Found this, thought I would share. Take your network skills up a notch, if you dare. It is a packet analysis and packet creation tool using Python. It is called Scapy. The documentation is good. . . a bit difficult to find some quick how to demonstrations. Here is what I did, using my computer.

First I read up on it:

Then I used PIP (PIP – package installer for python. ) to make sure my PIP was updated.

C:\Users\rod>python -m pip install -U pip
Collecting pip
Downloading (1.4MB)
100% |################################| 1.4MB 573kB/s
Installing collected packages: pip
Found existing installation: pip 9.0.1
Uninstalling pip-9.0.1:
Successfully uninstalled pip-9.0.1
Successfully installed pip-19.3.1


Then I installed scapy using pip:

C:\Users\rod>pip install –pre scapy[basic]
Collecting scapy[basic]
Downloading (905kB)

After that I was able to run some scapy scripts against network packet captures. Here is one. In this example python/scapy script that reads a file called “capture” and counts packets and outputs to standard output.

*** START of python scapy file *****
from scapy.all import rdpcap

Read capture with Scapy

filename = ‘capture.pcap’
packets = rdpcap(filename)

Create sets to store source and ip addresses

This automatically allows us to count the number of unique addresses!

source_ips = set()
destination_ips = set()
IP = ‘IP’

Loop through all packets in capture

for packet in packets:
# If the packet has IP layer information…
if IP in packet:
source_ip = packet[IP].src
destination_ip = packet[IP].dst


print(‘There are ‘ + str(len(source_ips)) + ‘ unique source IP addresses.’)
print(‘There are ‘ + str(len(destination_ips)) + ‘ unique destination IP addresses.’)

*** END of python scapy file *****

ccie wireless

The CCIE tests are going to ask you many questions about specifics of routers and switches. Even if you take the CCIE wireless, they will ask you switch and router questions, because come on, you are supposed to be an internet expert! So do you really know the basics of switches? How about troubleshooting a connection? Cable test commands? How about “test capwap ap super” commands? You better!

You start a switch based cabled test with this command

“test cable-diagnostics tdr interface gigabitEthernet 1/0/33”

After the test is run, about 45 seconds, type this command:

superswitch1007-RX001#show cable-diagnostics tdr interface gigabitEthernet 1/0/33
TDR test last run on: December 09 10:13:25

Interface Speed Local pair Pair length Remote pair Pair status

Gi1/0/33 1000M Pair A 27 +/- 10 meters Pair A Normal
Pair B 27 +/- 10 meters Pair B Normal
Pair C 27 +/- 10 meters Pair C Normal
Pair D 27 +/- 10 meters Pair D Normal

Interface Speed Local pair Pair length Remote pair Pair status

What about abnormal conditions? Look out the output below. This is a 100megabit only network device, it actually did function at 100mbps with the below two pairs shorted.

Gi1/0/32 100M Pair A 0 +/- 1 meters Pair A Normal
Pair B 0 +/- 1 meters Pair B Normal
Pair C 33 +/- 1 meters N/A Short
Pair D 34 +/- 1 meters N/A Short

Need to do minor capwap WLC or CAPWAP ap testing, from a switch? You might find it useful to know these commands:

superswitch1007-RX001#test capwap ?
ap Cisco AP
cavium-scale Cavium Scalability Test Hack
data CAPWAP data tunnel
ha-ut ha unit test helper
memory Memory allocation and dellocation reference-counter
multicast CAPWAP multicast tunnel

superswitch1007-RX001#test capwap data ?
attrib Modify CAPWAP data tunnel attribute
create Create CAPWAP data tunnel
delete Delete CAPWAP data tunnel

superswitch1007-RX001#test capwap mult
superswitch1007-RX001#test capwap multicast ?
create Create CAPWAP multicast tunnel
delete Delete CAPWAP multicast tunnel

superswitch1007-RX001#test capwap ap ?
name AP Name

superswitch1007-RX001#test capwap ap


Copied from a good cisco article, about MPTCP (multipath TCP). The use case that I see is something more like the picture below, which shows a bit more detail. So for MPTCP, most people use a linux server wit MPTCP support. See diagram:

Here we make a user out on the internet able to connect to Rods House using a faster connection. Using two different carriers, the mobile phones provide redudancy. How to do it? More details on AP bridge, MPTCP server configuration to come.

wireless antenna diversity

Thanks to Mrn CCIEW
for putting a new 802.11ax packet capture for research to the public. Many features few in the legacy wireless protocols (802.11n, 802.11ac) worth understanding.

Beamforming and MIMO? I still am a bit confused with the extreme focus on MIMO and beamforming. Yes that’s great technology, but there are other functions that are still important, like antenna selection. Perhaps antenna selection is there somewhere, but I only see antenna selection (ASEL) in 802.11n. Seems to me that in many cases, you will have simple wireless systems that need to only select between 2 or more antenna. Antenna selection can quickly improve radio signal. Remember an antenna can transmit a signal in three dimensions, and polarity varies also. That is millions of combinations!! Out of those millions of possibilities, some provide better signal than others. Simple switching of antenna (diversity) selection is often really the only important feature for simple radio connections. Antenna diversity and the variety of implementations is explained pretty well, here:

If you combine diversity with feedback between radios, you have powerful system for keeping good radion links. They have some of diversity and feedback in these protocols, but I’d like to learn more how they can be used in simple radios.

In 802.11n wireless frames, a HT Capabilities tag (802.11n D1.10)
26 bytes in length, showing transmit beam forming. Also has an
“Antenna Selection (ASEL) Capabilities. This appears to have antenna feedback possibility. There is Tx sounding PPDU here, also “rx ASEL”

There is also the VHT capabilities (802.11ac, 5ghz only), which has more beamforming but less about antenna selection.

Then there is the HE capabilities (802.11ax/D3.0)

Question. In a indoor environment, testing shows that 5ghz signal always has less range than 2.4 ghz. You notice that 2.4 ghz signal power is actually less dbm than the 5 gigahertz channels. It appears the 802.11a signal, the 5 gigahertz wireless channel sends a more powerful radio signal!! With a stronger signal, yet the range is still considerably less than the 2.4ghz channel. Why is that?

wireless multiband

Wi-Fi Agile Multiband Specification

I read this article about multiband specification. I am not sure it’s explained very well. In the specifications, and access point that has a cellular radio -or- a access point that knows of a cellular access point, can communicate that to clients. The four (4) W questions, What, when, who, and where? When would an wifi access point try to move a client to cellular radio? Who makes that decision? When is the decision finally made? Check out the specifications by going to the link below. You will need to give the wifi alliance your email address.

For these roaming issues, the client is always front and center. The client makes the best roaming decisions. Meaning who should be able to measure the wifi signal and cellular signal, and who should make the routing decision? The client device! And currently, most handsets do this, and make these decisions. One problem most customer cellular equipment has it that it is not using radio aware information to make routing decisions. There could be serious packet loss on the 802.11 wifi radio, yet the equipment will not switch to cellular. There is a problem there that needs fixed. I am unsure that any AP or cellular technology really needs to be involved to resolve this. You just need good monitoring of both radio connections. The disassociation imminent bit (among others) allows clients to move from one AP to another. A roaming process on the 802.11 side should delay any switch to cellular. . . until a certain number of beacons or packets are lost. It should at least be a setting that is available for clients to change, if roaming becomes a persistant problem. Ideal would be a setting to enforce multi-radio roaming ability, and have three choices, 1.normal 2. Weak, or 3. aggressive roaming.

“Once a Wi-Fi Agile Multiband AP starts operating in a DFS channel, other Wi-Fi Agile Multiband APs within the network might steer certain currently associated STAs to the BSS operating in the DFS channel, until such point that the load across the non-DFS and DFS channels is evenly balanced. This steering should be performed by sending a BTM Request frame and including the BSS operating in the DFS channel in the BSS Transition Candidate List of the BTM Request, with a high preference value. The Disassociation Imminent bit could be set to either zero or one, depending on the network’s preference of suggesting or requiring the Wi-Fi Agile Multiband STA to move to the AP operating in the DFS channel. “

From WifiAlliance document @

cisco rrm

See red arrow, “Avoid Cisco AP load’

A well running Cisco wireless setup will use a WLC. This can be either a virtual WLC, a hardware WLC, or an embedded WLC (running in the access points). A good running WLC should be able to monitor and correct many radio issues. Cisco RRM will do alot of the work a normal wireless tech would need to do. One of them is dynamic channel assignment. One feature I don’t see used often is “Avoid cisco AP load”. See it in the picture above. In dense environments, where many access points service multiple clients near the same area, this may help the WLC/RRM choose better channels. The WLC will poll the access points and use the load statistics from the various access points. The load data is used for channel assignment. . . hopefully resulting in better performance. Make sure the other settings are checked as shown, also. The DCA channels will be set by default, you can leave those as shown. Remember this screen is only for one band. . . there is separate settings for 2.4 gigahertz and 5 gigahertz. You must set these on both places!!!

read some more about it

NDP packets

Wireless NDP packets are what Cisco uses to communicate between each access point. For understanding of how the wireless infrastructure can automatically manage radio channels, you will need to understand NDP. For example, in 802.11b/g , NDP packets are sent from each AP every 60 seconds on each serviced channel, so that means an listening AP will get a NDP packet sent on channel 1, because an AP does indeed listen on every channel? I believe this is the case.

For the AP waiting to receive an NDP packet, it will see the NDP on channel 1, even if its operating and linked with a BSS on channel 11 ? Similar to how your laptop can see other access points (on various channels) even while operating with a configured AP

learning switch configs and ipv6

Another day learning networking.
Learned a bit about capabilities of switches, here:

Which led me to device sensor. . .and SmartPorts. A macro that configures the switch, depending on what it finds. I can see it useful for autoconfiguring ports for wireless AP, whenever connected to an interface, the switch sees the wireless AP via CDP neighbor. . . then it can set the proper VLAN for the wireless AP.

And IPv6 protection. From Cisco security configuration guide: Upper layer header is placed at the end of Extended Header (EH) chain in IPv6 packet, as it described in RFC 2460. If the complete upper layer header is not present in the IPv6 packet, then the router cannot process the packet. These packets may be misconfigured, corrupted, or malicious packets.
You may choose to drop these packets using IPv6 ACL with undetermined-transport option.


config t
(config)#ipv6 access-list superblock
(config-ipv6-acl)#deny udp any eq 547 any
(config-ipv6-acl)#deny ipv6 any any undetermined-transport
(config-ipv6-acl)#permit ipv6 any any
(config-ipv6-acl)#interface g0/3
(config-if)#ipv6 traffic-filter superblock in