Wireshark filters help drill down to useful information among what can feel like a massive, overwhelming stream. Especially useful when doing 802.11 protocol analysis where the incoming frames can quickly accumulate to many thousands in a very short timeframe.

My favourite Wireshark filter of all time is the WLAN Retry filter. My favourite way to use it is with the I/O Graph. I really like to understand the detected retransmitted frames vs the total number of frames captured. It's really easy to visualise this.

First off - the filter for WLAN Retries is:
wlan.fc.retry == 1

Using this filter as a display filter of a 802.11 frame capture will show only frames that have the Retry bit set in the Frame Control Field in the MAC header.

If you have a frame selected you can tell if it is being re-transmitted by checking the flags exposed in the first IEEE 802.11 decode field below the 802.11 Radio Information - this is displayed in the Packet Details view within Wireshark. An example is shown below where the 'R' Flag is set on the currently selected Deauthentication frame.

I've written about the Wireshark I/O Graph before. You can find this in the Statistics menu as I/O Graph. Within the I/O Graph window you are able to add custom filters which will be visualised. The default line graph shows 'All packets' which in this case represent every frame captured. Typically the y-axis of the graph represents Packets per second so the 'All packets' line indicates the number of 802.11 frames captured per second on the captured Wi-Fi channels.

I like to add my WLAN Retries display filter as a new red line so I can see it in high contrast to the default 'All packets' line. See an exampled below.

In this capture a high proportion of the frames captured had the Retry bit set. They were frames being re-transmitted many times by a Wi-Fi station.

A high retry rate can often indicate that something in the WLAN is unhealthy. This might be a particular station, the medium (the channel and associated frequency), an Access Point or something else.

The retry filter is a useful tool in your Wi-Fi Professional tool-belt. Keep learning! Share your favourite Wireshark display filters below.

Python is the programming language to learn if you are a Network Engineer. It’s just one of the new skills you’re going to need to stay relevant and to be more than just a simple worker that adds no value beyond basic config.  

With Python scripts you can repeat complex tasks in exactly the same way as many times as you like. You can build in variations so that the same job is dynamic when the need arises. For example you could deploy 20 access layer switches with identical configuration except each might have a unique management IP address. Think of the benefits of this type of automation at scale - 1000 switches by CLI is asking for trouble with misaligned configuration and it’s just down right inefficient use of time.

Old school engineers would promote Perl for network scripts and automation - but its old school, less popular and harder to read. Python, as I understand it, can do anything Perl could do and is a much more accessible language in that it’s easier to read and begin working with.

The use cases for scripting or programming will extend far beyond just replacing the legacy technique for the same tasks we perform today. The network is full of useful data that can be extracted for use elsewhere or to help inform the decisions for design tomorrow. All good technology products or services should contain an API which is a very easy way to have Python scripts interact with devices and software. Aruba Networks have released ArubaOS-CX on a core/aggregation switching platform that will allow Python scripts to run right on the switches. The analytics and automated troubleshooting capabilities show huge promise.

​I’ve been learning Python to perform some work in real life scenarios. If you can do it that way, like with most learning opportunities, you will be able to make better associations with the new skills you learn with the benefits of those skills in hobbies and work.

Along the way I have been posting examples of my work in the Aruba Airheads Community, they are relevant to the Aruba Meridian solution.
Using the Meridian API: Output Beacons info to CSV
Using the Meridian API: Checking Beacon Battery Levels
Using the Meridian API: Storing the JSON Output (Local Caching)
Using the Meridian API: Caching Beacons Data in a file
Using the Meridian API: Caching Maps Data in a file

The posts include python files and a step by step break down describing the lines of programming so you can learn how they work. My hope is someone might either make use of the python scripts in their entirety or be able to use sections (or particular functions) for their own projects.

There are so many resources around to help you to get started with Python. If you’re using a MacOS X as your computer operating system then Python is even pre-installed. There are countless books and paid or free online tutorials and courses. Now is the time to get some experience, see if there is any way you could take one of your current tasks and include a bit or Python training in to it.

If you read this post by Steven Iveson in April 2013 you might feel a bit late to the game. There is no time like now to start. https://packetpushers.net/programming-101-for-network-engineers-why-bother/

Search the web for "python for network engineers" and you'll come across countless Udemy courses and other sources. Let me know if you find any good ones.