Ask Your Question
0

How to detect reasons for Wifi log on and off

asked 2020-05-26 21:12:31 +0000

My devices keep logging on and off my Wifi. I want to find the reason why this is happening. I have already tried all kinds of ways to find out such as manually selecting a low-used channel etc. All my devices have the latest Wifi drivers. So how can I use Wireshark to find the reason why my devices keep loosing the Wifi connection and then connect again?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-05-26 21:26:05 +0000

Bob Jones gravatar image

updated 2020-05-26 21:28:23 +0000

You use Wireshark by observing the connection sequence, probably:

 open authentication --> association --> 4-way EAPOL handshake for auth+keying

and then the tear down sequence, probably a single management frame, either

disassociate or deauth

This could be more about cutting the problem in half instead of the brass ring - know exact root cause. Anyway, sometimes we get lucky. Either side can choose to leave the association, so you would see who is issuing the leave, and there is a field that might contain a reason code. Hopefully it doesn't say 'unspecified'... this is the jumping off point. Whichever entity is leaving, you need to look there - why are they sending that frame? A real reason code is a great starting clue. Often, you will need logs as Wireshark only shows what happened, but does not always show why it happened.

Things like power save behavior, DHCP timeouts, and session timeouts are common reasons why a host might leave a wireless association.

Wireless packet capture is hard but there is some guidance here. Often, special hardware is needed.

edit flag offensive delete link more

Comments

Thanks for this answer. However, I am new to Wireshark and therefore don't know what you mean with

open authentication --> association --> 4-way EAPOL handshake for auth+keying

How do I do this in Wireshark?

to_sam@web.de gravatar image[email protected] ( 2020-05-27 06:34:27 +0000 )edit

Some options:

  1. Follow the link on capturing wifi traffic, obtaining any special hardware you might need (a Macbook usually works). Then introduce your client to the wifi network (i.e. turn it on) and then wait for failure. The packet capture, if done correctly, should contain this information.
  2. Hire someone to do the capture for you. Maybe someone close by could help?
Bob Jones gravatar imageBob Jones ( 2020-05-27 08:39:29 +0000 )edit

I am capturing wifi traffic with my router (fritzbox). Would that be enough to do the analysis?

to_sam@web.de gravatar image[email protected] ( 2020-05-27 09:40:57 +0000 )edit

I assume you have checked logs, if any, in the AP? If it is capturing 802.11 traffic then it might be useful. However, most of the vendors have some type of capture solution on the products (mid to high end) but they always have issues when trying to get ALL traffic. But you don't need ALL traffic, you need to see how the device is behaving and if/when/how the device is leaving the association so it MIGHT be suitable to get started.

If you are comfortable, make a link to a download of the capture and provide the MAC of the problem device and we can take a look.

Bob Jones gravatar imageBob Jones ( 2020-05-27 12:36:43 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-05-26 21:12:31 +0000

Seen: 1,315 times

Last updated: May 26 '20