Friday, March 17, 2017

Replaying Beacons with the AirPcap Nx

The company I work for makes a Wi-Fi scanner, and while I think that it does a really good job of interpreting 802.11 beacons and probe responses, every now and then a customer finds a little bug, or at least a weird beacon from an access point or SOHO wireless router.

For a long time, I wished that I had a way to replay those beacons to see how our Wi-Fi scanner would interpret them, firsthand. Today, I had an epiphany. I have an AirPcap Nx, which in addition to being a packet capture device is also a packet injection tool!

If you have a PCAP file containing beacons, you can easily replay them with the AirPcap Nx. Here's how to do it:

1. Open the PCAP file in Wireshark.

2. Select the beacon that you wish to replay by clicking on it.

3. Save the selected beacon off to a new file in File > Export Specified Packet with the Selected Packet option.


4. Open AirPcapReplay.

5. Set the Transmit Mode to User-defined Packet Period, check Respect Packet Channel, and check Respect Packet Rate.

6. Set the Packet Period to 104 milliseconds, and the number of File Transmissions to 500 or so.

Note: I like to set a finite amount of packets to inject, as I've noticed that I can't always click the Stop button and have to force close AirPcapReplay. Setting a finite amount of packets resolves this problem.

7. Click Transmit.

That's it! You should now see whatever beacon from the capture file being replayed from the AirPcap Nx, which in turn will be detected by any clients who are in range and listening:

Tuesday, November 8, 2016

SE-Connect Mode via the GUI

There are plenty of guides out there that explain how to put a Cisco AP in SE-Connect mode via SSH, but what about the GUI?

Remember that if you want to do this, you'll need to have converted your AP to autonomous mode. To convert my AP, I used this excellent guide. The only thing I had to do differently with my Cisco 3600 was hold down the "mode" button until the LED turned amber, and then turned off (instead of just holding the button until the LED turned red like the guide describes).

Once your AP is running an autonomous image, you're ready to go!

1. Log into your Cisco AP. If you haven't changed the password (and you should), the username is cisco, and the password is Cisco.

2. On the Home page, click on the 2.4 GHz link next to Radio0-802.11N.

3. Click on the Settings tab.

4. At Enable Radio, select Enable. At Role in Radio Network, select Spectrum. Click Apply at the bottom.

6. Go back to the Home screen, and do the same process for the 5 GHz radio (enabling it, setting the role to Spectrum, and applying the settings).

7. Click on the Spectrum Information link.

8. After a moment, the NSI Key field will populate.

That's it! Now you can grab the NSI key and IP address, and take it to either Chanalyzer + Cisco CleanAir or Cisco Spectrum Expert to perform remote spectrum analysis.

Tuesday, October 18, 2016

Wireless Packet Capture with macOS

One of my favorite things about macOS (formerly OS X) is how easy it makes wireless packet captures, compared to Windows.

In older versions of OS X, the Wireless Diagnostics tool provided a fast and simple way to capture wireless frames on a specific channel. 

To use it, you had to open Wireless Diagnostics with Spotlight, type in your password, open the Sniffer window, and finally select a channel and start the capture. As soon as the capture is stopped, a ".wcap" file was placed on your desktop, ready to be opened up with your favorite packet analysis software.

macOS Sierra brings a change that I'm not a big fan of. Files are now placed in /var/tmp (instead of on the desktop), which is just annoying to get to, and doesn't automatically share with the desktop on my Windows 10 virtual machine. That's annoying!

The replacement for me is Airtool by Adrian Granados. It's a lightweight application that runs in the status bar, offers packet capture in 2 clicks, and places a ".pcap" file on your desktop (!) when you are done.

Boom, that's it! Airtool is now my preferred packet capture tool on macOS. Be sure to grab a copy here, and don't forget to flow Adrian a donation for his hard work.

Thursday, August 4, 2016

Pebble Time Bezel Sanding and Brushing

I absolutely love my Pebble Time. For quick glances at my next calendar item, quick replies to text messages, and believe it or not, as a watch, it's amazing.

There's just one major drawback to the Pebble time: the bezel. It's a piece of stainless steel metal with a PVD coating, and while it's sort of tough, it's far from invincible.

Since the PVD coating has a bit of texture to it, items tend to scratch off on to it. For example, if you brush up against a wall, some of the paint will come off of the wall, and onto the watch. You think you've scratched it... until you wash it.

Eventually though, you'll scuff your watch up against something harder than the PVD coating. Zippers, wedding rings, and even my wife's Pebble Time Round (I'm a leftie, so our watches like to kiss when we hold hands) are all capable of scratching the delicate PVD coating.

The solution, which I first saw in this YouTube video, and then later in this Imgur album, is to sand off the PVD coating, and then put a "brushed" finish on it.

To sand and brush your Pebble Time, you'll need:
1. Remove the watchband.

2. Tear off a watch-sized piece of masking tape (I used #2040 3M, which I also use for 3d printing), and stick it onto the bezel.

3. Run your fingernail around the gap between the glass and metal bezel, shoving the tape into the gap, creating an imprint. This creates an imprint where the gap is.

4. Carefully and gently run a hobby knife around the entire imprint to cut the tape. It doesn't need to be cut all the way through, just scored.

5. Tear up the outside piece of tape, leaving the screen covered.

6. Using some 400 to 600-grit sandpaper, gently sand off the PVD coating. I found that sanding in straight lines with very small pieces worked best, avoiding sanding on the tape (you don't want it to lift) and the sides of the metal bezel (I wanted to preserve the shiny edge of the bezel on the sides of the watch).

Note: I didn't do this, but if I was going to do it again, I'd sand it all off, and then I'd spend more time sanding "north/south" only on the watch to get all of the scratch marks going in the same direction as the brushing process later on. A few of my circular scratches from the sandpaper are visible, I could have avoided that by trying to go "north/south". 

At this point, I wore the watch around for a few days, and occasionally broke out the sandpaper to work on it a bit more.

7. Using the Scotchbrite pad, apply a "brushed" finished by moving the Scotchbrite pad from north to south and south to north on the bezel face. I usually started in the middle and swept upwards or downwards to avoid brushing the shiny sides of the bezel. Also, keep an eye on your tape... you wouldn't want to brush the glass! I started out gentle, and applied more pressure as time went on.

Here are the results!

Yep... that'll work! If you like the brushed look and are willing to do a little DIY a few months after you buy, the Pebble Time is a great choice, especially since they are selling for less than $99 on Amazon!

Monday, April 25, 2016

Printrbot Control with OctoPrint and Pi Link

I've been a big fan of Printrbot since the beginning. I've owned a Printrbot Original, Printrbot Simple, Printrbot Simple 1405, and currently a Printrbot Play. After becoming a fan, I even got to "moonlight" on their support team for a year.

As with just about any 3D printer, Printrbots connect to a computer with USB, and the commands for the print are fed to it serially throughout the duration of the print with a program like Pr0nterface, Repetier-Host, or Cura. Interrupt that stream of commands, and your print stops, which means you have to start over. The stream can be interrupted by letting your computer fall asleep, closing the print software, or even by plugging in another USB device (like an iPod).

The solution is a $35 Raspberry Pi and an open-source program for it called OctoPrint. The Raspberry Pi takes the place of your computer (being a tiny computer itself), and OctoPrint is accessed via a web browser over the network. Not only do you minimize the risk of losing a long print, but it untethers your computer as well.
OctoPrint, accessed via a web browser over Wi-Fi
A Raspberry Pi and OctoPrint solve a lot of problems, but I couldn't quite cram a full-sized Raspberry Pi B+ into my Printrbot Simple, and I couldn't use the smaller and cheaper Raspberry Pi A+, because it has only one USB port which is taken up by the Wi-Fi adapter.

I mentioned this problem to Jesse Laird, a good friend of mine who is a hardware engineer and fellow fan of Printrbot. He's made a lot of big contributions to the Printrboard firmware, so he's really, really, really, really familiar with it.

Jesse responded a couple months later with the Pi Link board, a sweet little device that packs a lot of functionality. I'm not really sure when he sleeps. Here's what it does:
  • Provides 5v power to the Raspberry Pi via GPIOs
  • Moves Printrboard communication from USB to GPIOs
  • Converts the 5v logic on the Raspberry Pi to the 3v logic on the Printrboard
  • Powers the Printrbot on and off via OctoPrint
  • Exposes a couple more GPIOs for buttons and LED's
He produced about 10 of these boards, and I was fortunate enough to receive one from him. Another went to Gina Häußge at OctoPrint, who wrote a plugin for it. 

Gina's plugin adds a power button for the printer, and automates the connection process after the printer has been powered on.
Technically, the Pi Link board isn't a Pi HAT, but that's essentially what it is. It plugs into the top of the Raspberry Pi via the GPIO pins, and has a 12v power in connector, a 12v power out terminals, and a ribbon cable connector.

The power in connector is identical to 4-pin or 6-pin connector on the Printrboard, so you can take your existing power and plug it right in. Then, another cable is used to go from the screw-down terminals and out from the Pi Link to the Printrboard. This allows the Pi Link to completely turn the printer on and off through OctoPrint.

Power is supplied to the 4 or 6-pin connectors on the left, and the screw-down terminals supply power to the Printrboard.
The ribbon cable connector connects to the EXP1 (expansion) connector on the Printrboard, instead of connecting the Printrboard to the Raspberry Pi via USB. This frees up a USB port for things like a Wi-Fi adapter, and allows you to use a Raspberry Pi A+, which retails for about $20 and has a smaller footprint, all with only one USB port instead of the usual four. Curiously, it's out of stock on Amazon right now but you should be able to find it elsewhere. You could also use a Raspberry Pi Zero, but who can get their hands on one of those, anyway?

If you don't mind spending the extra ~$20, the Jesse notes that the Raspberry Pi 3 should give a much snapper user experience in OctoPrint. It should also negate the need for an external Wi-Fi adapter, but, much like the Pi Zero, I haven't got my hands on one yet to test with.

I 3d-printed a small mount and press-fit standoffs for my Raspberry Pi A+ and Pi Link hat, and stuck it inside my Printrbot Play with a piece of double-sided tape.
After installing the Raspberry Pi and Pi Link in the printer, there was a bit of setup. I had to flash a special firmware to the Printrboard so it could accept gcode over the SPI port, and there was a bit of command-line work on the Raspberry Pi, but I'm a complete Linux novice and I was able to get everything working.

All done! You can see the Raspberry Pi mount, the Pi Link board, an inexpensive Wi-Fi adapter, and the ribbon cable to the Printrboard, all self contained underneath the Printrbot.
Since then, Pi Link has performed flawlessly, giving me hundreds of prints over (probably) thousands of hours. I can slice a file, upload it to OctoPrint, turn on the power, and hit print, all without having to physically touch the printer (but I do like to keep an eye on it for safety reasons).

Jesse isn't currently producing these boards, but the design is completely open-source. I'm not sure if he will make more or not since the future of the Printrboard is unknown, as Printrbot seems to be investigating new ways of controlling their printers. Additionally, Jesse has some concerns about how much power printers draw through the board. His Printrbot Plus pulls about 13 amps, and while it's been fine, anything above 15 amps could be too much for the Pi Link board. Further testing before broad distribution would be a very good idea.

Thank you Jesse for making such a sweet little board! If you have any questions about it, feel free to contact me on Twitter, or in the comments below.


OctoPrint needs funding. Up until recently, OctoPrint development was fully funded for Gina by another company, but that funding no longer exists. If you use OctoPrint at all, please consider funding it via Patreon, so Gina can continue her amazing work!


Pi Link files and documentation on GitHub
Printrbot Play
Raspberry Pi A+
Raspberry Pi B3
Wi-Fi Adapter