Have you ever been asked if Wi-Fi is bad for our health? If you work with Wi-Fi you will have faced this question at least once, if not once every other month. There is a lot of misinformation, but lets not start with that.

Recently I was asked to provide advice on the safety of Wi-Fi in regards to human health - this came up because I had made a recommendation to place Access Points underneath seats in a tiered seat (cinema style) theatre. The under-seat design is a story for another time. It occurred to me that the audience who had raised the concern of the proximity of Access Points to people would most likely be non-technical and would not had heard "The Spiel" before. I wanted to be as prepared as possible and armed with the most up to date information I could find. So I spent an entire Saturday reading through information - here is what I found.

When reading about the effects of electromagnetic energy exposure it is important to note the radio frequencies of Wi-Fi are limited in range. Many of the studies and documents that are available relate to much wider frequencies (e.g. 0 - 300 GHz) or very targeted frequencies used in other technologies such as cellular base stations for mobile phones. The most common frequencies used for Wi-Fi occur between 2.4 GHz and 5.9 GHz.

It is also important to note that the majority of Wi-Fi deployments will operate at a transmission power much lower to the services in other frequencies such as cellular, TV and Radio broadcast.

While I've provided links to the various articles and content I have also included snippets for those who find it all a bit TLDR.

ARPANSA - Australian Radiaton Protection and Nuclear Safety Agency
Australian Government’s primary authority on radiation protection and nuclear safety. ARPANSA protect the Australian people and the environment from the harmful effects of radiation through understanding risks, best practice regulation, research, policy, services, partnerships and engaging with the community.

ACMA - Australian Communications and Media Authority
The independent statutory authority tasked with ensuring most elements of Australia's media and communications legislation, related regulations, and numerous derived standards and codes of practice operate effectively and efficiently, and in the public interest. ACMA is a 'converged' regulator, created to oversee the convergence of the four 'worlds' of telecommunications, broadcasting, radio communications and the internet.

WHO - World Health Organisation
The World Health Organization (WHO) is a specialized agency of the United Nations that is concerned with international public health.

IEEE - Institute of Electrical and Electronics Engineers
The IEEE Standards Authority is an organization within IEEE that develops global standards in a broad range of industries, including: power and energy, biomedical and health care, information technology and robotics, telecommunication among others.

The Wi-Fi Alliance and Wi-Fi equipment manufacturers (aka Vendors) also submit perspectives and points of information to the mix. I deliberately leave material sourced from these organisations to last as it is, in most cases, referencing other material already covered by other organisations. It's also worth noting that both vendors and the Wi-Fi Alliance have an obvious bias towards finding and presenting the positive side of the story.

It is my opinion that the Wi-Fi Alliance should not be considered a reliable source for health or medical based information. Vendor information should be followed for safe use and operation guidelines but like information from the Wi-Fi Alliance should not be used as the basis for medical advice.

WFA - Wi-Fi Alliance
Wi-Fi Alliance defines innovative, standards-based Wi-Fi technologies and programs, certifies products that meet quality, performance, security, and capability standards, provides industry thought leadership, and advocates globally for fair spectrum rules.

WFA: Wi-Fi® and Health/Safety Brochure
https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_and_Health_Brochure_2015_0.pdf
The wireless industry continually monitors information about RF health and related regulatory or policy changes to stay informed of up-to-date research and to be sure that the public can continue to have confidence in the safety of its products. In addition, Wi-Fi Alliance® supported two independent research studies both published in Health Physics, a peer-reviewed scientific journal. The first was an independent exposure study that conducted 356 measurements at 55 sites (including schools and hospitals) in four countries around the world. This study concluded that in all cases, the measured Wi-Fi signal levels were very far below international exposure limits (IEEE C95.1-2005 and ICNIRP) and in nearly all cases, far below other RF signals in the same environments.

WFA: Wi-Fi and Health
https://www.wi-fi.org/wi-fi-and-health
Due to the ubiquity of Wi-Fi technology, questions about the safety of radio waves and Wi-Fi devices tend to arise from time to time. The wireless industry takes these concerns very seriously.

There is always a possibility that the organisations referenced above will adopt new testing or theories which bring a different perspective. I recommend you stay informed and periodically review the information available. If you do find what I've shared here useful please let me know with a comment below.

Wireshark is super powerful! You just need to learn how to increase your chances of finding needles in haystacks. Needles are the packets and frames which hold the forensic truth of what actually happened, the haystack is the rest of the junk packets and frames that usually get scooped up in the process of the capture. Here are a couple of easy steps to filter both in detail and visually for some interesting types of packets.

Filtering for ARP frames in Wireshark is simple. For an existing packet capture just type arp and hit enter/return in the display filter bar. The corresponding packets will show only ones with the protocol type of ARP. to edit.

​Filtering for MDNS is equally as simple. In the display filter bar you can type mdns which will filter the displayed packets to those that match the protocol of MDNS.

​If you would like to isolate to Apple Bonjour specifically you can write a display filter for packets with a destination IP address of 224.0.0.251 as displayed below.

​Once we know how to display specific types of packets in Wireshark we can display those packets in graphs and see their relation to each other. I really like using the I/O Graph function of Wireshark to see the relative percentage of ARP or MDNS packets to the total number of packets in a visual way.

To get to the I/O Graph click on Statistics in the Menu bar and find I/O Graph.
Typically the I/O Graph will open displaying a line graph which represents the packets per second over time like below:

​By including extra details using the display filters previously mentioned you can get a visual representation of the number of ARP packets vs the total number of packets per second. 

On a quiet network (overnight when no one is around) the ARP protocol might be pretty much the only type of traffic present as devices keep their ARP tables up to date. But during the day you don't want ARP to be a huge percentage of traffic on your main client network segment - this might indicate an issue which would need to be further investigated. To differentiate between the quiet and busy times on your network it is worth taking some sample captures from various points on the network and analysing the packets per second to see what is 'expected' or 'normal'. The more you look at it the more understanding you will get for the norms in your environment.

​To include this you simply add an additional graph detail by clicking the Plus button below the graph details pane and entering a new display filter with a customised name:

​Be sure to colour your new line in a different colour so you can easily see the difference between it and other lines on the graph. Wireshark can be used in the same way for 802.11 frame captures. For example you might be able to display broadcast frames vs total frames per second within the I/O Graph, or maybe visualise management and control frames vs data frames. As you learn more display filters the I/O Graph function of Wireshark can become very powerful.

Today my Ubertooth One arrived. I ordered this for a couple of reasons… but the main, pressing reason was I wanted to better understand Bluetooth Beacons and I need a way to packet capture in a promiscuous mode much like I can with WiFi. It seems that the Ubertooth One is the simplest and cheapest solution available - from what I found ultimately it was the only option.

The Ubertooth One was created by Michael Ossmann and Dominic Spill from Great Scott Gadgets. 

There are a lot of instructions available… and as long as this isn’t your first time using the make command (http://linoxide.com/how-tos/linux-make-command-examples/) and you aren’t scared to type a few commands in to a terminal, command only, window then getting started isn’t too much work. If you aren’t a programmer then having some experience and patience in searching the Internet for answers then give it a go. There are some dependencies and I found this was the best place to get started: https://github.com/greatscottgadgets/ubertooth/wiki/Getting-Started but there are many other websites you will visit in the initial stages of getting your Ubertooth One going.

I had to compile the firmware as the ready to go package was considered old for the host tools. https://github.com/greatscottgadgets/ubertooth/wiki/Firmware I found this out, because someone else had the issue: https://github.com/greatscottgadgets/ubertooth/issues/228
I used the latest GNU-ARM-Embedded toolchain https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads rather than the older one that was linked to elsewhere. Maybe this was good, maybe bad… It works!

Here was a great piece of learning…