Spectrum Analyzer – CWAP#13
Spectrum Analyzer – comprises of 15% syllabus for CWAP-403 exam. You can roughly expect around 9 questions from this section. Spectrum Analyzers range in price from a few hundred $ to thousands. They are not free to use like in the case of Wireshark etc..
I was unable to source spectrum analyzers easily and ended up not reading thoroughly on this topic My first attempt for CWAP-403 exam did not achieve the required passing score. I scored 44% on this section, hence I am writing this blog post to strengthen my understanding and also for those who are on the lookout for studying and understanding the concepts. The knowledge that is tested around this section comprises mainly around the terminologies related to Spectrum Analyzers and the understanding the patterns in tables/layouts displayed in the application.
The terminologies include Duty Cycle, Sweep Cycle, FFT, Resolution Bandwidth, Utilization, Domains and a few more. An understanding is required to demonstrate that one is able to locate the interfering devices and recognizing patterns using various Spectrum Analyzer applications.
A few known concepts before diving into Spectrum Analysis.
Cycle / Wavelength : A wave form which starts at the center, climbs in energy to the highest point, called the peak; returns to the center; then drops to the weakest point, called the trough and then continues till it finally attenuates and looses the energy. Wavelength is often measured from peak to the next peak.
Amplitude : Determined by the height, force or power of the wave.
Frequency: Number of cycles within one second. E.g. 2.4GHz generates 2.4 billion times of cycles every second.
λ = Wavelength
C = Speed of light (186000 miles per second)
2.4 GHz = 12.5cm
5 GHz = 6cm
Free Space Path Loss (FPSL) – Loss of signal as it travels through free space. This is a theoretical value, as in the real world, there may be many obstacles, reflection, scatter which need to be accounted when estimating the signal at a location. FPSL is based on inverse square law, originally developed by Isaac Newton. You don’t need to know below formula for the exam.
FSPL = 36.6 + (20log10(f)) + (20log10(d))
FSPL = path loss in dB
f = frequency in MHz, d = distance in miles between antenna
RF Mathematics
dB is logarithmic ratio of values
- We add gains +3dB = x2
- We subtract losses -3dB = /2
- We add gains +10dB = x10
- We subtract losses -10dB = /10
- dBm is power measurement relative to 1mW
- dBi is the forward gain of an antenna compared to istropic antenna.
RSSI
- RSSI is a metric that is specified by measuring the amount of energy associated with the bits received via wireless NIC.
Noise Floor
- Background level of radio energy that exist in a medium on a specific channel which is analyzed.
SNR
- SNR can be presented as a dB value or as the difference between the RSSI(signal) and the noise floor(noise). High SNR is better performance.
Receive Sensitivity
Receive Sensitivity refers to the power level of an RF signal required to be successfully received by the receiver radio.
Wireless NICs
- Use Antenna and coding filter to keep out of unwanted RF and bits.
- Will use some of the specific information gleaned from the RF to bit transition process to actually add info to the wireless frame.
- The additional information is added to the receiving station and known as Radiotap Header.
- All the info shown on the Radiotap Header is in reference to “receiving station” and “not transferring station”
The Hardware
- Mobile / Integrated
- Mobile spectrum analyzers like protocol analyzers use the adapters present in laptops.
- Integrated spectrum analyzers use APs to monitor the RF.
- Popular mobile analyzers include AirMagnet, Spectrum XT, Metageek Wi-Spy DBx etc..
- Integrated spectrum example may include Cisco Clean Air software to pull spectrum data from the AP.
The Software
- Three popular applications available for mobile analysis, they are AirMagnet Spectrum XT, Metageek Chanalyzer, Cisco Spectrum Expert.
Spectrum Analysis Terminology
Duty Cycle
- Duty Cycle indicates the fraction of time a resource is busy.
- FFT (Fast Fourier Transform) Duty Cycle measurements are important way to determine potential interference/impact of an RF transmitter on WLAN operations. Duty cycle measures the amount of time in which the amplitude is above some arbitrary threshold. Threshold can vary from each software. (such as -95dBm, or 15dB above noise floor or -75dBm).
Sweep Cycles
- In higher end spectrum analysis tools, a sweep is measured as a single scan of the bandwidth span. So if one is measuring 100 MHz of spectrum, a sweep is how long it takes to scan that 100 MHz band a single time.
- For e.g. a real-time FFT plot shows amplitude (Y axis) plotted over frequency (X axis). Within the real-time FFT chart, there may be a trace for the maximum amplitude over the last sweep or possibly a “max hold” over all previous sweeps. When the plot updates after the next sweep, the data will be refreshed with new information and will be relative to the previous sweep.
Resolution Bandwidth
- RBW is a reference to the smallest frequency that can be resolved by the receiver.
- RBW should be low enough to resolve spectral components of the transmission being measured.
Waterfall Plots
- Same data from FFT plot but adding the time dimension.
- A waterfall plot is a three-dimensional plot in which multiple curves of data, typically spectra, are displayed simultaneously.
Wi-Fi Integration
As spectrum analysis tools have improved and developed, more emphasize is given on data reporting and analysis have moved tighter integration and correlation with Wi-Fi information.
RF Signature Characteristics
- Shape
- Patterns
- Uniqueness
- Frequency
- Pulse vs. Constant
- Duty Cycle
- Frequency Hopping
I have not documented individual interference examples from various sources. This is nicely documented on the metageek website and you can click here for references.
Other useful references
EXAM MOMENT: When locating devices, use a directional antenna to aid in the location of the signal source. Study about Duty Cycles, FFT, Swept Spectrogram and other interference patterns.
[…] Exam Specific only as I’ve outlined another post on this topic here […]