Installation guide

ManualsBrandsProxim ManualsComputer equipmentHarmony 802.11a Network Adapter 802.11a

WIRELESS GUIDE

FOR USE WITH SNIFFER PORTABLE 4.8

Sniffer

Technologies

Summary of content (174 pages)

PAGE 1
WIRELESS GUIDE Sniffer ® Technologies FOR USE WITH SNIFFER POR TABLE 4.
PAGE 2
COPYRIGHT © 2005 Network General Corporation. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Network General Corporation or its suppliers or affiliate companies.
PAGE 3
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Getting More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Contacting Network General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii . . . . . . . .
PAGE 4
Contents 4 Installing the Enterasys Adapter / Driver . . . . . . . . . . . . . . . . . . . 25 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Installing the Enterasys RoamAbout Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Windows NT 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Windows XP . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Contents Updating Existing Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Using the Proxim 802.11a Adapter as a Normal Network Adapter . . . . . . . . . . . . . . . . 72 Proxim 802.11a Adapter Installation Notes and Issues . . . . . . . . . . . . . . . . . . . . . . . . . 74 Using the Proxim 802.11a Harmony to Monitor “2X” Networks . . . . . . . . . . . . . . . . 75 8 Creating Local Agents for Wireless LAN Adapters . . . . . . . . . . 79 Overview . . .
PAGE 6
Contents The Dashboard’s Detail Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 The Dashboard’s 802.11 Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Statistics Counters in the 802.11 Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Management Frame Type Counters in the 802.11 Tab . . . . . . . . . . . . . . . . . . 108 Control Frame Type Counters in the 802.11 Tab . . . . . . . . . . . . . . . . . .
PAGE 7
Contents Reassociation Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Rogue Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Rogue Mobile Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Runt WLAN Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Same Transmitter and Receiver Address . . . . . .
PAGE 8
Contents viii Sniffer Technologies
PAGE 9
Preface This guide describes how to install wireless adapters and drivers to run Sniffer® Portable network analyzer on wireless networks, as well as Sniffer software features for wireless networks. Audience This guide is intended for wireless network IT Professionals who are working with Sniffer Portable network analyzer software.
PAGE 10
Preface x Source Contents Sniffer Tool Collection’s Sniffer Capture Format Converter Describes how to use Sniffer Capture Format Converter to convert existing third-party trace files to .cap format. Sniffer Wireless Guide Describes how to install, configure, and operate Sniffer Portable with a supported wireless network adapter. Sniffer Voice Operations Guide Provides information specific to configuring and operating Sniffer Voice.
PAGE 11
Preface Source Contents Help Product information that is accessed from within the application. Release Notes • The Help system provides high-level and detailed information. Access from either the Help menu option or the Help button in the application. • Context-sensitive (also called What’s This?) Help provides brief descriptions of the selections in the application. Access by right-clicking an option, pressing the [F1] control key, or dragging the question icon to an option. README file.
PAGE 12
Preface Contacting Network General Customer Service Get help with license entitlement, registrations, grant number inquiries, tech support validation and more by contacting the Network General Customer Service department at: North America phone: 1-800-764-3337 (1-800-SNIFFER) Email: support@networkgeneral.com Web: http://www.networkgeneral.com/ContactUs.aspx The department's hours of operation are 7:00 AM to 7:00 PM Central time, Monday through Friday. International phone numbers: http://www.
PAGE 13
Preface Customer Service International Address Network General International BV (EMEA) Customer Service Department PO Box 58326 1040 HH Amsterdam The Netherlands Technical Support Visit Network General Technical Support at: • Sniffer University http://www.networkgeneral.com/TechnicalSupport.aspx Sniffer University is a comprehensive educational resource for building and enhancing all network professionals' skills in fault and performance management.
PAGE 14
Preface xiv Sniffer Technologies
PAGE 15
SECTION 1 Installing Wireless Adapters and Drivers Introducing Wireless Functionality Installing the 802.11a/b/g Adapter / Driver Installing the ORiNOCO Gold Adapter / Driver Installing the Enterasys Adapter / Driver Installing the Spectrum 24 Adapter / Driver Installing the Cisco Aironet Adapter / Driver Installing the Proxim 802.
PAGE 16
PAGE 17
Introducing Wireless Functionality 1 Overview Wireless analysis consists of the Sniffer Portable software and a supported wireless adapter and driver. This section provides a brief overview of wireless analysis functionality, including: Supported Wireless Adapters on page 3 Overview of Installing the Wireless Adapters and Drivers on page 5 The following chapters in this section describe how to install each wireless adapter supported by the software with its corresponding enhanced driver.
PAGE 18
Chapter 1 Table 1-1. Supported Wireless Adapters Supported Adapter Notes Atheros AR5001X+ and AR5002X Chipset Wireless Supports 802.11a/b/g. Cisco Aironet 340 (product number PCM-34x) To use the Cisco Aironet with the Sniffer software, you must also have the following: • Version 4.23 or higher of the Aironet firmware This item is available for download from the Cisco web site.
PAGE 19
Introducing Wireless Functionality Overview of Installing the Wireless Adapters and Drivers The wireless analysis software is included as part of the general Sniffer Portable release. Installing the Sniffer software will install the wireless functionality. After installing the Sniffer software, install one of the wireless LAN adapter cards supported by the Sniffer software along with its corresponding Network General driver. This step is performed differently depending on your adapter and operating system.
PAGE 20
Chapter 1 6 Sniffer Technologies
PAGE 21
Installing the 802.11a/b/g Adapter / Driver 2 Overview This chapter describes how to install the adapters and drivers for supported 802.11a/b/g wireless cards. Supported 802.11a/b/g cards include the Atheros AR5001X+ and AR5002X Chipset Wireless cards, the 8660WD 802.11a/b/g Cardbus Card World Gold, the 8480WD 802.11a/b/g Cardbus Card World Gold, and the Proxim Orinoco 11 a/b/g/ Combo Card. Installing the 802.11a/b/g Adapter for: Windows XP on page 7 Windows 2000 on page 9 Using the 802.
PAGE 22
Chapter 2 To install the 802.11a/b/g adapter and driver in Windows XP: 1 After installing the Sniffer software, log into Windows XP as an Administrator. 2 Insert the 802.11a/b/g based wireless card in an available card slot or PCMCIA slot on the target machine. Windows XP will automatically detect the new card and install its native device driver.
PAGE 23
Installing the 802.11a/b/g Adapter / Driver 14 Click Finish to complete the installation. 15 Click OK in the Adapter Properties dialog box. 16 After the enhanced driver for the Cisco Atheros a/b/g card is installed, the Atheros Client Utility (ACU) is disabled. 17 For Sniffer Portable users: If you did not uninstall the QoS Packet Scheduler Service during the installation of the Sniffer Portable software, you should disable it for this adapter now. See the Sniffer Portable Installation Guide .
PAGE 24
Chapter 2 4 In the Install Hardware Device Drivers window, select the Search for a suitable driver for my device option and click Next. 5 In the Locate Driver Files window, check only the Specify a location option and click Next. 6 When prompted, click Browse, navigate to the Atheros.ABG\WinXP subdirectory where the driver files are installed, and click Open. NOTE: The location for Sniffer Portable drivers is C:\Program Files\NAI\SnifferNT\Driver\en\Atheros.ABG\Win2K. 7 Click OK.
PAGE 25
Installing the 802.11a/b/g Adapter / Driver NOTE: For Windows XP, use the Wireless Network tab in the Wireless Network Connection Properties dialog box to set wireless network participation parameters. 802.11a/b/g Adapter Installation Notes and Issues Keep the following notes and tips in mind when working with the 802.11a/b/g wireless adapter: After exiting the Sniffer software, it may take up to a minute for the wireless adapter to transition to normal wireless network participation.
PAGE 26
Chapter 2 Figure 2-1. 802.
PAGE 27
Installing the ORiNOCO Gold Adapter / Driver 3 Overview This chapter describes how to install the ORiNOCO Gold Card and drivers: Installing the ORiNOCO Gold Adapter for: Windows NT 4.
PAGE 28
Chapter 3 NOTE: In most cases, the default resources found by the driver will work. However, in some cases, you may need to identify free resources as described in the following steps. a Select the Windows NT Diagnostics program from the Administrative Tools (Common) program group under the Start menu. b In the dialog box that appears, click the Resources tab. The IRQs currently in use on the PC are listed by number. c The ORiNOCO Gold adapter card can use IRQ 3 through 12 and 15.
PAGE 29
Installing the ORiNOCO Gold Adapter / Driver NOTE: The location for Sniffer Portable drivers is C:\Program Files\NAI\SnifferNT\Driver\en\AgereOrinoco\WinNT. f The Select OEM Option dialog box appears with the ORiNOCO PC Card entry highlighted. Click OK. The Add/Edit Configuration Profile dialog box appears (Figure 3-1). Figure 3-1.
PAGE 30
Chapter 3 i After configuring the Default profile for the ORiNOCO Gold adapter, click OK. j At this point, you can add or edit other profiles to use the ORiNOCO Gold adapter.
PAGE 31
Installing the ORiNOCO Gold Adapter / Driver c In the Adapters tab, verify that the driver for the wireless adapter appears in the following format:. Sniffer (vendor name) - card description If the driver for the wireless adapter does not appear in this format, repeat the driver installation. 8 At this point, the ORiNOCO Gold wireless adapter should be installed with the Network General driver in Windows NT.
PAGE 32
Chapter 3 Figure 3-3. Wireless Network Connection Properties Dialog Box 7 Click Update Driver to open the Hardware Update Wizard. 8 Select Install from a list or specific location (Advanced) and click Next. 9 Select the Don’t search option and click Next. 10 Click Have Disk. 11 In the Install from Disk dialog box, click Browse and navigate to the AgereOrinoco\ WinXP subdirectory where the driver files for the ORiNOCO Gold adapter are installed.
PAGE 33
Installing the ORiNOCO Gold Adapter / Driver 15 Click OK in the Adapter Properties dialog box. 16 For Sniffer Portable users: If you did not uninstall the QoS Packet Scheduler Service during the installation of the Sniffer Portable software, you should disable it for this adapter now. See the Sniffer Portable Installation Guide for detailed information. 17 Create a new local agent in to use the adapter. See Creating a Local Agent to Use the Wireless LAN Adapter on page 79.
PAGE 34
Chapter 3 5 In the Locate Driver Files window, check only the Specify a location option and click Next. 6 When prompted, click Browse, navigate to the AgereOrinoco\WinXP subdirectory where the driver files are installed, and click Open. NOTE: The location for Sniffer Portable drivers is C:\Program Files\NAI\SnifferNT\Driver\en\AgereOrinoco\Win2K. 7 Click OK. 8 Windows 2000 scans for the driver and presents the Driver Files Search Results window.
PAGE 35
Installing the ORiNOCO Gold Adapter / Driver 6 Select the Display a list of the known drivers for this device so that I can choose a specific driver option and click Next. 7 In the dialog box that appears, click Have Disk. 8 When prompted, click Browse and navigate to the AgereOrinoco\Win2k subdirectory where the driver files are installed. NOTE: The default Sniffer Portable location for all drivers: C:\Program Files\NAI\SnifferNT\Driver\en 9 Click Open in the Locate File dialog box.
PAGE 36
Chapter 3 Figure 3-4. ORiNOCO Client Manager Warning 16 Click Finish to finish the driver installation and restart the computer. 17 Verify that the correct driver is installed by examining its Device Name entry in the Network and Dial-Up Connections window: a Right-click My Network Places and select Properties.
PAGE 37
Installing the ORiNOCO Gold Adapter / Driver Using the wireless adapter’s vendor-supplied configuration utility. See the ORiNOCO Gold documentation for details. NOTE: For Windows XP, use the Wireless Network tab in the Wireless Network Connection Properties dialog box to set wireless network participation parameters.
PAGE 38
Chapter 3 24 Sniffer Technologies
PAGE 39
Installing the Enterasys Adapter / Driver 4 Overview This chapter describes how to install the Enterasys RoamAbout adapter card and driver for the Sniffer software. This chapter includes the following sections: Installing the Enterasys RoamAbout Adapter for: Windows NT 4.
PAGE 40
Chapter 4 5 Insert the Enterasys RoamAbout wireless adapter in an available Type II PC card slot on the target machine. 6 Locate an available I/O Port and interrupt number: NOTE: In most cases, the default resources found by the driver will work. However, in some cases, you may need to identify free resources as described in this step. a Go to Start > Administrative Tools (Common) > Windows NT Diagnostics. b Click the Resources tab.
PAGE 41
Installing the Enterasys Adapter / Driver Enterasys RoamAbout adapter by uninstalling a conflicting device. d Click I/O Port. e The I/O Port windows currently in use on the PC are listed. The Enterasys RoamAbout adapter card can use I/O base addresses from 0180 to F000. Determine if one of these I/O base addresses is available and write down its number for later use.
PAGE 42
Chapter 4 Figure 4-2. The Add/Edit Configuration Profile Dialog Box NOTE: Click Edit Profile to enable the OK button in the Add/Edit Configuration Profile dialog box. h Select the Adapter tab in the Edit Configuration dialog box and set the I/O Base Address and Interrupt options to the same values you recorded for the Enterasys RoamAbout adapter in Step 6 on page 26. NOTE: Occasionally, Windows NT may have some difficulty installing the wireless adapter’s driver even after allocating free resources.
PAGE 43
Installing the Enterasys Adapter / Driver The Wizard installs the selected driver. During installation, you may see the error message shown in Figure 4-3 if the Client Manager software is not installed. You can safely ignore this message. The Client Manager can be installed later. Figure 4-3. Client Manager Warning l Click Close on the Network control panel. The system installs the card according to your settings and updates the bindings.
PAGE 44
Chapter 4 Windows XP This section describes how to install the Enterasys RoamAbout adapter and driver on a Windows XP system. To install the Enterasys RoamAbout adapter and driver in Windows XP: 1 Ensure the Sniffer software is properly installed. 2 Log into Windows XP as an Administrator. 3 Insert the Enterasys RoamAbout adapter in an available Type II PC card slot on the target machine. Windows XP automatically detects the new card and installs its native device driver.
PAGE 45
Installing the Enterasys Adapter / Driver 13 Click Open in the Browse dialog box. You are returned to the Install from Disk dialog box. 14 Click OK in the Install from Disk dialog box. If the operating system is configured to alert you to unsigned drivers, a dialog box will appear warning you that you are about to install a driver that has not been verified by Microsoft Corporation. 15 Click Continue Anyway to continue the installation. The wizard installs the driver.
PAGE 46
Chapter 4 First Time Installation For Windows 2000, you install an adapter for the first time by inserting the card in the PC and using the Found New Hardware Wizard. To install the Enterasys RoamAbout adapter and driver in Windows 2000 for the first time: 1 Ensure the Sniffer software is properly installed. 2 Log into Windows 2000 as an Administrator. 3 Insert the Enterasys RoamAbout wireless adapter in an available Type II PC card slot on the target machine.
PAGE 47
Installing the Enterasys Adapter / Driver The Digital Signature Not Found warning appears asking you if you want to continue the installation. 11 At this point, the rest of the installation procedure is the same as the Update procedure. Continue with Step 15 on page 34. Updating Existing Drivers For Windows 2000, you update an existing driver using the Device Manager. The procedure is the same regardless of whether you are updating the vendor’s existing driver or a previous version of the Sniffer driver.
PAGE 48
Chapter 4 11 Click Open in the Locate File dialog box. 12 Click OK in the Install from Disk dialog box. Windows scans for the driver and presents a dialog box listing different cards supported by the specified driver. 13 Select the entry corresponding to your card and click Next. 14 The Upgrade Device Wizard indicates that it is ready to install the selected driver. Click Next to begin installing the driver.
PAGE 49
Installing the Enterasys Adapter / Driver Using the Enterasys RoamAbout as a Normal Network Adapter When the Sniffer software is connected to the Enterasys RoamAbout wireless adapter, the card operates in promiscuous mode and cannot participate as an active member of the wireless LAN. However, when the Sniffer software is not connected to the Enterasys RoamAbout, you can use the adapter to participate actively in a wireless network.
PAGE 50
Chapter 4 Enterasys RoamAbout Installation Notes and Issues Keep the following notes and tips in mind when working with the Enterasys RoamAbout wireless adapter: After exiting the Sniffer software, it may take up to a minute for the wireless adapter to transition to normal wireless network participation. Do not use the client utility provided with the Enterasys RoamAbout while the Sniffer software is running.
PAGE 51
Installing the Spectr um 24 Adapter / Driver 5 Overview This chapter describes how to install the Spectrum 24 Model 4121 adapter card and driver for the Sniffer software: Installing the Spectrum 24 Model 4121 in Windows NT 4.
PAGE 52
Chapter 5 b In the dialog box that appears, click the Resources tab. The IRQs currently in use on the PC are listed by number. Figure 5-1. Finding Available Resources for the Spectrum 24 Wireless LAN Adapter c The Spectrum 24 card can use IRQs 2 through 15. Determine if one of these IRQs is available and write down its number for later use. NOTE: If all of these IRQs are already in use, you will need to make one of them available for the Spectrum 24 adapter by uninstalling a conflicting device.
PAGE 53
Installing the Spectrum 24 Adapter / Driver 6 Next, install the driver provided by Network General for the Spectrum 24 adapter: a Start the MS-Windows Network control panel by right-clicking on the Network Neighborhood icon on the desktop and selecting the Properties command from the menu that appears. b Click the Adapters tab of the Network control panel. c In the Adapters tab, click Add. d The Select Network Adapter dialog box appears. Click Have Disk.
PAGE 54
Chapter 5 Figure 5-3. The WLAN Adapter Tab i Set the Interrupt Number, IO Port Address, and Memory Base Address options to the same values you recorded for the Spectrum 24 adapter in Step 5 on page 37 and click OK. NOTE: Occasionally, Windows NT may have some difficulty installing the wireless adapter’s driver even after allocating free resources. If this happens, try changing some of the resource settings for the card (IRQ, I/O Port, or Memory address) to other free resources.
PAGE 55
Installing the Spectrum 24 Adapter / Driver l Click OK in the Symbol Spectrum24 WLAN Easy Setup dialog box. m Click Close on the Network control panel. The system installs the card according to your settings and updates the bindings. n When installation finishes, the system prompts you to configure the TCP/IP properties for the Spectrum 24 adapter (if TCP/IP is bound to it). Binding TCP/IP to the Spectrum 24 adapter is not required for the Sniffer software.
PAGE 56
Chapter 5 Troubleshooting Spectrum 24 Installation Issues in Windows NT If you have performed the installation procedures in the previous section and are having difficulties getting the system to recognize the adapter because of IRQ, I/O Port, or Memory Base Address conflicts, you can try installing the Spectrum 24 with its native driver provided by Symbol Technologies to locate available hardware resources.
PAGE 57
Installing the Spectrum 24 Adapter / Driver 4 Next, reinstall the Network General driver for the Spectrum 24 adapter as described in Step 6 on page 39. When you reach the step where you need to specify the IRQ, I/O Port, and Memory Base Address values in the Spectrum 24 Adapter Properties dialog box, specify the values you recorded in Step 2, above. Installing the Spectrum 24 Model 4121 Adapter in Windows XP This section describes how to install the Spectrum 24 adapter and driver on a Windows XP system.
PAGE 58
Chapter 5 Figure 5-4. Wireless Network Connection Properties Dialog Box 7 Click Update Driver. The Hardware Update Wizard starts. 8 Select the Install from a list or specific location (Advanced) option. and click Next. 9 Select the Don’t search option and click Next. 10 Click Have Disk. The Install from Disk dialog box appears prompting you to supply the path to the driver to install. 11 Click Browse and navigate to the SymbolSpectrum24HR\WinXP subdirectory where the driver files are installed.
PAGE 59
Installing the Spectrum 24 Adapter / Driver If the operating system is configured to alert you to unsigned drivers, a dialog box will appear warning you that you are about to install a driver that has not been verified by Microsoft Corporation. 14 Click Continue Anyway to continue the installation. The wizard installs the driver. When it has finished, it displays a screen indicating that the driver is installed. 15 Click Finish to complete the installation.
PAGE 60
Chapter 5 2 Insert the Spectrum 24 wireless adapter in an available Type II PC card slot on the target machine. Windows 2000 presents a Wizard to help you install a new driver for the Spectrum 24 adapter. NOTE: If Windows 2000’s plug-and-play feature automatically installs a driver for the adapter instead of starting the Found New Hardware Wizard, turn to Updating Existing Drivers on page 47 to update the existing driver. 3 Click Next in the Wizard window.
PAGE 61
Installing the Spectrum 24 Adapter / Driver Updating Existing Drivers For Windows 2000, you update an existing driver using the Device Manager. The procedure is the same regardless of whether you are updating the vendor’s existing driver or a previous version of the Sniffer driver. To update an existing driver for the Spectrum 24 adapter in Windows 2000: 1 After installing the Sniffer software, log in to Windows 2000 as an Administrator.
PAGE 62
Chapter 5 10 Click Open in the Locate File dialog box. 11 Click OK in the Install from Disk dialog box. Windows scans for the driver and presents a dialog box listing different cards supported by the specified driver. 12 Select the entry corresponding to your card and click Next. 13 The Upgrade Device Wizard indicates that it is ready to install the selected driver. Click Next to begin installing the driver.
PAGE 63
Installing the Spectrum 24 Adapter / Driver 16 When you have finished configuring the options in the Symbol Spectrum24 WLAN Easy Setup dialog box, click OK. The Wizard installs the selected driver. When it has finished, it presents the Completing the Found New Wizard window. 17 Click Finish to finish the installation. 18 Restart the computer.
PAGE 64
Chapter 5 Using the Spectrum 24 as a Normal Network Adapter When the Sniffer software is connected to the Spectrum 24 wireless adapter, the card operates in promiscuous mode and cannot participate as an active member of the wireless LAN. However, when the Sniffer software is not connected to the Spectrum 24, you can use the adapter to participate actively in a wireless network.
PAGE 65
Installing the Spectrum 24 Adapter / Driver Windows XP 1 Open the Network Connections folder by selecting the Start > Control Panel > Network Connections option. 2 Right-click the Wireless Network Connection entry associated with the Symbol Spectrum 24 adapter and select the Properties command from the menu that appears. The Wireless Network Connections Properties dialog box appears.
PAGE 66
Chapter 5 52 Sniffer Technologies
PAGE 67
Installing the Cisco Aironet Adapter / Driver 6 Overview This chapter describes how to install the Cisco Aironet 340/350 adapter card and driver for the Sniffer software. Installing the Cisco Aironet in Windows NT 4.
PAGE 68
Chapter 6 b Install the Aironet Client Utility according to the instructions on the Cisco web site. Install with the following settings: - When the installation program prompts you to select the preferred server-based authentication method, select None. - When the installation program asks you which components you would like to install, select all components. 5 Restart the computer and log in to Windows NT as an Administrator.
PAGE 69
Installing the Cisco Aironet Adapter / Driver Figure 6-1. Selecting an IRQ for the Cisco Aironet Wireless LAN Adapter c The Cisco Aironet card can use IRQs 3 through 15. Determine if one of these IRQs is available and write down its number for later use. NOTE: If all of these IRQs are already in use, you will need to make one of them available for the Cisco Aironet adapter by uninstalling a conflicting device. d Click I/O Port at the bottom of the Windows NT Diagnostics window (Figure 6-1).
PAGE 70
Chapter 6 8 Install the driver provided by Network General for the Aironet 340 adapter: a Start the MS-Windows Network control panel by right-clicking on the Network Neighborhood icon on the desktop and selecting the Properties command from the menu that appears. b Click the Adapters tab of the Network control panel. c In the Adapters tab, click Add. d The Select Network Adapter dialog box appears. Click Have Disk.
PAGE 71
Installing the Cisco Aironet Adapter / Driver Client Name Not necessary for the Sniffer software. Data Rates Set to Auto. Infrastructure Mode Set to Yes. Interrupt Set to the same value you recorded in Step 7 on page 54. IO Base Address Set to the same value you recorded in Step 7 on page 54. Power Save Mode Set to CAM. SSID Not necessary for the Sniffer software.
PAGE 72
Chapter 6 9 If you will also use this adapter for normal wireless LAN activities, use the Aironet Client Utility to configure the card’s SSID, WEP keys, and so on. See your Aironet documentation for details.
PAGE 73
Installing the Cisco Aironet Adapter / Driver 5 Click Configure. The Adapter Properties dialog box for the Cisco Aironet 340/350 adapter appears. 6 Click the Driver tab. Figure 6-3. Wireless Network Connection Properties Dialog Box 7 Click Update Driver. The Hardware Update Wizard starts. 8 Select the Install from a list or specific location (Advanced) option. and click Next. 9 Select the Don’t search option and click Next. 10 Click Have Disk.
PAGE 74
Chapter 6 NOTE: The location for Sniffer Portable drivers is C:\Program Files\NAI\SnifferNT\Driver\en\Cisco340\XP or C:\Program Files\NAI\SnifferNT\Driver\en\Cisco350\XP. 12 Click Open on the Browse dialog box. You are returned to the Install from Disk dialog box. 13 Click OK in the Install from Disk dialog box.
PAGE 75
Installing the Cisco Aironet Adapter / Driver First Time Installation For Windows 2000, you install an adapter for the first time by inserting the card in the PC and using the Found New Hardware Wizard. To install the Aironet 340/350 adapter and driver in Windows 2000 for the first time: 1 Remove any installed copies of the Aironet Client Utility. 2 Reboot the computer. 3 After installing the Sniffer software, log in to Windows 2000 as an Administrator.
PAGE 76
Chapter 6 9 Click OK. Windows 2000 scans for the appropriate driver and presents the Driver Files Search Results window indicating that it has found the driver you specified in the previous step. 10 Click Next in the Driver Files Search Results window. 11 The Digital Signature Not Found warning appears asking you if you want to continue the installation. Click Yes to continue the installation. The Wizard installs the selected driver.
PAGE 77
Installing the Cisco Aironet Adapter / Driver b Remove any installed adapter drivers for the Aironet 340/350. Cisco Systems describes how to do this in the Cisco Aironet Drivers and Utilities web page on their web site at http://www.cisco.com. c 2 Reboot the computer. Start the Device Manager: a Right-click the My Computer icon and select Properties. b In the dialog box that appears, click the Hardware tab. c Click Device Manager.
PAGE 78
Chapter 6 13 The Upgrade Device Wizard indicates that it is ready to install the selected driver. Click Next to begin installing the driver. The Digital Signature Not Found warning appears asking you if you want to continue the installation. 14 Click Yes in the Digital Signature Not Found warning to continue the installation. The Wizard installs the selected driver. When it has finished, it presents the Completing the Upgrade Device Driver Wizard window. 15 Click Finish to finish the installation.
PAGE 79
Installing the Cisco Aironet Adapter / Driver NOTE: Do not make changes to the Cisco Aironet’s configuration while the Sniffer software is running.
PAGE 80
Chapter 6 Cisco Aironet Installation Notes and Issues Keep the following notes and tips in mind when working with the Cisco Aironet wireless adapter: 66 After exiting the Sniffer software, it may take up to a minute for the wireless adapter to transition to normal wireless network participation. Do not use the client utility provided with the Cisco Aironet while the Sniffer software is running.
PAGE 81
Installing the Proxim 802.11a Adapters / Drivers 7 Overview This chapter describes how to install the Proxim Harmony 802.11a CardBus adapter and driver for the Sniffer software. Installing the Proxim 802.11a Adapter in Windows XP on page 67 Installing the Proxim 802.11a Adapter in Windows 2000 on page 69 Using the Proxim 802.11a Adapter as a Normal Network Adapter on page 72 Proxim 802.11a Adapter Installation Notes and Issues on page 74 Installing the Proxim 802.
PAGE 82
Chapter 7 6 Click Browse and navigate to the Proxim\WinXP subdirectory where the driver files are installed. NOTE: The location for Sniffer Portable drivers is :\Program Files\NAI\SnifferNT\Driver\en\Proxim\WinXP. 7 Click Open in the Browse dialog box. You are returned to the Install from Disk dialog box. 8 Click OK in the Install from Disk dialog box.
PAGE 83
Installing the Proxim 802.11a Adapters / Drivers Installing the Proxim 802.11a Adapter in Windows 2000 This section describes how to install the Proxim 802.11a adapter and driver on a Windows 2000 system. The procedure is somewhat different depending on whether you are updating an existing driver for the wireless adapter (either a previous version of the Sniffer driver or another vendor’s driver) or installing the adapter and driver for the first time. Use the appropriate procedure below.
PAGE 84
Chapter 7 NOTE: The location for Sniffer Portable drivers is :\Program Files\NAI\SnifferNT\Driver\en\Proxim\Win2K. 7 Click OK. Windows 2000 scans for the driver and presents the Driver Files Search Results window indicating that it has found the driver you specified in the previous step. 8 Click Next on the Driver Files Search Results window. The Digital Signature Not Found warning appears asking you if you want to continue the installation.
PAGE 85
Installing the Proxim 802.11a Adapters / Drivers 6 Click Next. 7 Select the Display a list of the known drivers for this device so that I can choose a specific driver option and click Next. 8 In the dialog box that appears, click Have Disk. The Upgrade Device Driver Wizard prompts you to supply a path to the device driver. 9 Click Browse and navigate to the following Proxim\Win2K subdirectory for the driver.
PAGE 86
Chapter 7 If the driver for the wireless adapter does not appear in this format, you will need to repeat the installation procedure to install the driver. 18 At this point, the Proxim 802.11a wireless adapter should be installed with the Network General driver in Windows 2000. See Creating a Local Agent to Use the Wireless LAN Adapter on page 79 to create a new local agent in the Sniffer software to use the adapter. Using the Proxim 802.
PAGE 87
Installing the Proxim 802.11a Adapters / Drivers To configure the Proxim 802.11a adapter for normal client operations (Windows XP): 1 Open the Network Connections folder by selecting the Start > Control Panel > Network Connections option. 2 Right-click the Wireless Network Connection entry associated with the Proxim 802.11a adapter and select the Properties command from the menu that appears. The Wireless Network Connection Properties dialog box appears. 3 Click the Wireless Networks tab.
PAGE 88
Chapter 7 2 Right-click the Wireless Network Connection entry associated with the Proxim 802.11a adapter and select Properties. The Connection Properties dialog box appears. 3 Click Configure. The Network Adapter Properties dialog box appears. 4 Click the Advanced tab and use the options that appear to set parameters for normal wireless network participation. NOTE: For Windows 2000, you must leave the Authentication option on the Advanced tab enabled for successful operation.
PAGE 89
Installing the Proxim 802.11a Adapters / Drivers Using the Proxim 802.11a Harmony to Monitor “2X” Networks The Proxim Harmony 802.11a adapter card used by the Sniffer software supports a proprietary extension of the 802.11a standard called 2X (or, occasionally, Turbo). Essentially, this extension allows 802.11a networks to operate at twice the rates stated by the 802.11a specification (for example, instead of the upper limit of 54 Mbps stated for the 802.
PAGE 90
Chapter 7 76 Sniffer Technologies
PAGE 91
SECTION 2 Getting Started with Wireless Functionality Creating Local Agents for Wireless LAN Adapters Configuring Wireless LANs to Capture Advanced Features for Wireless Analysis
PAGE 92
PAGE 93
Creating Local Agents for Wireless LAN Adapters 8 Overview This chapter describes how to create a local agent in the Sniffer software to use the wireless LAN adapter installed in the previous chapters. Creating a Local Agent to Use the Wireless LAN Adapter Before you can use the Sniffer software to capture from a wireless network, you need to define a local agent that will use the wireless LAN adapter you installed in the previous chapters. The following procedure explains how.
PAGE 94
Chapter 8 panel, right-clicking the entry for the adapter you installed in the previous chapters, and selecting Properties. Then make sure that the checkbox next to the Sniffer Driver entry under Components checked are used by this connection is checked. 6 The Netpod Configuration fields do not apply for the wireless LAN adapter. Specify No Pod.
PAGE 95
Configuring Wireless LANs to Capture 9 Overview This chapter describes how to configure the Sniffer software to monitor and capture traffic on your wireless network. This chapter describes how to set options specific to analyzing wireless networks. For information on standard Sniffer software features (such as how to set triggers, filters, and so on), see the software User’s Guide. Options specific to wireless adapters are found in the following areas: Set standard Sniffer software options in the 802.
PAGE 96
Chapter 9 Setting Wireless Options Wireless analysis options are found in the 802.11 tab of the Options dialog box. Display the 802.11 tab by selecting Options from the Tools menu and clicking the 802.11 tab in the Options dialog box (Figure 9-1). NOTE: The 802.11 tab is only available if a wireless LAN adapter is the currently selected adapter. You can change the currently selected adapter using the Select Settings command in the File menu. See Monitoring Wireless Networks on page 81. Figure 9-1. 802.
PAGE 97
Configuring Wireless LANs to Capture Setting Configuration Options The Configuration options (shown in Figure 9-1) let you select the wireless LAN channel(s) you would like the Sniffer software to monitor. You can select the channel(s) to monitor in one of the following ways: Topology Select. Specify 802.11a or 802.11b/g for all wireless cards. After changing the wireless topology mode, the channel surfing and selection options within the 802.
PAGE 98
Chapter 9 NOTE: The Channel Surfing Settings dialog box will appear differently depending on whether the currently selected adapter is 802.11a or 802.11b/g. The dialog box for 802.11a will have more (and different) channels available for selection. They both work in the same way, however. When Channel Surfing is enabled, the Sniffer software monitors the channels selected in the Channel Surfing Settings dialog box (Figure 9-2) in a cycle.
PAGE 99
Configuring Wireless LANs to Capture Setting Encryption Options If the network to be monitored uses Wired Equivalent Policy (WEP) encryption, you can use the Encryption options in the 802.11 tab to specify the keys in use on the network to be monitored. If the correct keys are specified, the Sniffer software can decrypt and decode WEP-encrypted packets during capture.
PAGE 100
Chapter 9 they mean the same thing, the Sniffer software supports both 40-bit and 64-bit encryption. 128-Bit Encryption Although the usage of 128-bit encryption keys is not specified by the 802.11b standard, most vendors implement 128-bit encryption similarly to 64-bit encryption. In a network using 128-bit encryption, each station on the network is programmed with the same four 104-bit shared keys.
PAGE 101
Configuring Wireless LANs to Capture a Specify the length of the key by selecting the appropriate option. Keys can be either None, 40-bit, or 128-bit. Use the None option if no encryption is used on the network. Depending on the length of the key specified, some or all of the adjacent fields become active, enabling you to specify the keys in use. b Specify the exact, case-sensitive value for each key in the adjoining spaces provided.
PAGE 102
Chapter 9 Entering Encryption Keys in ASCII Format To enter WEP encryption keys in ASCII format: 1 Display the Tools > Options > 802.11 tab. 2 Select ASCII for the WEP Key Entry Mode option at the bottom of the 802.11 tab. The 802.11 tab appears as in Figure 9-4. Encryption keys specified in ASCII mode. Figure 9-4. Entering Encryption Keys in ASCII Mode If you have previously entered encryption keys in Hex mode, the Sniffer software automatically converts your entries to ASCII mode.
PAGE 103
Configuring Wireless LANs to Capture 3 You can enter up to four separate encryption keys in ASCII format. Valid ASCII entries include the letters A through Z in either upper- or lower-case, in addition to the numbers 0 through 9. Entries are case-sensitive. Specified keys are interpreted as the following: An empty field is equivalent to a setting of None in Hex entry mode (that is, no encryption is used on the network).
PAGE 104
Chapter 9 3 Use the drop-down list under the Keys Per Channel option to select the channel for which you would like to specify WEP keys (Figure 9-6). The fields in the Encryption section automatically populate with the current WEP key settings for the selected channel. Figure 9-5. Select the Channel for Key Specification 4 Specify the WEP keys for the selected channel in the Encryption section of the 802.11 tab. See Setting Encryption Options on page 85 for details.
PAGE 105
Configuring Wireless LANs to Capture If this option is enabled during capture, the Expert will flag access points whose MAC addresses are not in the Known Access Points list as rogues. If this option is enabled during capture, the Expert will flag mobile units whose MAC addresses are not in the Known Mobile Units list as rogues. Figure 9-6. 802.11 Options Tab Settings The 802.
PAGE 106
Chapter 9 Adding Known Addresses to the Expert’s List To use the rogue identification abilities of the Expert effectively, you must first add the MAC addresses of the known access points and mobile units on your network to the Expert’s list of known wireless unit addresses. There are several ways to do this: Automatically from the real-time Host Table. Automatically from the Expert tab of the postcapture display. Automatically from the Address Book. Manually from the 802.
PAGE 107
Configuring Wireless LANs to Capture Figure 9-7. The Host Table’s 802.11 Tab 4 Right-click any entry in the Host Table and select the Add to Known Wireless Units List command from the context menu that appears. The selected addresses are added to the Expert’s list. You can verify that they have been added by displaying the Tools > Expert Options > 802.11 Options tab. The Known...in the Network lists will include the newly added addresses.
PAGE 108
Chapter 9 NOTE: If the Expert tab is not available, make sure the Expert tab option is enabled in the Display > Display Setup > General tab. 3 Click Wireless Units List at the top of the Expert pane. The Wireless Units Discovered in this trace dialog box appears (Figure 9-8). This dialog box has two separate lists of wireless units discovered in the capture buffer or trace file — one for access points and one for mobile units. NOTE: You can edit the IP Address field in either list.
PAGE 109
Configuring Wireless LANs to Capture 5 By clicking in the checkbox for individual entries to toggle them between selected and unselected. When you have finished selecting the addresses for addition, click Update Known Wireless Units List at the bottom of the dialog box. Those selected addresses not already in the Expert’s list are added. You can verify that they have been added by displaying the Tools > Expert Options > 802.11 Options tab.
PAGE 110
Chapter 9 To add known addresses manually in the 802.11 Options tab: 1 Display the 802.11 Options tab of the Expert Properties dialog box by selecting the Tools > Expert Options command and clicking the 802.11 Options tab in the dialog box that appears. 2 Do you want to add the address of an access point or a mobile unit? To add the address of an access point, click Add AP. A new entry line becomes active in the Known Access Points in the Network list with the active cursor in the MAC Address column.
PAGE 111
Configuring Wireless LANs to Capture Determining a Wireless Unit’s Full Hexadecimal Address If you do not know the full hexadecimal address of a wireless unit (either an access point or a mobile unit) in your network, you should first check the unit. Often, the address is written on the equipment itself. If this does not work, you can use the Expert’s displays to discover the address.
PAGE 112
Chapter 9 NOTE: MAC addresses are always presented in the CSV file in hexadecimal format. Similarly, you can also import CSV files into the Known Access Points or the Known Mobile Units list using the corresponding Import button in the 802.11 Options tab. You can import either CSV files created by exporting the lists from other Sniffer software installations, or CSV files you create yourself following the model above (that is, multiple rows in the IP Address,MAC Address format).
PAGE 113
Advanced Features for Wireless Analysis 10 Overview This chapter describes advanced features wireless analysis with the Sniffer software. Advanced features are a combination of standard Sniffer software features — network monitoring, capturing, decoding, and filtering, as well as features specifically for wireless LANs: The Dashboard includes counters for many different wireless LAN frame types, as well as a Throughput gauge measuring the bit rate of data packets.
PAGE 114
Chapter 10 The Expert analyzer provides Expert analysis specifically for wireless stations at the Wireless Expert layer. In addition, the Expert can generate many wireless-specific Expert alarms. All of the usual upper layer Expert analysis is provided. See Expert Objects and Alarms for Wireless Networks on page 136 and Expert Alarms for Wireless Networks on page 146.
PAGE 115
Advanced Features for Wireless Analysis Notes on Proprietary Implementations of the 802.11a Standard The Proxim Harmony 802.11a adapter card used by the Sniffer software supports a proprietary extension of the 802.11a standard called 2X. Essentially, this extension allows 802.11a networks to operate at twice the rates stated by the 802.11a specification (for example, instead of the upper limit of 54 Mbps stated for the 802.
PAGE 116
Chapter 10 a b c d e f Figure 10-1. The Dashboard Gauge View Table 10-1. Dashboard Contents Item in Figure 10-1 Name Description a Reset Click Reset to reset all counters to zero. b Set Thresholds Click Set Thresholds to set thresholds for alarms based on Dashboard statistics. c Gauge tab and Dashboard gauges When the Gauge tab is selected, four 802.
PAGE 117
Advanced Features for Wireless Analysis Table 10-1. Dashboard Contents Item in Figure 10-1 Name Description e Distribution graphs Click (+) to expand and view configurable graphs of the corresponding statistics. f Short Term and Long Term options Click these options to narrow (Short term) or widen (Long term) the scale of the Network, Detail Errors, and Size Distribution graphs.
PAGE 118
Chapter 10 The Dashboard’s Gauge Tab The Gauge tab is displayed by default when you start the Dashboard. You can see the Gauge tab in Figure 10-1 on page 102. When capturing from wireless networks, the Dashboard’s Gauge tab provides a Throughput gauge. This gauge provides a real-time measurement of the data rate (in bits per second) observed by the Sniffer software. When calculating throughput, the Sniffer software only counts data frames. Management and control frames are not part of this calculation.
PAGE 119
Advanced Features for Wireless Analysis Table 10-2. Detail Error Counters in the Dashboard’s Detail Tab Counter Description PLCPs The number of PLCP errors seen on the network. PLCP errors occur when a wireless station receives a Physical Layer Convergence Protocol header with an invalid checksum.
PAGE 120
Chapter 10 The Dashboard’s 802.11 Tab To view wireless Dashboard statistics, click the 802.11 tab on the Dashboard. In response, the counters shown in Figure 10-3 appear. The Dashboard’s 802.11 tab includes counters for wireless LAN Statistics, Management frame types, and Control frame types. Figure 10-3. The Dashboard’s 802.11 Tab (802.11b/g Network) Statistics Counters in the 802.11 Tab Table 10-3 lists and describes the Statistics counters in the Dashboard’s 802.11 tab.
PAGE 121
Advanced Features for Wireless Analysis Table 10-3. Statistics Counters in the Dashboard’s 802.11 Tab (1 of 2) Counter Description Data Pkts The number of data packets observed on the wireless LAN. Management Pkts The number of Management packets observed on the wireless LAN. Management packets include Association Requests, Probe Requests, and so on. They are counted individually in the Management column of the 802.11 tab. Control Pkts The number of Control packets observed on the wireless LAN.
PAGE 122
Chapter 10 Table 10-3. Statistics Counters in the Dashboard’s 802.11 Tab (2 of 2) Counter Description PLCP Long Pkts The number of PLCP PDUs seen with the “long” preamble and header. This form of PLCP PDU is compatible with legacy equipment from older wireless LANs and supports and operates at either 1 Mbps or 2 Mbps. Data Rate Counters These counters vary depending on the monitored network: • For 802.11b/g networks, there are separate counters for the number of frames sent at 1, 2, 5.
PAGE 123
Advanced Features for Wireless Analysis Table 10-4. Management Frame Counters in the Dashboard’s 802.11 Tab (2 of 3) Counter Description Association Responses The number of Association Responses observed on the wireless network. Access points send Association Responses in response to Association Requests from wireless stations. Reassociation Requests The number of Reassociation Requests observed on the wireless network.
PAGE 124
Chapter 10 Table 10-4. Management Frame Counters in the Dashboard’s 802.11 Tab (3 of 3) Counter Description Authentications The number of Authentication packets observed on the wireless network. Stations and access points send Authentications to identify one another securely. Deauthentications The number of Deauthentication packets observed on the wireless network. Stations and access points send Deauthentications to end secure communications with one another. Control Frame Type Counters in the 802.
PAGE 125
Advanced Features for Wireless Analysis Table 10-5. Control Frame Counters in the Dashboard’s 802.11 Tab (2 of 2) Counter Description CF End/CF ACK CF End/CF ACK packets are sent to acknowledge CF End packets. BSSID The Basic Service Set Identification (BSSID) for the access point on the channel being monitored. ESSID The Extended Service Set Identification (ESSID) for the channel being monitored.
PAGE 126
Chapter 10 a Figure 10-4. Configurable Dashboard Graph Working with the Dashboard Graphs You work with the configurable graphs as follows: Each possible statistic for the graphs is listed at the right of the graph. Check the boxes of the statistics you would like included in the graph. A line in the corresponding color will appear in the graph for the selected statistic.
PAGE 127
Advanced Features for Wireless Analysis You can widen or narrow the time scale of the graph by clicking the Long term (widen) or Short term (narrow) buttons at the top of the graph. You can reset the statistics in the Dashboard (including the graphs) by clicking Reset at the top of the Dashboard. Setting Thresholds for the Dashboard Statistics You can set alarm thresholds for each of the dials on the Dashboard (as well as many other network statistics).
PAGE 128
Chapter 10 Host Table Counters for Wireless Networks The Host Table for wireless networks works in the same way as the Host Table for other networks — you display it by clicking the Host Table icon in the Toolbar or by selecting the Host Table option from the Monitor menu. In response, the Host Table appears (Figure 10-6), displaying real-time network traffic statistics for each detected station.
PAGE 129
Advanced Features for Wireless Analysis You display the Host Table’s 802.11 tab by clicking it at the bottom of the Host Table window. For each MAC-layer wireless station detected on the network, the 802.11 tab provides the statistics listed and described in Table 10-6. Table 10-6. Host Table Counters in the 802.11 Tab (1 of 4) Counter Description HwAddr The hardware address for this station. Type The type of station. Station types include: • AP — Access Point. • STA — Wireless Station.
PAGE 130
Chapter 10 Table 10-6. Host Table Counters in the 802.11 Tab (2 of 4) Counter Description Data Rate Counters These counters vary depending on the monitored network: • For 802.11b/g networks, there are separate counters for the number of frames sent at 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54, 72, 108 Mbps. • For 802.11a networks, there are separate counters for the number of frames sent at 6, 9, 12, 18, 24, 36, 48, 54, 72, and 108 Mbps. • For legacy 802.11b cards, the speeds remain at 1, 2, 5.
PAGE 131
Advanced Features for Wireless Analysis Table 10-6. Host Table Counters in the 802.11 Tab (3 of 4) Counter Description WEP ICV The number of packets with WEP ICV errors sent by this station. The Wired Equivalent Policy (WEP) is used to encrypt data sent between stations on the wireless network. When two stations exchange WEP-encrypted data, they go through an authentication sequence wherein challenge messages are encrypted and decrypted by sender and receiver.
PAGE 132
Chapter 10 Table 10-6. Host Table Counters in the 802.11 Tab (4 of 4) Counter Description Update Time The last time this station was updated in the Host Table with new statistics. Create Time The time this station’s entry was first added to the Host Table.
PAGE 133
Advanced Features for Wireless Analysis Figure 10-7. The Global Statistics Application’s Channel Surfing Tab (802.11b/g Network) You display the Global Statistics application’s Channel Surfing tab by clicking it at the bottom of the Global Statistics window. For each channel on the wireless network, the Channel Surfing tab provides the statistics listed and described in Table 10-7. Table 10-7.
PAGE 134
Chapter 10 Table 10-7. Counters in the Channel Surfing Tab (2 of 2) Counter Description Data Rate Counters These counters vary depending on the monitored network: • For 802.11b/g networks, there are separate counters for the number of frames sent at 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54, 72, 108 Mbps. • For 802.11a networks, there are separate counters for the number of frames sent at 6, 9, 12, 18, 24, 36, 48, 54, 72, and 108 Mbps. • For legacy 802.11b cards, the speeds remain at 1, 2, 5.
PAGE 135
Advanced Features for Wireless Analysis Post-Analysis Views for Wireless Networks When you display the contents of the capture buffer or a capture file, the Sniffer software interprets and decodes the higher-level protocols within the captured packets using its protocol interpreters. You can display the decoded packets in a variety of formats. Each format appears on a tab at the bottom of the Display window.
PAGE 136
Chapter 10 You display the 802.11 view by clicking the Matrix tab at the bottom of the Display window and then selecting the 802.11 option from the drop-down list at the upper left of the window. The 802.11 view appears as shown in Figure 10-8 (in this case, with the traffic map shown).
PAGE 137
Advanced Features for Wireless Analysis The outline table provides a quick summary of total bytes and packets transmitted between pairs of network nodes. You can also cascade each entry in the table open to see counts of various types of 802.11 frames sent by each station. The detail table provides a quick summary of the 802.11 frame types transmitted by each conversation node pair.
PAGE 138
Chapter 10 Bar chart view Outline table view Sort criteria (Bar and Pie chart) Detail table view Pie chart view Export data to HTML (Table views only) Export data to CSV (Table views only) Select 802.11 in this list Cascade each station’s entry open by clicking the adjacent + sign to see counts for specific 802.11 frame types. Select Host Table tab here Figure 10-9. The 802.11 View in the Post-Analysis Host Table Tab You can view accumulated data as a table, bar chart, or pie chart.
PAGE 139
Advanced Features for Wireless Analysis You can sort a host table by clicking a column heading (for example, to sort the statistics by incoming packets, click the In Pkts column heading). Click a second time to sort in reverse order. The bar chart displays the busiest wireless stations by bytes transmitted. The pie chart displays the busiest wireless stations as relative percentages of the total load of traffic. In the table views, you can export the statistics for tabulation or charting. 802.
PAGE 140
Chapter 10 Pie chart view Table view Bar chart view Display total number or percentage of bytes Display total number or percentage of packets Export data to HTML format (Table view only) Export data to CSV format (Table view only) Select 802.11 in this list Various 802.11 frame types listed by bytes transmitted. Select Protocol Distribution tab here Figure 10-10. The 802.11 View in the Post-Analysis Protocol Distribution Tab You can view accumulated data as a table, bar chart, or pie chart.
PAGE 141
Advanced Features for Wireless Analysis 802.11 Information in the Post-Analysis Statistics Tab For each capture session, the Sniffer software accumulates statistical information to help you analyze the network traffic during the capture period. A summary of this information is displayed in a table on the Statistics tab (Figure 10-11) in the post-analysis Display window.
PAGE 142
Chapter 10 Table 10-8. 802.11 Counters in the Statistics Tab (1 of 2) 128 Counter Description 802.11 Data Throughput The data rate (in bits per second) observed by the Sniffer software for this capture session. When calculating throughput, the Sniffer software only counts data frames. Management and control frames are not part of this calculation. However, the throughput measurement does include the header portions of data frames. 802.
PAGE 143
Advanced Features for Wireless Analysis Table 10-8. 802.11 Counters in the Statistics Tab (2 of 2) Counter Description 802.11 Long PLCPs The number of PLCP PDUs seen with the “long” preamble and header during this capture session. This form of PLCP PDU is compatible with legacy equipment from older wireless LANs and supports and operates at either 1 Mbps or 2 Mbps. Data Rate Counters These counters vary depending on the monitored network: • For 802.
PAGE 144
Chapter 10 Define Filter Options for Wireless Networks The Sniffer software adds several wireless-specific filtering options, including: IEEE 802.11 Packet Type Filters Error Packet Filters You set wireless-specific filters in the Define Filter dialog box’s Advanced tab. You display this tab by selecting the Define Filter command from either the Monitor, Capture, or Display menu. Filters defined from the Monitor menu are monitor filters — they apply to data analyzed by the monitor.
PAGE 145
Advanced Features for Wireless Analysis Filters for 802.11 Packet Types You can set filters on the wireless LAN error packet types listed and described in Table 10-9. Table 10-9. 802.11 Packet Types Available for Filtering Family Packet Type Description Management Association Request Stations send Association Requests to become associated with access points. Management Association Response Access points send Association Responses in response to Association Requests from wireless stations.
PAGE 146
Chapter 10 Table 10-9. 802.11 Packet Types Available for Filtering Family Packet Type Description Control CTS Stations send CTS packets to acknowledge the receipt of an RTS packet and to indicate that they are ready to receive data. Control ACK Stations send acknowledge packets to indicate that they have received an error-free packet. Control CF End CF End packets are sent to indicate the end of a contention period.
PAGE 147
Advanced Features for Wireless Analysis Filters for Wireless LAN Error Packet Types You can set filters on the wireless LAN error packet types listed and described in Table 10-10. Table 10-10. Wireless LAN Error Packet Types Available for Filtering Packet Type Description PLCP Errors PLCP errors occur when a wireless station receives a Physical Layer Convergence Protocol header with an invalid checksum.
PAGE 148
Chapter 10 Postcapture WEP Decryption The Sniffer software can decrypt and decode WEP-encrypted packets either during or after capture. As described in Setting Encryption Options on page 85, you use the Encryption options in the 802.11 tab of the Options dialog box to configure the automatic decryption of WEP-encrypted data during capture. However, you can also perform WEP decryption on trace files containing frames encrypted with a known WEP key set but not decrypted during capture.
PAGE 149
Advanced Features for Wireless Analysis 2 Right-click in the Summary, Detail, or Hex pane to activate the Decode tab’s context menu. 3 Select WEP Decrypt to open the Select WEP Keys dialog box, as shown in Figure 10-14. Select whether you would like to enter the keys as Hexadecimal or ASCII characters. Enable this option to use the WEP keys currently defined in the 802.11 tab of the Options dialog box. Select the length of each WEP key used on the wireless network.
PAGE 150
Chapter 10 a Specify the length of the key by selecting the appropriate option. Keys can be either None, 40-bit, or 128-bit. Use the None option if no encryption is used on the network. Depending on the length of the key specified, some or all of the adjacent fields become active, enabling you to specify the keys in use. b Specify the exact value for each key in the adjoining spaces provided.
PAGE 151
Advanced Features for Wireless Analysis A dedicated Wireless Expert layer for maintaining information on wireless stations and access points. The Wireless layer is found below the DLC layer in the Expert display. The Expert creates network objects at this layer specifically for wireless stations. Unlike the objects at the DLC layer (which are concerned only with data frames), objects at the Wireless layer provide statistics for all wireless frame types (including data, control, and management frames).
PAGE 152
Chapter 10 3 Highlight one of the objects in the Summary pane by clicking it. The Detail pane automatically updates to show detailed statistics for the object selected in the Summary pane. For example, Figure 10-15 shows a network object for a wireless station selected at the Expert DLC layer. The Detail pane shows detailed statistics for the selected object.
PAGE 153
Advanced Features for Wireless Analysis Objects created at the DLC layer with 802.11 information will typically have at least one associated lower layer object at the Wireless layer — for example, a multicast wireless address at the DLC layer will also have a corresponding multicast wireless address at the wireless layer.
PAGE 154
Chapter 10 Traffic Statistics Table The Traffic Statistics table breaks out the frames transmitted and received by the DLC station. Each counter described in Table 10-11 is provided for frames sent from the station, frames received by the station, and total frames sent and received. Table 10-11. Counters in the Traffic Statistics Table Counter Description Frames The number of frames sent from the station, received by the station, and the total frames sent and received by the station.
PAGE 155
Advanced Features for Wireless Analysis Table 10-12. Counters in the Station Identity Table (2 of 2) Counter Description Station Function The function of this station, as learned by the Expert. Possible functions include Workstation, Mobile Unit, Access Point, and so on. Network Type The type of network to which this station belongs. Possible types include: • Infrastructure - part of an extended service set network, with access to a distribution system.
PAGE 156
Chapter 10 Wireless Layer Expert Detail Display for a Wireless Station The Expert creates objects at the Wireless layer for wireless stations based on the 802.11 traffic it observes. A separate object is created for each MAC layer address observed (including multicast and broadcast addresses). Unlike the DLC layer (which is concerned only with data frames for wireless stations), the Wireless layer tracks data, control, and management 802.11 frames.
PAGE 157
Advanced Features for Wireless Analysis Frames send and received by 802.11b/g stations will be broken out into data rate categories between 1 Mbps and 11 Mbps. Regardless of whether the station is 802.11a or 802.11b/g, there will still be a Total counter indicating the total number of the indicated type of frame transmitted and received by this station in all service categories. Table 10-13.
PAGE 158
Chapter 10 Table 10-13. Counters in the Traffic Statistics Table (2 of 2) Counter Description ACK The number of ACK frames sent and received by this station, broken out by service category. Stations send acknowledge frames to indicate that they have received an error-free frame. RTS The number of RTS frames sent and received by this station, broken out by service category. Stations send RTS frames to negotiate how a data frame will be sent.
PAGE 159
Advanced Features for Wireless Analysis Table 10-14. Counters in the Station Identity Table (2 of 2) Counter Description Station Function The function of this station, as learned by the Expert. Possible functions include Mobile Unit, Workstation, Access Point, Broadcast, and Multicast. Frame Type The type of frames seen transmitted by this station. For the Wireless layer, this will indicate whether the frames seen were 802.11a, 802.11b/g, and so on.
PAGE 160
Chapter 10 DLC Listbox The DLC listbox lists the objects at the next higher layer associated with this object. At the Wireless layer, the next higher Expert layer is the DLC layer. For example, the DLC listbox could list multicast addresses to which this wireless station has sent frames. In the case of an access point, this listbox will typically include multiple DLC address (since many stations use an access point for ingress and egress for the wireless network).
PAGE 161
Advanced Features for Wireless Analysis In an ad hoc wireless network (a wireless network with no access to a distribution system), the Expert generates this alarm when it receives beacon and/or probe response frames from a wireless station on a channel other than the channel on which the station is operating. In an 802.11 infrastructure wireless network, access points send beacon frames at a regular interval.
PAGE 162
Chapter 10 The Expert stores the value specified in the Duration field in a buffer. If it does not see the corresponding ACK to the frame (identified by matching sequence numbers) within the value specified by the Duration field, it generates this alarm. Association Failure The Expert generates the Association Failure alarm when it detects an 802.11 Association Response frame with a value other than zero in the Status Code field.
PAGE 163
Advanced Features for Wireless Analysis Wireless stations exchange Authentication frames with access points to authenticate themselves with the network, thereby providing security and privacy. The authentication sequence for 802.11 networks consists of the exchange of either two authentication frames (for open system authentication) or four authentication frames (for shared key authentication), each identified by a transaction sequence number.
PAGE 164
Chapter 10 Deauthentication The Expert generates the Deauthentication alarm when it detects an 802.11 Deauthentication frame. Occasionally, wireless stations need to terminate secure communications with one another or with an access point. To do so, they send Deauthentication frames. Deauthentication frames are a part of normal 802.11 network operations. A relatively small number of these alarms is no cause for concern.
PAGE 165
Advanced Features for Wireless Analysis 1 — Unspecified reason. 4 — Disassociated due to inactivity. 5 — Disassociated because the access point is unable to handle all currently associated stations. 7 — Class 3 frame received from non-associated station. 8 — Disassociated because sending station is leaving (or has left) the network. 9 — Station requesting (re)association is not authenticated with responding station.
PAGE 166
Chapter 10 Possible Cause 1 A relatively small number of these alarms is no cause for concern. 802.11 guarantees the sequential arrival of fragments at a receiving station, but occasionally fragments may be missing due to interference or other network problems. This is why the fragment number exists — so that receiving stations can reassemble data units in the intended order regardless of the sequence in which they arrive.
PAGE 167
Advanced Features for Wireless Analysis success or failure of the request. In this case, the access point denied the Reassociation Request. The exact reason for the denial is found in the Status Code field of the Reassociation Response. The Expert reports both the address of the access point denying the Reassociation Request, as well as the reason for the denial indicated in the Status Code field. 1 — Unspecified failure.
PAGE 168
Chapter 10 In addition, you must also have enabled the Enable Rogue AP Lookup option on the 802.11 Options tab. When the Enable Rogue AP Lookup option is enabled, each time the Expert discovers a new access point, it will compare its MAC address to those in its list of known access points. If the discovered address is not found, the Expert generates the Rogue Access Point alarm.
PAGE 169
Advanced Features for Wireless Analysis Possible Cause In most cases, this is a relatively minor alarm, probably indicating nothing more than that you neglected to add the address of a known mobile unit to the Expert's list. However, you may want to examine the address of the mobile unit indicated in the alarm to make sure that it is not an intruder. Runt WLAN Frame The Expert generates the Runt WLAN Frame alarm when it detects an 802.
PAGE 170
Chapter 10 WEP-ICV Error The Expert generates the WEP-ICV Error alarm when it detects a WEP-encrypted packet with an Integrity Check Value (ICV) which does not match the ICV calculated by the Expert using its own WEP keys. This usually happens when the Sniffer software is configured with an incorrect set of WEP keys. In a wireless network using shared key authentication, each station on the network is programmed with the same four WEP keys (1-4).
PAGE 171
Index in Host Table, 116 BSSID counter in Dashboard’s 802.11 tab, counter in Global Statistics, 120 in Options dialog box, 84 Numerics 128-Bit encryption, 86 40-Bit encryption, 85 802.11 tab, 81 to 82 Encryption options, 85 Security options, 89 Sniffer Configuration options, C 83 A access point determining full hex address, 97 ACK Frame Timeout, 147 Acknowledge counter in Dashboard’s 802.
PAGE 172
D F Data Pkts counter in Dashboard’s 802.11 tab, 107 in Global Statistics, 120 Data Throughput counter in Dashboard’s 802.11 tab, 107 Deauthentication, 150 Deauthentications counter in Dashboard’s 802.11 tab, 110 Define Filter wireless options, 130 Diagnosis in Expert analysis, 137 Disassociation, 150 Disassociations counter in Dashboard’s 802.
PAGE 173
Mcast/Bcast Fragmentation, 151 Mgmt Pkts counter in Global Statistics, 120 Missing Fragment Number, 151 monitoring wireless networks, 81 Multicast counter in Host Table, 115 Probe Requests counter in Dashboard’s 802.11 tab, 109 Probe Responses counter in Dashboard’s 802.11 tab, 109 Proxim adapters installing in Windows 2000, 69 installing in Windows XP, 67 monitoring 2Xurbo networks, 75 using as a normal network adapter, PS Polls counter in Dashboard’s 802.
PAGE 174
installation notes and issues, 51 installing in Windows 2000, 45 installing in Windows NT, 37 installing in Windows XP, 43 troubleshooting installation issues, 42 using as a normal network adapter, 50 Symptom in Expert analysis, 137 T Thresholds Monitor, 113 Transmitter Address Is Broadcast, 155 Transmitter Address Is Multicast, 155 triggers and channel surfing, 84 Type counter in Host Table, 115 U Undersize counter in Host Table, 116 Update Time counter in Host Table, 118 utilization calculations (wirele