Python is the programming language to learn if you are a Network Engineer. It’s just one of the new skills you’re going to need to stay relevant and to be more than just a simple worker that adds no value beyond basic config.
With Python scripts you can repeat complex tasks in exactly the same way as many times as you like. You can build in variations so that the same job is dynamic when the need arises. For example you could deploy 20 access layer switches with identical configuration except each might have a unique management IP address. Think of the benefits of this type of automation at scale - 1000 switches by CLI is asking for trouble with misaligned configuration and it’s just down right inefficient use of time.
Old school engineers would promote Perl for network scripts and automation - but its old school, less popular and harder to read. Python, as I understand it, can do anything Perl could do and is a much more accessible language in that it’s easier to read and begin working with.
The use cases for scripting or programming will extend far beyond just replacing the legacy technique for the same tasks we perform today. The network is full of useful data that can be extracted for use elsewhere or to help inform the decisions for design tomorrow. All good technology products or services should contain an API which is a very easy way to have Python scripts interact with devices and software. Aruba Networks have released ArubaOS-CX on a core/aggregation switching platform that will allow Python scripts to run right on the switches. The analytics and automated troubleshooting capabilities show huge promise.
I’ve been learning Python to perform some work in real life scenarios. If you can do it that way, like with most learning opportunities, you will be able to make better associations with the new skills you learn with the benefits of those skills in hobbies and work.
Along the way I have been posting examples of my work in the Aruba Airheads Community, they are relevant to the Aruba Meridian solution.
Using the Meridian API: Output Beacons info to CSV
Using the Meridian API: Checking Beacon Battery Levels
Using the Meridian API: Storing the JSON Output (Local Caching)
Using the Meridian API: Caching Beacons Data in a file
Using the Meridian API: Caching Maps Data in a file
The posts include python files and a step by step break down describing the lines of programming so you can learn how they work. My hope is someone might either make use of the python scripts in their entirety or be able to use sections (or particular functions) for their own projects.
There are so many resources around to help you to get started with Python. If you’re using a MacOS X as your computer operating system then Python is even pre-installed. There are countless books and paid or free online tutorials and courses. Now is the time to get some experience, see if there is any way you could take one of your current tasks and include a bit or Python training in to it.
If you read this post by Steven Iveson in April 2013 you might feel a bit late to the game. There is no time like now to start. https://packetpushers.net/programming-101-for-network-engineers-why-bother/
Search the web for "python for network engineers" and you'll come across countless Udemy courses and other sources. Let me know if you find any good ones.
In the old days if you wanted to do wireless protocol analysis you really needed some specialised equipment. An AirPcap USB interface was a pretty coveted device in the 2010's as it allowed for sniffing of 802.11n wireless frames directly in software like Wireshark on a Windows laptop. There was also AirMagnet Wi-Fi Analyzer that required a specific AirMagnet card and driver for packet analysis and Wi-Fi troubleshooting. The cost of these tools meant that it was difficult for the average Network Engineer to be readily equipped with such capabilities. Then it became widely known that Apple MacBooks were able to switch their built-in Wi-Fi interface to monitor mode for native wireless sniffing. MacOS quickly became a popular device of choice for Wireless Professionals but many of the applications required the Windows OS to run. The lack of dual OS support still left many needing multiple devices to complete their tool-kit. Many of the legacy applications that didn't bring support to MacOS eventually became obsolete. A good example of this is how AirMagnet Survey lost most of it's market share to Ekahau, which eventually brought out a MacOS version of it's Wi-Fi modelling and survey software.
Wireshark 3.0.0 for Windows introduces a new capture driver that replaces the long standing WinPcap. It's amazing how long WinPcap has been around - I draw the indication of it's breadth of use from the Winpcap.org website. "Thanks to its set of features, WinPcap has been the packet capture and filtering engine for many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators and network testers. Some of these networking tools, like Wireshark, Nmap, Snort, and ntop are known and used throughout the networking community."
Thanks WinPcap! We've seen some long hours together...
OK, so paying homage to a capture driver and welcoming it's replacement is pretty nerdy. I get it. But there is more too it (it gets nerdier). Take a peek at the installation options...
The big one here is the support for raw 802.11 traffic monitoring! It's important to note some of the other items though... capturing loopback adapters can be really useful, restricting captures to Admin only could be strategically smart and providing backwards compatibility to applications that don't yet use the new driver but are expecting to still have access to WinPcap is just plain respectful. They're cool, but monitor mode in Windows takes the cake!
So at this point of the install you might imagine my excitement. Well, it didn't turn out to be as straight forward as just installing Npcap. I was half hoping to just open Wireshark and tick the monitor box much like I can on my MacBook - No Dice! Off to the manual I go https://nmap.org/npcap/guide/npcap-users-guide.html#npcap-feature-dot11-wireshark - Wireshark only honours monitor mode when it is set within the Wireshark GUI but it's not available.
So I read about the WLANhelper.exe tool where you can manually set monitor mode on an interface https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11
The first time I tried enabling monitor mode on my built-in NIC (Intel Dual Band Wireless-AC 7265) I got an error:
I kept getting the error and found I could check the available modes for my wireless interface with the command: wlanhelper <nic guid> modes
So it looks like the Intel 7265 can't do monitor mode. So what can? I found this list https://secwiki.org/w/Npcap/WiFi_adapters
I do have a Savvius branded Netgear A6210. To get it recognised in Wireshark I installed the driver from the Netgear website and rebooted the laptop. I checked the wlanhelper.exe and verified the adapter existed there too. My first attempt to capture in monitor mode resulted in no packets. Second time round I disabled promiscuous mode and it worked a charm. As indicated in the Wi-Fi Adapters list this NIC doesn't pass down the Wi-Fi frequency so the radiotap header doesn't include info about the channel being captured so I had to hunt for that detail in a Beacon frame. The documentation doesn't make it apparent how you would change the frequency for the capture - there is an option command using the wlanhelper tool.
Enable monitor mode for the NIC in wlanhelper
wlanhelper <guid> mode monitor
or use the wlanhelper -i interactive mode
then set the channel
wlanhelper <guid> channel 52
check the channel
wlanhelper <guid> channel
Wireshark will now be capturing from that channel as set. This can be set prior to capture or changed during a current capture.
Happy capturing team!
Download Wireshark here https://www.wireshark.org/#download
Today I am sitting in on the first Asia Pacific #WiFiDesignDay - kindly brought to Sydney, Australia by @ekahau. Here is a brief play by play as it runs...
Mark Krischer from Cisco kicked off the day of guest presentations explaining the fundamentals of RF. The key take away was revealed nice and early. “You have two levers” which are increasing signal and reducing noise. This is a great lesson for newcomers to the WiFi space but equally important as a reminder to old-hats. To the new comer it creates new questions about how you might go about achieving positive outcomes with these levers. For old hats it should keep their minds wizzing around the concepts and realities of what these levers truly encompass.
Matt Fowler (Mist) Discussed A.I. I’m not a fan of using the term A.I. to-date because it simply is a misnomer in the context it’s used. To be fair he also spoke a lot of Machine Learning which is actually the technology being implemented today (and called often wrongly labelled A.I.). It was great to see where Machine Learning can, Will and does improve our Wi-Fi networks and the workflows of those managing Wi-Fi networks.
Jim Steinbacher from WatchGuard talked us through the present day threats and reality of hacking WiFi. The climax of Jim’s presentation was when he admitted he had been running a Karma attack using a discreetly placed Wi-Fi Pineapple. Jim was able to demonstrate how the attendees clients were sharing too much as he listed off the SSIDs many thought were private at their homes. It was cool to see the disbelief across the room. A lot of the attendees were initially stumped as to how this was happening.
Having Keith Parsons (WLAN Professionals) in town was a treat. These days Keith comes to Australia a lot more than he used to to run various training courses (ESCE and CWNA). Keith started by encouraging those in the room who weren’t on Twitter or blogging to start both today. It was the classic hands up to solemnly swear they’ll get on it.
Then Keith got to the meat... He explained that WiFi is working, even when the experience is bad.
Keith showed the group that a system can be brittle if you don’t follow design rules. His analogy was brilliant, utilising LEGO and a simple set of requirements. What a great introduction. Keith is a master of story telling - and this is why you should do whatever it takes to go and sit in on one of Keith’s training courses. Even (if not especially) if you think you know it all about Wi-Fi.
More to come after lunch...
Aaron Scott (Aruba) has been spending a lot of time designing and overseeing the installation of a sports stadium in Sydney. He shared today some of his experiences on this project. After overcoming some extreme voice attenuation caused by a massive flame-red beard Aaron kicked off by outlining the great variation in requirements across the different areas and user scenarios in a stadium (from Media personnel to spectators lining up for food). Not everyone will have the pleasure of designing Wi-Fi for a stadium but a lot of the theory that goes in to planning this type of environment can be very useful across other designs. Aaron explained a method to calculating the total system throughput which can aid the backhaul planning requirements wired and Internet connectivity.
From multi-stage stadium deployments (over years) to half covered, half non covered stadiums - Aaron has met many challenges which had to be overcome. Cost considerations and engineering experiences were great insights throughout the presentation.
The day’s formalities were finalised with an expert panel prepared to answer the toughest attendees questions. Matt Fowler, Aaron Scott, Stephen Cooper, Keith Parsons and Jussi Kiviniemi sat up front and shared knowledge and opinion about:
There is an Easter Egg on the iOS version of the Ookla Speedtest app. Hold down the Go button for a long period of time until your phone starts vibrating.
Then there was Beer! Thanks for following along.
We build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here...