Reading Mileage from a 1997 Volvo 850R

I'm a huge fan of Volvo 850's, but they aren't without a few flaws. One of them is the odometer: the mechanical odometer is driven by a small electric motor in the gauge cluster, and it has a tiny nylon gear that loses a tooth, causing it to stop counting miles.

Fixing it costs a couple of bucks, but it's a pain. The dash has to come out, which takes a couple of hours, and comes with the inherent risk of breaking things. As a result, there are many 850's on the road with inaccurate odometers.

Pre-OBDII Volvo 850's (1993-1995) provide the ability to plug in a fly wire under the hood, press a special button pattern, and then watch an LED blink back the mileage, which is stored digitally in the gauge cluster. Then, you can fix the odometer gear, and roll up the mileage to the correct number in the process.

Sadly, OBDII Volvo 850's (1996-1997) lack the fly wire, button, and LED. Fortunately, there's a way to read the mileage through the OBDII port with an E…

Octets, Bytes, and Nibbles in MAC Addresses

It's helpful to use terms like octet and nibble to refer to positions in a MAC address or BSSID, but I can never remember which is which. This chart labels them so I can remember.

Questions About the Early Days of 802.11

In the grand scheme of things, I'm pretty new to wireless networking. My journey in Wi-Fi began in high school (~2006), when I decided to wirelessly network our dial-up connection in my parent's house. I distinctly remember making the decision to invest in relatively new 802.11g gear, instead of buying budget 802.11b hardware. A few eBay auctions later, I had a respectable pile of WLAN gear on desk to play with. Despite the awesome 9 dBi omnidirectional antenna, the room directly below my router had terrible signal strength, and I couldn't figure out why.

In college (~2009), the school had Wi-Fi across a parking lot, very far away from the dorms. I taped a draft 802.11n adapter in the window, networked it to a couple of wireless routers in my dorm room, ultimately providing Wi-Fi for everyone in the dorms. It was very useful for rounds of Halo 3 and StarCraft. More antenna trouble: my experimentations with soup cantennas failed miserably.

A few years later (~2012), I was t…

CWSP Study Guide Exercise PCAP Files

I'm really, REALLY enjoying the CWSP Study Guide. One thing I noticed is that the provided link to exercise PCAP files in the book does not seem to work. I dug around and was able to find them on Sybex' website.

Here's a direct download link.

Replaying Beacons with the AirPcap Nx

The company I work for makes a Wi-Fi scanner, and while I think that it does a really good job of interpreting 802.11 beacons and probe responses, every now and then a customer finds a little bug, or at least a weird beacon from an access point or SOHO wireless router.

For a long time, I wished that I had a way to replay those beacons to see how our Wi-Fi scanner would interpret them, firsthand. Today, I had an epiphany. I have an AirPcap Nx, which in addition to being a packet capture device is also a packet injection tool!

If you have a PCAP file containing beacons, you can easily replay them with the AirPcap Nx. Here's how to do it:

1. Open the PCAP file in Wireshark.

2. Select the beacon that you wish to replay by clicking on it.

3. Save the selected beacon off to a new file in File > Export Specified Packet with the Selected Packet option.

4. Open AirPcapReplay.

5. Set the Transmit Mode to User-defined Packet Period, check Respect Packet Channel, and check Respect Packet R…

SE-Connect Mode via the GUI

There are plenty of guides out there that explain how to put a Cisco AP in SE-Connect mode via SSH, but what about the GUI?

Remember that if you want to do this, you'll need to have converted your AP to autonomous mode. To convert my AP, I used this excellent guide. The only thing I had to do differently with my Cisco 3600 was hold down the "mode" button until the LED turned amber, and then turned off (instead of just holding the button until the LED turned red like the guide describes).

Once your AP is running an autonomous image, you're ready to go!

1. Log into your Cisco AP. If you haven't changed the password (and you should), the username is cisco, and the password is Cisco.

2. On the Home page, click on the 2.4 GHz link next to Radio0-802.11N.

3. Click on the Settings tab.

4. At Enable Radio, select Enable. At Role in Radio Network, select Spectrum. Click Apply at the bottom.

6. Go back to the Home screen, and do the same process for the 5 GHz radio (enabli…

Wireless Packet Capture with macOS

One of my favorite things about macOS (formerly OS X) is how easy it makes wireless packet captures, compared to Windows.

In older versions of OS X, the Wireless Diagnostics tool provided a fast and simple way to capture wireless frames on a specific channel. 
To use it, you had to open Wireless Diagnostics with Spotlight, type in your password, open the Sniffer window, and finally select a channel and start the capture. As soon as the capture is stopped, a ".wcap" file was placed on your desktop, ready to be opened up with your favorite packet analysis software.
macOS Sierra brings a change that I'm not a big fan of. Files are now placed in /var/tmp (instead of on the desktop), which is just annoying to get to, and doesn't automatically share with the desktop on my Windows 10 virtual machine. That's annoying!

The replacement for me is Airtool by Adrian Granados. It's a lightweight application that runs in the status bar, offers packet capture in 2 clicks, an…