, check Respect Packet Channel, and check Respect Packet R…