airmagnet introductory tutorial lab

Copyright 2006 CWNP Program www.cwnp.com Page 1

AirMagnet Trio Level 1 Objectives

This lab exercise will help the student become familiar with the AirMagnet Trio product. Supported hardware, installation and licensing, loading the special drivers, the user interface, performing live captures, loading saved captures, and understanding the seven main screens are among the topics covered. This is a beginner-level exercise that is primarily used to point out general features, installation, and basic operation of AirMagnet Trio.

Hardware/Software Required

Laptop computers Windows 2000 (sp4) or Windows XP running on each laptop computer AirMagnet Trio v3.x software Netgear WAG511 PCMCIA cards Cisco 1200 series 802.11a/g access point

Introduction

This lab is essential in getting the student familiar with the AirMagnet Trio product, its uses, its supported hardware, loading drivers, and more. Since not all wireless LAN protocol analyzers are licensed and configured the same, its important to walk through these processes step-by-step. Figure 1.1 below shows a screenshot of AirMagnets default Start Screen. Figure 1.2 shows a graphic of the configuration for this lab exercise.

FIGURE 1.1 AirMagnet Trio v3.x Default Start Screen


FIGURE 1.2 Lab exercise configuration

Key Points

Understanding supported PCMCIA card hardware Installing special monitor-mode capable driver for the PCMCIA card Installation and licensing of AirMagnet Trio v3.x Becoming familiar with the seven main screens of AirMagnet Trio v3.x Becoming familiar with the AirMagnet Configuration Menu Becoming familiar with the AirMagnet Tools Menu Basic configuration for a live capture Starting, ending, and saving a live capture Loading a saved capture

Roles

INSTRUCTOR The Instructor is responsible for explaining the lab exercise as it progresses and answering student questions about the AirMagnet Trio product. The instructor will install and configure any wireless LAN equipment necessary for the lab exercise such that the students may concentrate on use of AirMagnet Trio. STUDENT The student is responsible for performing the STUDENT tasks outlined below in the Configuration and Procedure sections of this lab exercise.


Configuration

INSTRUCTOR

1. Access Point 1.1. IP Address = 192.168.100.1 /24 1.2. Disable the 802.11a radio 1.3. Enable the 802.11g radio

Open System Authentication Broadcast SSID = YES No WEP Channel 6 Data Rates: Default Short Preamble SSID: 111

2. Laptop1 2.1. IP = 192.168.100.10

3. Laptop2 3.1. Install NetGear wireless drivers and configuration utilities 3.2. IP = 192.168.100.11

4. Laptop3 4.1. Install NetGear wireless drivers and configuration utilities 4.2. IP = 192.168.100.12

5. Verify that Laptop1 can ping Laptop2 and Laptop2 can ping Laptop3 Note: The instructor should explain why only particular wireless LAN cards are supported by each vendor. The instructor should verify that power save mode is disabled on Laptop2 and Laptop3 throughout all AirMagnet exercises. The APs channel chosen in this lab is arbitrary. The instructor should choose the channel with least interference and be consistent in its use throughout all labs.

STUDENT

6. Locate the AirMagnet license text file on the Student CD. In it, there is a number corresponding to a sticker on your PC Card. This number shows the name of the license file you will use to license AirMagnet for your PC Card.

7. Insert the NetGear WAG511 PC Card, and cancel if prompted for a driver by Windows.

8. Using the Student CD, install the AirMagnet Trio software. 8.1. Continue to the Licensing screen. 8.2. Choose Browse for License File Locally button as shown in Figure 1.3.


FIGURE 1.3 AirMagnet Trio Licensing Screen

8.3. Browse to and select the license file (*.lic) that corresponds to your PC Card. 8.4. In the next screen, choose the NetGear WAG511 PC Card (or whatever card

you are using for this lab exercise), and click OK. 8.5. Continue until the software and driver installation is complete.

Note: If you were licensing AirMagnet Trio for the first time, you would enter the Serial Number and Serial Key from your software package, the MAC address from the card you wish to license, and then make sure you have a wired Internet connection to the PC on which you are performing the licensing. After entering the information on this screen and clicking on the Download License File from AirMagnet.com button, a license file with a .lic extension will be placed in the program directory for AirMagnet Trio (usually c:\Program Files\AirMagnet Inc\AirMagnet Laptop\ ). Make a backup copy of this file because it will be used for licensing if you ever decide to use this PC Card on another computer at a later time. If the PC Cards driver that youre using for AirMagnet should have to be changed at a later time to support another application, AirMagnet has a driver switcher application that is installed by default during the AirMagnet installation.


Procedure

STUDENT

1. Open the AirMagnet Trio software. You are immediately presented with the Start screen, one of AirMagnets seven main screens. An example of the Start screen is shown in Figure 1.4 below.

FIGURE 1.4 AirMagnet Default Start Screen

Note: The Start screen displays the overall health of the WLAN operating environment, including RF channel signal level, infrastructure summary, and AirWISE expert advice summaries for Network Performance and Security. The left side of the Start screen displays Signal Level, Noise Level, and Signal/Noise Ratio in either dBm or % per channel. The right side displays SSID and Channel numbers for the MAC addresses in your WLAN. When you click on an individual MAC address, more details for the address are displayed. The color codes can be found in the manufacturers manual.

2. There are many selectable options inside the Start screen such as those shown in Figures 1.5 1.6 below.


FIGURE 1.5 AirMagnet Start Screen dBm, 802.11g

FIGURE 1.6 AirMagnet Start Screen - %, 802.11a

3. At the extreme top of the screen, click on the button that says 802.11a, and watch it toggle between 802.11a, 802.11g, and 802.11a/g. Notice what happens to the access


points and nodes displayed in the right pane as you toggle through these three settings.

4. To the right of the 802.11a/g button, there is a button that toggles between dBm and %. This button affects the signal level values shown in the left and right panes.

5. In the right pane, select the drop-down arrows beside SSID and All at the top of the screen.

6. In the left pane, the small white up and down arrows expand and collapse the 802.11b/g and 802.11a graphical displays as you can see in Figures 1.4 1.6.

7. Select the Channel button on the Navigation Bar at the bottom of the screen. This brings you to the second of the seven main screens within AirMagnet Trio. Figure 1.7 below displays an example of the Channel screen.

FIGURE 1.7 AirMagnet Default Channel Screen

Note: The Channel screen focuses the analysis of 802.11 traffic at the selected channel. It displays the utilization or throughput rate, signal strength, various low level performance trending, and vital statistics for that channel.

8. There are many selectable options inside the Channel screen such as those shown in Figures 1.8 1.9 below.


FIGURE 1.8 AirMagnet Channel Screen 802.11g, Channel 1 by Media, Graphing options displayed

FIGURE 1.9 AirMagnet Channel Screen Channel 1 by Speed, Expanded Control Frames


9. Click on 802.11g at the top, then Channel at the bottom. Select Channel 6 in the number list across the top-left of the screen. (If 802.11a/g is chosen, all 802.11b/g and 802.11a channels are shown across the top of the screen)

10. Click on the by Speed drop-down arrow to select the by Media option. Notice that this option allows you to compare 802.11b to 802.11g for both utilization and throughput in an 802.11b/g mixed mode environment as shown at the top of Figure 1.8 above.

11. In the bottom-left pane, click to expand and collapse the frame types, alerts, and Channel Detail 11.1. Notice under Management Frames that Beacons make up the better part of all

transmissions. 11.2. Notice under Media Type the percentage of 802.11b vs. 802.11g frames.

12. In the bottom-right pane, you can select as many graphical statistics windows as you like with a different statistic in each window.

13. Select the Infrastructure button on the Navigation Bar at the bottom of the screen. This brings you to the third of the seven main screens within AirMagnet Trio. Figure 1.10 below displays an example of the Infrastructure screen.

FIGURE 1.10 AirMagnet Default Infrastructure Screen


Note: The Infrastructure screen displays Signal/Noise Ratio and many other statistics and organizes the WLAN activity in a variety of views such as:

Listed by SSID Listed by Channel AP List Station List Ad-Hoc List 802.1x User List

14. The active access points and associated stations are Listed by SSID in the left pane

by default. Statistical values in the right pane are based on how the dBm/% button is toggled.

15. Select %, and then select the access point in left pane that has associated stations. Notice that AirMagnet can display AP Details in the bottom-right pane.

FIGURE 1.11 AirMagnet Infrastructure Screen Active Access Point Statistics

16. Select the Utilization drop-down to display the list of statistics options shown in

Figure 1.12 below


FIGURE 1.12 AirMagnet Infrastructure Screen Statistical Display Options

17. Notice that more than one graphical statistics window can be displayed in the top-

right pane by choosing the number drop-down. This feature allows for up to 6 simultaneous statistics windows.

18. Select the Listed by SSID drop-down in the left pane, and notice the options available for sorting the left-pane list.

Note: When a station is selected in the left pane, statistics for that station are shown in the right pane in the same manner as an access points statistics would be. Notice that access points and stations are displayed with their 802.11 standard types in the left pane. This is denoted by a small a, b, or g beside each node in the list.

19. Select the AirWISE button on the Navigation Bar at the bottom of the screen. This brings you to the fourth of the seven main screens within AirMagnet Trio. Figure 1.13 below displays an example of the AirWISE Alarm screen.


FIGURE 1.13 AirMagnet Default AirWISE Alarm Screen

Note: The AirWISE Alarm screen displays a list of the performance and security alarms detected by the AirMagnet AirWISE program. This is the easiest way for you to pinpoint common WLAN security and performance problems. The statistics and graphs on the lower pane are associated with the item you have selected, either Channel or Node.

20. Figure 1.13 displays Performance alarms in the top-left pane. Selecting an alarm in the top-left pane displays details about the alarm in the top-right pane. Select an alarm in the top-left pane now and view the notes in the top-right pane.

21. Theres also a Security tab in the top-left pane for viewing Security alarms. Click on the Security tab. Select an alarm in the top-left pane, and view the notes in the top-right pane.

22. Notice that Performance and Security alarms can be sorted using the two drop-downs directly above the top-left pane. 22.1. Select AP in the left drop-down 22.2. Select one of the access points in the right drop-down 22.3. Select the Security and Performance tabs to view alarms specific to that

access point 23. Select the Charts button on the Navigation Bar at the bottom of the screen. This

brings you to the fifth of the seven main screens within AirMagnet Trio. Figure 1.14 below displays an example of the Charts screen.


FIGURE 1.14 AirMagnet Default Charts Screen

Note: The left drop-down menu at the top-left of the screen provides four choices: Top 10 APs, Top 10 STAs, Top 10 Nodes, and Top 10 Channels. The right drop-down menu provides four choices: Frame Speed, 802.11 Frame Type, Address Type, and Media Type. Data from these charts can be exported using the Export Data button at the top.

24. Click the Top 10 menu and the Frame Speed drop-down menu to select various settings as shown in Figures 1.15 1.16 below. View the results in the graph at the top and the statistics columns at the bottom.


FIGURE 1.15 AirMagnet Charts Screen Top 10 drop-down menu

FIGURE 1.16 AirMagnet Charts Screen Statistical options drop-down menu


25. Select the Decodes button on the Navigation Bar at the bottom of the screen. This brings you to the sixth of the seven main screens within AirMagnet Trio. Figure 1.17 below displays an example of the Decodes screen.

FIGURE 1.17 AirMagnet Default Decodes Screen

Note: The AirMagnet Decodes screen functions much like traditional wireless LAN protocol analyzers, capturing packets in real time on a per channel basis. Unlike some other protocol analyzers, AirMagnets packet capture must be terminated in order to view decodes of individual frames.

26. Upon selecting the Decodes screen, the real-time packet capture begins automatically.

27. The channel drop-down menu at the top-right of the screen can be set to an individual channel or to All Channels. When All Channels is selected, AirMagnet rotates its channel on a configurable number of seconds capturing traffic from each channel as it rotates through them all.

28. When the red Stop Capture button is selected, a screen like the one in Figure 1.18 below is presented. This screen shows full decodes of all wireless frames.


FIGURE 1.18 AirMagnet Decodes Screen Frame Decodes

Note: Notice that AirMagnet does not capture and save entire frames, but rather only L2 - L4 headers. This allows for much faster decoding and real-time sorting of information (as is seen in the previous five AirMagnet screens). Frame contents are presented in a clear and easy to read manner in the bottom pane Decodes window.

29. Select the Tools button (looks like a hammer) on the Navigation Bar at the bottom of the screen. This brings you to the seventh of the seven main screens within AirMagnet Trio. Figure 1.19 below displays an example of the Tools screen.


FIGURE 1.19 AirMagnet Default Tools Screen

Note: AirMagnet has an extensive set of integrated tools as you can see from Figure 1.19. Site Surveying, Performance Analysis, Locating wireless nodes, and Coverage Analysis are just a few. We will explore these features in other lab exercises.

30. Click through the tabs of the Tools window in order to become familiar with the various tools that are available in AirMagnet Trio. Some examples of AirMagnets tools are shown in Figure 1.20 below.


FIGURE 1.20 AirMagnet Tools Screen Examples

31. Close the AirMagnet Tools window. 32. In order to configure AirMagnet Trio, theres a special configuration menu accessible

through clicking File Configure at the top of the AirMagnet main screen. Figure 1.21 below shows an example of the AirMagnet Configuration Menu.


FIGURE 1.21 AirMagnet Configuration Menu

33. Click through the tabs of the AirMagnet Configuration window in order to become

familiar with the various configuration options that are available in AirMagnet Trio. Some examples of AirMagnets Configuration options are shown in Figure 1.22 below.


FIGURE 1.22 AirMagnet Configuration Menu Examples


34. Select the Filter submenu, and create the following filter as shown in Figure 1.23

below

FIGURE 1.23 AirMagnet Filter Configuration

35. Click OK and close the AirMagnet Configuration Menu. 36. Select Decodes from the Navigation Bar. 37. Verify that no filter is selected. Select Channel 6 from the Channel drop-down at the

top-right of the screen. 38. If AirMagnet is not already capturing frames, click on the Start Capture button. 39. Notice that beacons are being transmitted at a rate of approximately 10 per second as

shown in Figure 1.24 below. Note: Beacons are transmitted so often that they quickly fill the display. While beacons give much good information, it is often beneficial to filter them out of the display after any necessary information is gathered from them.


FIGURE 1.24 AirMagnet capturing mostly beacons

40. Click the Stop Capture button, click the Filter button at the top-left of the screen,

and choose the Beacons filter from the left-side drop-down menu. 41. Verify that Channel 6 stays selected in the Channel drop-down menu.

INSTRUCTOR

42. Using Laptop2, start a continuous ping of Laptop1.

STUDENT

43. Click the Start Capture button, and verify that no Beacons are captured as shown in Figure 1.25 below.

44. Notice that this PING was between a wireless node and a wired node, and no relaying was performed by the access point.

45. Click the Stop Capture button.


FIGURE 1.25 Wireless-to-wired capture with Beacons filtered out

46. Save the capture by clicking File Save As. Save the capture as Capture1 47. Verify that the file is being saved in the AirMagnet Capture (*.amc) format.

Note: Discuss the results of this capture with your instructor

48. Click the Start Capture button

INSTRUCTOR

49. Stop the ping from Laptop2 to Laptop1. Using Laptop2, start a continuous ping of Laptop3.

STUDENT

50. Notice that this PING was between a wireless node and a wireless node, and relaying was performed by the access point. The display should be similar to that of Figure 1.26 below.

51. Select the Stop Capture button


FIGURE 1.26 Wireless-to-wireless capture with Beacons filtered out

Note: If RTS/CTS frames are shown in the display, the instructor should enable a MAC filter allowing only stations used in the classroom. This will deny access to external clients that might accidentally associate to the access point causing the access point to enable protection mechanisms in the BSS.


FIGURE 1.27 Addressing when relaying through an access point

Note: Pay particular attention to the highlighted areas highlighted. Though the top pane shows the destination address as ending in A5:4F:70, the decode in the bottom pane shows that the address ending in 66:E6:80 is actually the destination MAC address. A5:4F:70 is the BSSID and where the ICMP Data frame was relayed through.

52. Click File Open, and select Capture1.amc. Verify that the capture file loads successfully, and frames are displayed in the Decodes screen.

INSTRUCTOR

53. Stop the ping from Laptop2 to Laptop3.

Summary

This lab exercise demonstrated installing and properly licensing AirMagnet Trio, capturing live traffic, saving packet captures (also called traces), loading saved traces, analyzing basic packet exchanges, performing basic statistical analysis, becoming familiar with the seven main AirMagnet screens, and becoming familiar with AirMagnet Tools and Configuration Menus. These basic tasks allow the user to become familiar with basic functionality of AirMagnet in order to successfully perform more difficult labs to follow.


Troubleshooting

If the wireless LAN card is not recognized by AirMagnet, verify that the special AirMagnet driver is loaded for the card you have chosen to use. Verify that the card you have chosen is listed in AirMagnets supported hardware list.

airmagnet introductory tutorial lab

Documents