// writing

Things I've had to figure out myself

Field notes from 15 years of Wi-Fi. No textbook covers what happens when the real world collides with the spec. Every post includes a sample PCAP — open it in WiFi Analyser and reproduce what I found.

802.11be · wi-fi 7
MLO doesn't roam — it negotiates. Here's the difference in the frames.
Your tools are reading the wrong MAC address. The MLD MAC is not the one to filter on.
coming soon
+ pcap included
pcap · eap-tls
EAP-TLS failures in 5 minutes: the three patterns that cover 90% of cases
Cert expiry, handshake abort, silent timeout. They all look like association failure.
coming soon
+ pcap included
security · rogue ap
Evil twin detection beyond SSID name matching
BSSID vendor mismatch, RSSI delta, cipher downgrade, beacon rate. SSID is the last thing I trust.
coming soon
+ pcap included
802.11r · roaming
Why your 802.11r deployment is failing — reading status code 53 in Wireshark
Your controller says roam successful. Your PCAP says status 53. Here is what that means, why controllers miss it, and how to find it in two minutes.
April 2026
read →
6 ghz · bss color
Your 6 GHz is slower than it should be. BSS Color collision is probably why.
Spatial reuse only works if color assignment is correct. In dense deployments it rarely is.
coming soon
+ pcap included
One post, every two weeks. No filler.
Protocol analysis, Wi-Fi 7 field notes, and new PCAPs for the Frame Lab.