Spectrum Analysis on a Budget

Spectrum Analysers are expensive!

How do you get the experience using one if you have to shell out thousands of pounds/dollars for equipment?

This page details setting up a cisco access point as a spectrum analyser. The AP’s can be purchased on ebay for less than £25.

The idea isnt mine. Rowell Dionicio (www.cleartosend.net) gave instructions on setting this up but i havent been able to track them down.

The AP needs to be put into autonomous mode.

To do this you will need

  • Cisco Console Cable
  • Firmware. Im using ap3g1-k9w7-mx.153-3.JD4.tar
  • TFTP Server (TFTPD64)
  • Cisco 3502I Access Point.

 

  • Set the ip address of your PC/laptop to 192.168.100.2
  • Start your TFTP server and copy the firmware file to the relevant folder. I cant answer questions on sourcing the file im afraid.
  • Plug the Console into the AP, and a network cable into the ethernet socket. Start Putty (or your terminal of choice) and connect to the AP (9600,8 data bits,None,1 stop bit,Xon/Xoff)
  • Connect the cable to a POE adapter and the LAN side of the adapter to your PC/laptop. 
  • With the ethernet cable unplugged press the MODE button, plug the ethernet cable in and keep the Mode button pressed for around 30 seconds.
  •  Once the ROMMON has started issue the following commands
  • set IP_ADDR 192.168.100.100
    set NETMASK 255.255.255.0
    set DEFAULT_ROUTER 192.168.100.1
    tftp_init
    ether_init
    flash_init
    tar -xtract tftp://192.168.100.2/ap3g1-k9w7-mx.153-3.JD4.tar flash:

Wait until the process completes. (Around 15 minutes). Once you are back at the prompt set the ap to use the new firmware.

set BOOT flash:/ap3g1-k9w7-mx.153-3.JD4
set MANUAL_BOOT no
set
boot

Once the ap is booted you can connect to it with a web browser on 192.168.100.100. I changed the ip address and wrote it on the back of my ap with a sharpie. Default username is Cisco, Password: Cisco

You now have to put the AP into SE-Connect Mode

To view spectrum analysis data, the Cisco CleanAir AP needs to be placed into SE-Connect (Spectrum Expert Connect) mode. To put the AP into SE-Connect mode, run these commands:

conf t int dot11radio X
no mbssidx
station-role spectrum
exit
exit

Get the NSI Key.

  • Login to the AP. (I Telnet to its ip address rather than using a console cable evertime but its up to you.)
  • Issue command “show spectrum status”
  • This will show the NSI key. This changes at every boot of the ap so you will get used to this process.

Start Spectrum Expert

Select “Remote Sensor”. Enter your NSI key

Your in….

You can monitor both 2.4 and 5ghz at the same time, start another instance of Spectrum expert (hold shift and click on the icon on the taskbar)

The NSI key is the same for both.