page 1 quickstart for airopeek january 2002. page 2 the history of wildpackets 1990:introduced a...
TRANSCRIPT
Page 2
The History of WildPackets
1990: Introduced a Macintosh-based EtherPeek protocol analyzer
1996: Windows-based version of EtherPeek released1998: The iNetTools (under a different name at the time)
were developed to allow active network testing such as a port scan and ping scan
2000: Changed name from AG Group to WildPackets2000: Acquired Net3Group, makers of NetSense2001: Acquired Optimized Engineering which is now the
Professional Services arm of WildPackets2001: Released AiroPeek to extend into the wireless market
place
Page 3
Current Customers Include..
Sandia National Labs, Liberty Mutual Insurance, EDS, GTE Information Services
Motorola, NY Times, 3Com, IBM,, Talk City, Condé Nast Publications, Novell, US Air Force, National Institutes of Health, DARPA, NASA
Apple Computer,
Boeing, Cisco
Systems, Microsoft,
Nortel Networks
Ericsson, Bank of America, Lucent Technologies, Yahoo!, FAA, Lockheed Martin, Xerox Corp., Lawrence Livermore National Labs
and many, many K-12 and higher educational institutions in the United States and abroad.
Page 4
Today’s Agenda
• Launching AiroPeek • Examining network statistics • Overview of protocol layers • The Packets and decode windows • Using filters to isolate problems • Alarms and the Log Window • The iNet Tools • NetSense • Protocol Analysis Training Options
Page 5
What is a Protocol Analyzer and when can it be used
• AiroPeek is an example of a protocol analyzer– also referred to as a packet analyzer
• An analyzer can ‘see’ the conversations between networked devices
• By evaluating the traffic network problems can be identified
• An analyzer is also useful in proactively monitoring a network to identify potential issues, before they turn into serious problems
• We produce an analyzer for Ethernet and Token-Ring as well as Wireless 802.11
Page 6
Getting Started with AiroPeek
• In the 1.1 release, Supported Interfaces include:– Cisco Systems 340 and 350 WLAN Adapters
– Symbol Spectrum24 11Mbps DS WLAN PC Card– Nortel Networks e-mobility WLAN PC Card– 3Com AirConnect 11 Mbps DSSS WLAN PC Card– Intel(R) PRO/Wireless 2011 LAN PC Card
• AiroPeek runs under Windows 98, Windows ME, Windows NT 4.0 (service pack 3, or later), or Windows 2000
• To optimize AiroPeek's overall performance, a Pentium 166 MHz or faster processor with 64 MB RAM is recommended
Page 8
Report Examples…
Packet Size DistributionPacket Size Distribution
Nodes StatisticsNodes Statistics
UtilizationUtilization
Page 9
Summary Statistics
• Overview of network traffic
• Includes 802.11 specific analysis
• Attacker analysis
• Upper layer information
Page 11
The Interpretation Of Statistics
• Are the protocols seen what you expect?
• Are the packet sizes consistent with the activity?
• Is utilization at an acceptable level?
• Are the ‘top talkers’ the right ones?Covered in WP101
Page 12
Overview of Protocol Layers• 802.11 and/or Ethernet are
responsible for the local movement of the frame
• IP is responsible for the routed travel of the packet
• TCP and UDP identify the upper layer protocol via a Port number. TCP ‘guarantees’ the delivery of the data
• Application layers such as FTP, Telnet, and HTTP provide the functionality to the user’s program
Application
Session
Transport
Network
Data Link
Physical
Presentation
Covered in WP100
Troubleshoot from the bottom up
Page 13
Configuring AiroPeek for WEP
• WEP (Wired Equivalent Privacy) is a data encryption technique supported as an option in the 80211b WLAN Protocol
• Because WEP encrypts all data above the 802.11b WLAN layers, it can prevent AiroPeek from decoding other network protocols
• Options -> Tools -> 802.11
Page 15
Getting Started Capturing…
• Capture -> Start Capture
• Click OK
• Click on the Start Capture button
Page 17
WLAN-Specific Columns
Channel: Channel on which the NIC is listening
BSSID: Displays the ID number of the access point or base station to whose traffic this packet belongs.
Data Rate: Data rate (1, 2, 5.5, or 11 Mbits per second) at which the body of this packet was transmitted.
Signal: The percent of maximum allowable transmission power detected in the receipt of this packet.
Page 18
Details, Details..
Double-click on a packet to see the detailed
decode and hexadecimal view
PDNTSPA
Covered in WP103&4
Page 19
Getting Started With Filters
A Real-Time Capture Filter
A Real-Time Capture FilterPost-Capture Filtering
Post-Capture Filtering
Page 20
Alarms and Log Window
• Right click on a statistic to Make Alarm
• View ->Alarms• Tools -> Notification
to specify the action to take
AlarmsAlarms
LogLog
Page 22
Obtaining iNetTools
• The iNetTools are available as a separate demo download
• Installing the iNetTools is a choice when running the AiroPeek Installation program
Page 23
NetSense Overview• Open a file• File Summary• DLC (Data Link Control) Error Expert• Frame Size Chart• Protocol Chart• Problem Finder• Network Peer Map • Client/Server Expert
Other Possibilities:
• ProAnalyst ToolBox
• Response Time/Latency Analysis
• Throughput Analysis
Other Possibilities:
• ProAnalyst ToolBox
• Response Time/Latency Analysis
• Throughput Analysis
Covered in WP104
Page 26
Professional Services
WP100: Foundations Of Network Protocol AnalysisWP101 or WP101W: Network Troubleshooting Methods Using EtherPeek or
AiroPeekWP103: TCP/IP Protocol Analysis MethodsWP104: Advanced TCP/IP Protocol AnalysisWP106: 802.11 Wireless Network Analysis Using AiroPeek and Coming Soon: WP105: AppleTalk and Mac OS/X Network Analysis
AATech: Applied Analysis TechnicianPAS: Protocol Analysis SpecialistNAX: Network Analysis Expert