airopeek v1.2 quicktour

Download AiroPeek v1.2 QuickTour

Post on 16-Jan-2015

985 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

  • 1. AiroPeek 802.11 wireless LAN network analyzer WildPackets, Inc.1340 Treat Blvd, Suite 500 Walnut Creek, CA 94597 www.wildpackets.com

2. AiroPeek Quick Tour Contents Getting Started ..................................................................... 11 Capturing packets from multiple adapters ........................... 2 Sampling network traffic in detail2 Making notes on packets in the packet list .......................... 3 Permanent notes, faster than paper3 WEP and AiroPeek ............................................................. 5 Configuring AiroPeek for wired equivalent privacy (WEP)4 Conversations view ............................................................. 6 Peer-to-peer communications5 Alarms ................................................................................. 7 Monitoring for multiple possible problems simultaneously6 Filters .................................................................................. 8 Pinpointing traffic of interest7 Security Audit Template ...................................................... 9 Early warning for wireless networks8 Monitor statistics ............................................................... 11 Real-time statistics monitor traffic patterns9 Viewing decoded packets ................................................. 16 Getting to the source of problems at the detailed level10 Periodically saving statistics .............................................. 17 Building a history of your network's performanceThere's more! ..................................................................... 18 Demonstration version of AiroPeek.................................... 19 System Requirements ........................................................ 20 Additional product information............................................ 20 Copyright 2001-2003, WildPackets, Inc. All rights reserved. 3. AiroPeek Quick Tour Welcome to AiroPeek, WildPackets' award-winning protocol analyzer for 802.11WLANs. AiroPeek works by capturing traffic from one or more wireless adapters,providing the tools to filter, analyze and interpret traffic patterns, data packet contents,statistics, and protocol types. This Quick Tour will help you become familiar with somekey program features.AiroPeek now supports distributed WLAN analysis with the separately purchasedRFGrabber Probe. Please refer to the user manual and online help to find out how toextend monitoring and analysis capabilities to remote sections of your wireless network.Note: AiroPeek works with all the latest revisions to the IEEE 802.11 WLAN standard, andautomatically presents the correct options for 802.11a, b, or g. Any part of thedocumentation or program that refers to 802.11 without further qualification appliesequally to networks of any of these standards. Getting StartedWhen the Monitor Statistics item under the Statistics menu is enabled (as it is bydefault) and a supported adapter is chosen, AiroPeek calculates Monitor statistics basedon all the traffic it sees on that adapter. Monitoring the network To begin collecting Monitor statistics, follow these steps: 1. Launch the program by choosing WildPackets AiroPeek from the Start menu. 2. Choose any supported 802.11 WLAN adapter from the list displayed in the Adapter viewof the Monitor Options dialog. If you do not have a wireless adapter, you can chooseNew File Adapter and open any AiroPeek (*.apc) packet file, such as those in the Samplesdirectory in the main program directory. AiroPeek will cycle through the packets in thechosen file, allowing you to simulate most aspects of live functionality. 3. To focus on a particular part of the radio spectrum, click the 802.11 tab to open the802.11 view of the Monitor Options dialog. 4. Using the radio button in the 802.11 view of the Monitor Options dialog, you can tell thecurrent adapter to Select channel by the specified channel Number, or by searching for achannel associated with the specified BSSID or ESSID. Alternatively, you can tell theprogram to Scan a range of channels according to the parameters set in the ChannelScanning Options dialog, which is opened by clicking the Edit Scanning Optionsbutton. Use the radio button to choose one of these options.You can also use the 802.11 view of the Monitor Options dialog to handle the automaticdecryption of WEP encrypted packets on your network, by supplying AiroPeek with avalid WEP key set. For more on WEP, please see WEP and AiroPeek on page 5. 5. Under the Monitor menu, make sure the Monitor Statistics item has a check mark besideit, showing that it is enabled. If it does not, click the item to enable it. 6. Select from the Monitor menu to view statistics windows for Nodes, Protocols, Size (ofpacket), Summary, History, or Channel. 1 4. AiroPeek Quick Tour AiroPeek will continue to collect Monitor statistics from the selected adapter until youquit the program or choose Reset Statistics from the Monitor menu. Feature # 1: CAPTURING PACKETS FROM MULTIPLE ADAPTERSSampling network traffic in detailTo capture packets in AiroPeek, you create a Capture window, set its parameters, andclick the Start Capture button. Its as simple as that. Capture window title Buffer wrap options Continuous capture options Save to disk optionspacket slicing options capture buffer size Show this dialog...To create a new Capture window:1. Choose New from the File menu to open the Capture Options dialog.2. The Capture Options dialog presents five views, allowing you to define a complete set of options for each Capture window. At a minimum, for each new Capture window, you must set, or accept the default values for:the capture buffer (in the General view),the adapter from which to capture (in the Adapter view), andthe channel selection (in the 802.11 view). Note: The 802.11 view is identical in either the Monitor Options or the Capture Options dialog. Changes made in the 802.11 view of either dialog take effect immediately for all uses of a particular adapter, whether it is selected for use by Monitor statistics, Capture window(s), or both.3. When you have set the capture options, click OK to open the new Capture window. 2 5. Start Capture buttonWindow Title Progress section View section View Tabs Status barCapture status Current Adapter ChannelPacketsDuration 4. Click Start Capture. You will see packets from your selected adapter processed and displayed in the new Capture window.To open another Capture window, choose New from the File menu again. You can openmultiple Capture windows, each with its own buffer options, adapter, trigger settings, andoptions for filters and statistics output.To add to or change the mix of columns, click in the column headings to open the PacketList Options dialog. To change column order, use drag and drop. Feature # 2: MAKING NOTES ON PACKETS IN THE PACKET LISTPermanent notes, faster than paperThe new Note tools let you add text notes to any packet(s) in the Packet List of Capturewindows or Packet File windows. You can create, edit, format, or delete notes. Highlightmultiple packets and assign the same note to all in a single operation, or create a defaultnote and add it to any packet(s) in two clicks. You can step through the notes, forward orbackward, in packet list order. When you save packets in AiroPeek packet file format, thenotes are saved alongside them. These notes are quicker to make and easier to use thannotes on paper. 3 6. AiroPeek Quick TourUndo PasteRedoCopyBold Cut Italic Next NoteUnderline Previous NoteColor Palette To make a note on an individual packet, select the packet in the Packets view and click the Insert Note button in the header section of the view. This brings up the Insert Note dialog, in which you can enter the note text and format it in a variety of ways. An icon representing a note appears in the Packet column of the Packets view (the column showing packet numbers) for any packet with an associated note. To view or edit the contents of a note: 1. Highlight the packet to which the note belongs and click the Edit Note button to open theEdit Note dialog. 2. Use the editing tools in the header section of the Edit Note dialog to edit and format thetext. 3. Optionally, you can check the checkbox beside Make this the default note. When this boxis checked, the same text with the same formatting is entered automatically each time youclick the Insert Note button. 4. Click OK to accept your edits and close the Edit Note dialog. The Edit Note dialog allows you to step through the packet notes. Use the Next Note and Previous Note buttons to steps forward or backward through the notes, in packet number order. As each note is presented in the Edit Note dialog, the packet to which it belongs becomes the selected (highlighted) packet in the Packet List pane of the Packets view. To delete one or more notes, highlight the packet(s) to which they belong and click the Delete Note button. 4 7. Feature # 3: WEP AND AIROPEEKConfiguring AiroPeek for wired equivalent privacy (WEP)When provided with the appropriate key sets, AiroPeek can decrypt WEP (WiredEquivalent Privacy) encrypted traffic on your network on-the-fly, just like any otherauthorized user.AiroPeek can store multiple sets of shared keys, each with its own short name. Thisprevents errors in entering long key strings when switching from one set to another.Important! In order to see conversations displayed in the Conversations view (Feature #4), traffic must be unencrypted.Example: Enabling an existing WEP key setTo enable AiroPeek to decode higher level protocols on networks where WEP is in use,1. Select the adapter whose traffic you wish to decrypt in the Adapter view of either the Capture Options or the Monitor Options dialog.2. Choose the 802.11 tab to bring up the 802.11 view.3. In the Encryption section of the 802.11 view, use the drop-down list labeled WEP key set to choose the key set to use for this session of AiroPeek from the list of ava