The network administrator at ABC Engineering has taken a large packet capture from one of their APs running in monitor mode. She has very little knowledge of 802.11 protocols but would like to use the capture file to evaluate the overall health and performance of their wireless network. When she asks your advice, which tool do you recommend she opens the packet capture file with?
Correct Answer:
C
A capture visualization tool is a software application that can open a packet capture file and display various graphs, charts, tables, and statistics that illustrate the characteristics and behavior of the wireless network. A capture visualization tool can help a network administrator with little knowledge of 802.11 protocols to evaluate the overall health and performance of their wireless network by providing a visual and intuitive representation of the captured data. A spectrum analyzer is a hardware device that measures the radio frequency signals in a given frequency range and displays their amplitude, frequency, and modulation. A spectrum analyzer can help identify sources of interference and noise in the wireless environment, but it cannot open a packet capture file. Python is a programming language that can be used to write scripts or applications that manipulate or analyze packet capture files, but it requires coding skills and knowledge of 802.11 protocols. A WLAN scanner is a software application that scans for available wireless networks and displays information such as SSID, BSSID, channel, signal strength, security type, and vendor. A WLAN scanner can help discover wireless networks and their basic parameters, but it cannot open a packet capture file345 References:
✑ CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 63
✑ CWAP-404 Objectives, Section 2.5: Use capture visualization tools
✑ CWAP-404 Study Guide, Chapter 4: Spectrum Analysis and Troubleshooting, page 117
✑ CWAP-404 Objectives, Section 4.1: Use spectrum analysis tools
✑ CWAP-404 Study Guide, Chapter 2: Protocol Analysis, page 33
✑ CWAP-404 Objectives, Section 2.2: Analyze field values
You are analyzing a packet decode of a Probe Request and notice the SSID element has a length of zero. What do you conclude about the transmitting STA?
Correct Answer:
D
The STA is discovering a list of available BSSs by sending a Probe Request with an empty SSID element. This is also known as a broadcast Probe Request, as it does not specify any particular SSID to probe for. Any AP that receives this Probe Request will respond with a Probe Response containing its own SSID and other information about its BSS. This way, the STA can learn about all the BSSs in its vicinity and choose which one to associate with . References: CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 191; CWAP-404 Certified Wireless Analysis Professional Study and Reference Guide, Chapter 6: MAC Sublayer Frame Exchanges, page 193.