3

I've had a big problem with a terribly slow WiFi network today which I just can't seem to trap the cause of.

My setup:

  1. IpTables router running on a PC installed with Ubuntu 12.04 and 3 network interfaces.
  2. One of the interfaces (eth0) hooked up to a WiFi AP shared by all end users.
  3. One interface (eth1) hooked up to our ISP's modem
  4. One interface (eth2) hooked up to our server room's switch.

Over today, I'd been experiencing a very laggy WiFi network. Usually, I would track down one of the users doing a mass transfer of files into the server room. This is easily trackable by looking at tcpdump output of any of the interfaces.

However, today, I'm not seeing any significantly high usage on the router itself. I suspect that someone is mass transferring files between 2 laptops on the same WiFi segment (which means the packets will not go through my router).

Unfortunately, I don't know how to track this down as I don't know how to do a "tcpdump" of traffic going through the WiFi channel itself. Is there any way to accomplish this?

Brent Pabst
  • 6,069
  • 2
  • 24
  • 36
feicipet
  • 565
  • 1
  • 6
  • 13
  • 1
    Do you have an Android phone? If so, you can use Wifi Analyzer. Maybe there is radio interference, or your entire neighborhood is on the same channel. – Halfgaar Jan 02 '13 at 13:44
  • Yes, I've already checked the channels and I've selected the one with least interference so far. The good thing about this is that we're in our customer's location and the customer uses channel 1. We just take care to stay out of that channel. – feicipet Jan 02 '13 at 17:06

2 Answers2

4

There are two things I would check or do here...

  1. As @Halfgaar mentions above you can download numerous Wi-Fi analyzer tools to view all current SSIDs that are broadcasting as well as the channels they are broadcasting on. You really want to try NOT to overlap with other devices. The best channels to use depend on your region of the world. You can use these tools on most smart phones and even on a simple laptop.

  2. If the overlap is minimal then you may want to look into doing a port mirror on either the AP or your Ubuntu box to then capture a wire trace. By doing so you should be able to view all of the traffic crossing the network and in turn determine where the bandwidth is going. Note: this is a standard troubleshooting method on wired networks as well. I personally would use Wireshark

Brent Pabst
  • 6,069
  • 2
  • 24
  • 36
  • 1
    As noted there are many tools. Have found this one works very well and has Android,Windows and Apple versions and is free http://www.metageek.net/products/inssider/ – Dave M Jan 02 '13 at 14:50
  • @DaveM Yep, thats the one I typically use on a standard laptop. – Brent Pabst Jan 02 '13 at 16:38
  • Thus far, I'm satisfied that I've avoided most of the other channels. Have already run Wifi Analyzer previously to check this. When you refer to port mirroring, do you mean something like http://www.tamos.com/docs/monitoring.pdf ? – feicipet Jan 02 '13 at 17:10
  • @feicipet Yes, like that. You should really check out Wireshark, it's damn good. – Brent Pabst Jan 02 '13 at 17:20
1

Most business grade WAPs support some kind of monitoring either through the web interface or SNMP. You should be able to get this information from your WAP in one manner or another. I can't say more without knowing the specifics of your implementation.