Embed Size (px)
Copyright © 2006, WildPackets, Inc. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form, or by any means, electronic or mechanical, including photocopying, for any purpose, without the express written permission of WildPackets, Inc.
AiroPeek SE, AiroPeek NX, AiroPeek VX, EtherPeek SE, EtherPeek NX, EtherPeek VX, Gigabit Analyzer Card (GAC), GigaPeek NX, iNetTools, NAX, NetDoppler, NetSense, Network Calculator, Omni³, Omni Capture Engine, Omni Desktop Engine, Omni DNX Engine, OmniEngine Desktop, OmniEngine Enterprise, OmniEngine Workgroup, Omni Management Console, Omni PacketGrabber, OmniPeek, OmniPeek Enterprise, OmniPeek Enterprise Connect, OmniPeek Personal, OmniPeek Workgroup, OmniPeek Workgroup Pro, OmniPeek Personal, Omnipliance, OmniSpectrum, PacketGrabber, Peek DNX, ProConvert, ProtoSpecs, RFGrabber, RMONGrabber, WAN Analyzer Card (WAC), WANPeek NX, WildPackets, WildPackets Academy, and WildPackets OmniAnalysis Platform are trademarks of WildPackets, Inc. All other trademarks are the property of their respective holders.
The material in this document is for information purposes only and is subject to change without notice. While reasonable efforts have been made in the preparation of this document to assure its accuracy, WildPackets, Inc. assumes no liability resulting from errors or omissions in this document, nor from the use of the information contained herein.
WildPackets, Inc. reserves the right to make changes in the product design without reservation and without notification to its users.
Contacting WildPackets
Mailing Address
WildPackets, Inc.1340 Treat Blvd., Suite 500Walnut Creek, CA 94597
Voice/Fax
8 AM - 5 PM (PST)(925) 937-3200 (800) 466-2447 (US only)Fax: (925) 937-3211
Sales
Web
http://www.wildpackets.com
Technical Support
http://www.wildpackets.com/support
Resources
See http://www.wildpackets.com/support/additional_resources/white_papers for white papers, tutorials, technical briefs and more.
ii
Training and CertificationWildPackets Academy offers the most effective and comprehensive network and protocol analysis training available, meeting the professional requirements of corporate, educational, government, and private network managers. Our instructional methodology is centered on practical applications of protocol analysis techniques.
See http://www.wildpackets.com/services for course catalog, current public course scheduling, web-delivered courses, and consulting services.
WildPackets Academy(800) [email protected]
Product Support and MaintenanceWildPackets Product Maintenance Programs ensure that you grow along with our products as new features and enhancements to existing features are added. All WildPackets customers are entitled to technical support for the life of their purchased product(s).
Enhanced support services are available through our Premium Maintenance Programs. Premium Maintenance offers Remote Trace File Analysis assistance and free seats in our WildPackets Academy Training courses, in addition to our standard maintenance services.
Standard or Premium Maintenance can be purchased by contacting [email protected].
About WildPackets, Inc.
Since 1990, WildPackets has been delivering real-time fault analysis solutions that enable the world's leading organizations to keep their networks running securely and reliably, day after day. From the desktop to the datacenter, from wireless LANs to Gigabyte backbones, on local segments and across distributed networks, WildPackets products enable IT organizations to quickly find and fix problems affecting mission-critical network services. WildPackets products are sold in over 60 countries through a broad network of channel and strategic partners. More than 5,000 customers, spanning all industrial sectors and including 80% of the Fortune 1000, use WildPackets products daily to troubleshoot networks and maximize network uptime. WildPackets customers include Agilent, Cisco Systems, Comcast, EDS, Microsoft, Siemens AG, Qualcomm, Unisys, Motorola, and Deutsche Bank. Strategic partners include Aruba, Atheros, Cisco, 3Com, Intel and Symbol Technologies. For further information, please visit www.wildpackets.com.
20060531-E-AP31/11_d3
iii
Contents
Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Installing AiroPeek . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Main program window and Start Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Capturing Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Capturing packets into a Capture window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 3 Viewing Decoded Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11The packet decode window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 4 Monitoring the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Displaying Monitor statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Baselining with summary statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 5 Creating Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Creating a graph from a Capture window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 6 Wireless Statistics in Capture Windows . . . . . . . . . . . . . . . . . . 21The WLAN view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21The Channels view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23The Signal view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Chapter 7 Displaying Conversations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25The Conversations view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 8 Troubleshooting with the Expert . . . . . . . . . . . . . . . . . . . . . . . . 27The Expert view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Using the Expert EventFinder Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Using the Visual Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Chapter 9 Creating Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Enabling a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating filters with the Make Filter command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
v
Contents
Creating a simple filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 10 Using the Peer Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37The Peer Map view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 11 Using VoIP Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39The VoIP view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Analyzing a single call or channel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Appendix A Keyboard Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
vi
C H A P T E R 1
Introduction
Welcome to AiroPeek, the award-winning wireless network analyzer from WildPackets!
AiroPeek incorporates advanced capabilities for monitoring and troubleshooting wireless LANs, including full decodes for 802.11a/b/g WLAN standards, encryption and decryption features, and sophisticated displays of channel and signal strength statistics of your wireless network.
This Getting Started Guide provides information about three programs:
● AiroPeek SE (Wireless LAN Protocol Analyzer): AiroPeek SE (Standard Edition) offers all the features of a great wireless analyzer at an affordable price. In addition, the Conversations tab is unique to AiroPeek SE. See Chapter 7, Displaying Conversations.
● AiroPeek NX (Expert Wireless LAN Analyzer): AiroPeek NX has all the features of AiroPeek SE plus an advanced set of expert troubleshooting and diagnostic capabilities (available in the Expert tab) and a graphical view of peer-to-peer communications (available in the Peer Map tab). See Chapter 8, Troubleshooting with the Expert and Chapter 10, Using the Peer Map.
● AiroPeek VX (Expert Voice over Wireless LAN Analyzer): AiroPeek VX has all the features of AiroPeek NX plus the analysis of real-time voice data and statistics on both open and closed VoIP connections (available in the VoIP tab). See Chapter 11, Using VoIP Analysis.
Note The term ‘AiroPeek’ will be used throughout this Getting Started Guide to refer to the program with features common to all three versions, unless otherwise noted. Screenshots will depict the fullest version, AiroPeek VX, unless otherwise noted.
System requirementsThe system requirements for AiroPeek are:
● Windows XP (SP2) or Windows 2000 (SP4)
1
Chapter 1: Introduction
Minimal testing on AiroPeek SE and AiroPeek NX has been done with Windows Server 2003 (SP1). AiroPeek VX does not support Windows Server 2003.
● Internet Explorer 6.0 (SP1)
● Microsoft .NET (Framework 2)
AiroPeek supports portable computers as long as the basic system requirements to run the supported operating systems are met. Depending on traffic and the particular usage of AiroPeek, the requirements may be substantially higher.
The following system is recommended:
● P4 2 GHz (P4 2.4 GHz for AiroPeek VX)
● 512 MB RAM (1 GB RAM for AiroPeek VX)
● 10 GB Available Hard Disk Space (20 GB Available Hard Disk Space for AiroPeek VX)
Factors that contribute towards superior performance include, high speed CPU, dual CPUs, two or more GB of RAM, high performance disk storage subsystem (RAID 0), and as much additional hard disk space as is required to save the trace files that you plan to manage. .
Note Supported operating systems require users to have “Administrator” level privileges in order to load and unload device drivers, or to select a network adapter for the program’s use in capturing packets.
For more information, please see our web site at http://www.wildpackets.com/products.
Network adapters and driversAiroPeek requires the installation of a special NDIS driver for packet capture and to control a supported network adapter. The Atheros Wireless LAN Adapter driver has been tested and is included with AiroPeek. Check the Readme in the driver folder (for example, C:\Program Files\WildPackets\AiroPeek\Driver) for driver installation instructions. The Atheros driver supports advanced functionalities such as WPA/PSK decryption, noise measurement, and hardware timestamping.
Important! 802.11 WLAN adapters cannot be used for network services while they are in RF Monitor mode.
To download other available drivers, visit our website at http://www.wildpackets.com/support/product_support/overview. Some minimal testing has been done with these drivers;
2 System requirements
AiroPeek Getting Started Guide
however, the advanced functionalities found in the Atheros driver may not be available with these other drivers.
For information about configuring 802.11 channel settings and encryption for wireless adapters, please see the AiroPeek User Guide or online help.
Installing AiroPeekTo install AiroPeek, follow these steps:
1. Uninstall any earlier versions of AiroPeek.
The recommended way to uninstall is to run the installer and choose to remove the previous version.
2. Insert the AiroPeek Installer CD into your CD or DVD drive.
3. Follow the installation instructions that appear on the screen.
During installation you are asked to enter a valid Activation Key. When prompted, you can select Automatic or Manual:
● Automatic: The installer uses your Internet connection to send an encrypted message to an activation server, which retrieves and displays your Activation Key. Please write down the Activation Key for future reference.
● Manual: The installer allows you to enter the Activation Key manually. You can obtain an Activation Key in the following ways: Go to a computer with an Internet connection and web browser and complete the request form, or call WildPackets Technical Support.
For more information about the product activation process, please see our web site at: http://www.wildpackets.com/activation.
4. When the Installer has finished installing the program files, you can choose to view the Readme or launch the program.
Main program window and Start PageTo start AiroPeek:
● Choose Start > All Programs > WildPackets AiroPeek.
The main program window and Start Page appears. The parts of the main program window are described below.
Installing AiroPeek 3
Chapter 1: Introduction
● Toolbar: Provides icons for frequently-used tasks in AiroPeek. The name of each icon’s function appears when the cursor passes over it. Choose View > Toolbars to toggle the display of this toolbar.
● Status Bar: Shows brief context-sensitive messages on the left and the current monitor adapter on the right. Choose View > Status Bar under the menu to toggle the display of this status bar.
● Monitor Options: Lets you choose an adapter for collecting Monitor statistics, as well as configure other settings. See Chapter 4, Monitoring the Network for details on enabling and viewing Monitor statistics.
● Network Statistics Gauge: Shows network utilization as analog dials with corresponding digital displays. Available by choosing Monitor > Network.
● AiroPeek Log: Records Start, Stop, and other AiroPeek events. Available by choosing View > Log Window.
● Start Page: Provides links to useful resources, both local and online.
Toolbar
Status Bar
Network Statistics Gauge
Monitor Options
AiroPeek Log
4 Main program window and Start Page
AiroPeek Getting Started Guide
Some of the quick links accessed from the Start Page include:
● opening recently saved Capture files
● starting a new capture
● starting Monitor statistics
● viewing an HTML version of the Getting Started Guide
● accessing the PDF version of the User Guide
● viewing the Audit Template instructions
● accessing the WildPackets Technical Compendium
Main program window and Start Page 5
Chapter 1: Introduction
6 Main program window and Start Page
C H A P T E R 2
Capturing Packets
Packets are the units of data carried on the network and the basis for all higher level network analysis. The Packets view of a Capture window is where you can view information about the individual packets transmitted on your network.
AiroPeek can capture packets in multiple configurable Capture windows, each with its own dedicated capture buffer and settings for filters, triggers, and statistics output. You can establish and view multiple Capture windows up to the limits of available system resources.
Capture windows allow you to:
● View and monitor network traffic in real time
● Use a different adapter for each Capture window, or use the same adapter for multiple Capture windows
● Apply filters, both before and after capture
● Start or stop capture based on network events or time settings
● View statistics based on selected network traffic
● View packet contents, raw and/or decoded
● Save packets for post-capture analysis in Capture file windows
Capturing packets into a Capture windowTo capture packets:
1. To start a new capture, do one of the following:
● Click the New Capture button on the Start Page
● Choose File > New…
The General view of the Capture Options dialog appears.
7
Chapter 2: Capturing Packets
2. Configure the options in the General view.
3. Click the Adapter view to select the capture adapter.
Note For information on configuring settings in the other views of the Capture Options dialog, see the AiroPeek User Guide or online help.
4. Click OK. A new Capture window appears.
Capture window title
Save to disk options
Continuous capture options
Packet slicing options
Capture buffer size
“Show this dialog...”
8 Capturing packets into a Capture window
AiroPeek Getting Started Guide
5. Click Start Capture to begin capturing packets. The Start Capture button changes to the Stop Capture button and packets begin populating the Capture window.
Note You can right-click a column heading to hide or display available column headings in the Packets view.
6. Click Stop Capture when you want to stop capturing packets.
Start/Stop Capture
Capturing packets into a Capture window 9
Chapter 2: Capturing Packets
Tip To resume capturing from where you left off, hold down the Shift key and click the Start Capture button. To empty the capture buffer and start a new capture, simply click the Start Capture button again.
10 Capturing packets into a Capture window
C H A P T E R 3
Viewing Decoded Packets
Network problems are revealed more quickly by looking at the detailed information contained in individual packets. Looking into the packets can help you troubleshoot your network, track down a security breach, or examine protocol structure and compliance.
The packet decode windowYou can view detailed information about each packet by viewing the packet’s decode.
To view the decode of a packet:
1. Double-click a packet in the Packets view of a Capture window. The Packet Decode window appears. The decoded packet data is presented in byte order from top to bottom.
Window navigationDecoder options
Information added by AiroPeek
Window header
Decode view
Hex and ASCII viewOffsets
11
Chapter 3: Viewing Decoded Packets
Tip You can open individual Packet Decode windows for up to 10 packets at once. When multiple packets are selected in the active Packet List, click Enter to open them all.
2. Click on the - minus or + plus signs in the margin to collapse or expand the view of any header section.
● Window header:
● Click the Decode Previous or Decode Next buttons at the top of the window to step through the packets shown in the Packet List of the active Capture window.
● Decode view:
● The items in green at the top of the Decode view include information on the Flags, Status, Packet Length, and Timestamp of the packet. This information is not in the packet itself, but is added by AiroPeek.
● The body of the Decode view is laid out in the same order as it appears in the packet. A quick glance at this section often reveals the source of trouble. Problems like a misconfigured client, or incompatible versions of the same protocol from different vendors can be easily understood when you can see and compare the packets themselves.
● Hexadecimal view:
● The Hex view at the bottom of the decode window shows the offset of the first character in each line, the raw packet data in hex, and the ASCII version of raw packet data
3. Highlight an item in one part of the window. The same bytes of the packet are highlighted in all the other views or panes as well. The highlight matches in the Decode, Hex, and ASCII panes.
Color coding is used to link the Decode view with the Hex view for both Hex and its ASCII equivalent. The Hex and ASCII views are in turn linked to the color of the protocol shown in the Protocols column of the Packet List.
Tip Right-click and choose Show Colors to toggle display of colors.
12 The packet decode window
AiroPeek Getting Started Guide
Tip Use the Toggle Orientation icon in the toolbar to tile the Decode and Hex views vertically or horizontally.
Toggle Orientation
Highlights match:
Decode
Hex
ASCII
The packet decode window 13
Chapter 3: Viewing Decoded Packets
14 The packet decode window
C H A P T E R 4
Monitoring the Network
The Monitoring statistics function provides insight into the overall flow of network traffic. It is like the view from a traffic helicopter and can indicate bottlenecks and anomalies. Use Monitor statistics to identify trends and current conditions that may signal unexpected network problems.
To enable Monitor statistics:
1. Choose Monitor > Monitor Options.... The Monitor Options dialog appears.
2. Click the Adapter view.
3. Select a locally installed network adapter listed under Local machine.
4. Click OK.
15
Chapter 4: Monitoring the Network
5. Select Monitor Statistics in the Monitor menu to enable the collection of Monitor statistics.
The program begins monitoring traffic from the selected adapter in the background. AiroPeek will continue to collect Monitor statistics from the selected adapter until you quit the program or deselect Monitor statistics from the Monitor menu.
Displaying Monitor statisticsYou can view various Monitor statistics windows by going to the Monitor menu and selecting a type of statistic to view:
● Nodes: Displays real-time data organized by network node.
● Protocols: Displays network traffic volume, in packets and in bytes, broken down by protocol and subprotocol.
● Network: Displays network statistics in two different ways:
● The Gauge tab displays network statistics as three analog dials with corresponding digital displays at their centers. A history graph under the gauges displays maximum (red line) and average (yellow line) values.
● The Value tab displays network statistics: duration, aggregate counts and volumes, error packets, and both Total Errors and CRC.
● Size: Displays the Packet Size Distribution graph, showing what percentage of the packets on the network are in each size class (according to their length in bytes).
16 Displaying Monitor statistics
AiroPeek Getting Started Guide
● Summary: Displays summary of key network statistics in real time. You can use summary Statistics to baseline “normal” network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior. See Baselining with summary statistics.
● History: Displays a graph of network performance at selected intervals over time.
● Channel: Displays channels statistics in two different ways:
● The Channel tab displays a variety of statistics and counts for each channel, laid out in tabular form.
● The Signal tab displays continuously updated bar graphs of signal strength for monitored network traffic
● WLAN: Displays an SSID (Service Set Identifier) tree view of wireless nodes.
Note Equivalent views of Monitor statistics windows are available in Capture windows. See Chapter 6, Wireless Statistics in Capture Windows and Chapter 5, Creating Graphs.
Baselining with summary statisticsThe summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline “normal” network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem.
Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client’s network with a saved “healthy” router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance.
Baselining with summary statistics 17
Chapter 4: Monitoring the Network
To baseline with summary statistics:
1. Choose Monitor > Summary. The Summary Statistics window appears.
2. Click the Snapshot icon. The real-time network traffic data displayed in the Current column is copied to a new column identified as Snapshot # (where # is the sequence number of the Snapshot). The new Snapshot column also shows the date and start time at which the Snapshot was made.
Tip Right-click in the column of a Snapshot you wish to remove and select Delete Snapshot #.
3. Choose File > Save Summary Statistics to save the information to a text file.
Snapshot icon
18 Baselining with summary statistics
C H A P T E R 5
Creating Graphs
In addition to the standard statistical displays available from the Monitor menu and Capture window views, AiroPeek offers multiple methods for displaying individual statistical items or groups of statistics in user-defined graphs.
Creating a graph from a Capture windowThis section shows you how you can easily create a graph from a Capture window. You can graph any statistics item calculated in the Nodes, Protocols, Summary, WLAN, or Channels views of a Capture window.
Note You can also create graphs from any equivalent window of Monitor Statistics.
To create a graph from a statistics view:
1. From a Capture window, select one of the statistics or wireless views.
2. Right-click the item you wish to graph and then select Graph. The Graph Data Options dialog appears.
19
Chapter 5: Creating Graphs
3. Select Display graph in new window.
4. Complete the dialog and click OK. The graph is displayed in a new window.
5. Click the Bar, Area, and Line icons to vary the display of the graph.
Tip Click the Options icon for more graph display options.
Bar
AreaLine
OptionsPause
20 Creating a graph from a Capture window
C H A P T E R 6
Wireless Statistics in Capture Windows
AiroPeek calculates a variety of key statistics in real time and presents these statistics in intuitive graphical displays. You can save, copy, print, or automatically generate periodic reports on these statistics in a variety of formats. (Please see the AiroPeek User Guide or online help for information on generating statistics reports.)
Two distinct program functions—Monitor statistics and packet capture—provide statistics in the program. The two differ in the traffic stream on which their statistics are calculated:
● Statistics presented by the Monitor statistics function are based on all the traffic seen on the adapter selected in the Monitor Options dialog since Monitor statistics calculations began. (See Chapter 4, Monitoring the Network).
● Statistics in a Capture window reflect all the packets accepted into the buffer of the Capture window since capture began, based on traffic seen on the adapter selected in the Capture Options dialog. Capture windows provide the following statistics views: Conversations (unique to AiroPeek SE), Nodes, Protocols, Summary, Graphs, WLAN, Channels, and Signal.
This chapter introduces the features in the WLAN, Channels, and Signal views of Capture windows.
The WLAN viewThe WLAN view shows an SSID (Service Set Identifier) tree view of wireless nodes. The hierarchy is:
● ESSID (Extended Service Set Identifier): the name of a logical group of access points
● BSSID (Basic Service Set Identifier): a single access point
● STA (Station): a client associated to the particular access point
The parts of the WLAN view are identified below.
21
Chapter 6: Wireless Statistics in Capture Windows
● The header section provides summary counts of Wireless Networks, Ad Hoc Networks, Access Points, and Clients (STAs).
● Node Type: Lets you limit the display to selected nodes (All Nodes, Stations, Access Points, ESSID, Ad Hoc, Admin, and Unknown).
● Color globes: Indicate the type of node.
● Blue: ESSID
● Pink: AP or Ad Hoc equivalent
● Orange: STA or client
● Gray: Admin or otherwise unknown
● Gray with (?): Indications for a particular node are contradictory or unexpected.
Tip Select a node and click on the icons to Make Filter, Graph, Make Alarm, and more.
Color Globe
Node Type
Summary Counts
22 The WLAN view
AiroPeek Getting Started Guide
The Channels viewThe Channels view of a Capture window shows a variety of statistics and counts for each channel, laid out in a tabular form.
You can choose to display information by Packets, Bytes or All.
The arrow in the left column shows which channel is being scanned.
Tip Right-click in the column headers to add or remove columns from the display.
Make AlarmGraph
Make Filter
Refresh
The Channels view 23
Chapter 6: Wireless Statistics in Capture Windows
The Signal viewThe Signal view shows continuously updated graphs of signal strength for traffic in the Capture window.
● All or AP only: Choose to show signals on all channels, or show only the signals of access points detected on the channels advertised in AP beacon and probe response packets.
● Node Type: Limit the display to traffic between certain types of nodes.
● Units: Choose the units of display.
● Options: Opens the Signal Statistics Options dialog, where you can choose to Reset graph occasionally or to toggle the Legend in the Signal view on or off.
● Pause: Temporarily suspend the update of the display.
● Geiger Counter: Acts as toggle. When enabled, makes an audible click each time the user-specified number of packets is processed on the selected adapter.
All or AP only view Node Type Units PauseGeiger Counter
Options
24 The Signal view
C H A P T E R 7
Displaying Conversations
The Conversations view, unique to AiroPeek SE, groups traffic in a Capture window into conversations between pairs of network nodes.
The Conversations viewThe Hierarchy view of the Conversations view provides a hierarchical list of all conversations, or flows, contained in the unhidden packets of the capture buffer. The Flat view displays each flow independently, presenting them in a flat table.
To display conversations:
1. Open a Capture window and begin capturing traffic.
2. Click Hierarchy under the Conversations view.
The parts of this view are identified below.
25
Chapter 7: Displaying Conversations
● Flows analyzed: Summary count of conversations.
● Upper pane: Current conversations, with information about each conversation displayed in a user-definable set of columns.
● Color coding:
● Green: Demonstrates that a conversation is still active.
● White: Demonstrates that a conversation is completed.
● Right-click options:
When one or more conversations are highlighted, you can use the context menu to Select Related Packets either By Source and Destination, which chooses packets with matching source and destination addresses, or By Conversation, choosing packets sent between two nodes in either direction, with the matching protocol and port.
● Node Details view: Additional information about a selected peer appears here.
3. Select the Flat view.
Flows (conversations) are numbered in the Flow ID column in the order in which they are identified. This view allows you to compare flows to one another, regardless of the node pair to which they belong.
26 The Conversations view
C H A P T E R 8
Troubleshooting with the Expert
The Expert features in AiroPeek NX and AiroPeek VX provide real-time analysis of response time, throughput, and a wide variety of network events and potential problems in a flow-centered view of traffic in a Capture window.
The Expert EventFinder detects nearly 200 different network events and provides descriptions, possible causes, and possible remedies organized by OSI layer. Depending on your version of the program, network events specifically related to VoIP, Wireless, WAN, and user-defined Network Policy items are also shown.
The Visual Expert presents a variety of ways to look at an individual flow found in the Expert view, providing a static snapshot of all of the packets that were in the buffer for a particular flow at the time the window was created.
The Expert viewThe Hierarchy view of the Expert view makes it easy to track events and to see them in the context of peer-to-peer or client-server traffic patterns.
To display events in the Expert view:
1. From the Capture window, click Hierarchy under the Expert view.
Pairs of nodes are displayed at the top level, individual conversations (flows) underneath them, and individual events nested under each flow. Color coded traffic indicator lights show whether or not packets were received in the last few seconds:
● green (active)
● white (inactive)
27
Chapter 8: Troubleshooting with the Expert
2. Right-click in the upper pane to collapse or expand the hierarchy to display the most relevant information.
Using the Expert EventFinder SettingsYou can view more details about individual events in the Expert EventFinder Settings dialog.
To open the Expert EventFinder Settings window:
1. Select an individual event in the Hierarchy view of the Expert view.
2. Click the EventFinder Settings icon. The Expert EventFinder Settings window appears with the particular class of event highlighted.
Network Policy
EventFinder Settings
Refresh
28 Using the Expert EventFinder Settings
AiroPeek Getting Started Guide
The Expert EventFinder Settings window provides information on what sensitivity or setting value was used to flag this event as significant.
Tip Click Show Info to see a more complete description of the event, possible causes, and possible remedies.
Using the Visual ExpertThe Visual Expert provides various ways of looking at an individual flow at the time the window was created.
To open the Visual Expert:
1. Select Flat under the Expert view of a Capture window.
2. Right-click any flow and choose Visual Expert. The Visual Expert window appears.
Using the Visual Expert 29
Chapter 8: Troubleshooting with the Expert
The six tabs at the bottom of the window are described below.
● PacketVisualizer: This tab displays all of the packets for both sides of a flow.
● Payload: This tab reconstructs the TCP data without the header information.
● Graphs: This tab displays five types of graphs:
● Throughput: Displays the rolling average throughput for the flow, in TCP Sequence Number order over time.
● Latency: Displays the time between a packet and the request packet that it acknowledges.
● Sequence: Displays TCP SEQ numbers across time, a simple version of the information in the tcptrace graph.
● tcptrace: Displays varied visualizations of a TCP flow.
● TCP window: Displays the size of the available TCP window as it expands and contracts through the course of the TCP session in the current flow.
30 Using the Visual Expert
AiroPeek Getting Started Guide
Tip Highlight the graph names in the navigation bar to see all of the graphs at once.
● What If: This tab lets you estimate the effects of changes in various network and application parameters on throughput, utilization, and response times in the current flow.
● Compare: This tab can find a particular flow in any other open file or capture, and display the two separately captured instances of that flow side by side, noting any detailed differences between the two.
● Summary: This tab displays the same data that appears in the Node Details pane of the Expert tab.
Using the Visual Expert 31
Chapter 8: Troubleshooting with the Expert
32 Using the Visual Expert
C H A P T E R 9
Creating Filters
Filters let you focus on specific traffic. If you want to check a problem between two particular devices, perhaps a computer and a printer, address filters can capture just the traffic between these two devices. If you are having a problem with a particular function on your network, a protocol filter allows you to focus on traffic related to that particular function.
Filters work by testing packets against the criteria specified in the filter. Packets whose contents meet these criteria match the filter. You can build filters to test for just about anything found in a packet: addresses, protocols, sub-protocols, ports, error conditions, and more. Filters are so easy to create in that you can often create a custom filter on-the-fly while analyzing suspect traffic on your network.
Enabling a filterIn addition to the filters that you create, the program includes numerous pre-defined filters. You can enable one or more filters when capturing or monitoring packets.
To enable filters when capturing packets:
1. Click the Filters view in a Capture window.
33
Chapter 9: Creating Filters
2. Select the filter or filters that you want to enable.
3. Click the Start Capture button to begin capturing packets. Any packets that match the filters that are enabled are placed into the capture buffer.
Alternately, you can choose to place the packets that do not match the filter in the capture buffer by clicking the Reject Matching icon.
Creating filters with the Make Filter commandYou can use the Make Filter command to easily create a filter based on the address, protocol, and port settings of an existing packet, node, protocol, conversation, or packet decode.
To create a filter with the Make Filter command:
1. Right-click a packet, node, protocol, conversation, or packet decode item from one of the views available in a Capture window and choose Make Filter. The Insert Filter dialog appears with the Address, Protocol, and Port settings already configured with the information from the packet that was selected.
2. Enter a new name in the Filter text box and make any additional changes.
3. Click OK. The new filter is now available whenever a list of available filters is displayed.
4. To enable the new filter in your Capture window, click the Filters view and select the check box of the new filter. The filter is applied immediately, even if a capture is already under way.
Reject Matching Start/Stop Capture
34 Creating filters with the Make Filter command
AiroPeek Getting Started Guide
Creating a simple filterYou can create a simple filter by manually entering the parameters for the filter that you want to create. Unlike creating a filter using the Make Filter command, you will have to manually define the parameters (address, protocol, and port settings) for the filter you want to create.
Note For information on creating more advanced filters, refer to the AiroPeek User Guide or online help.
To create a simple filter by defining an address and protocol:
1. Do one of the following to open the Filters view:
● Click the Filters view in an open Capture window
● Choose View > Filters from the main menu
2. Click the Insert icon. The Insert Filter dialog appears.
Insert
Creating a simple filter 35
Chapter 9: Creating Filters
3. Give your new filter a name.
4. Complete the address, protocol, or port setting information and click OK. The new filter is now available whenever a list of available filters is displayed.
5. To enable the new filter in your Capture window, click the Filters view and select the check box of the new filter. The filter is applied immediately, even if a capture is already under way.
36 Creating a simple filter
C H A P T E R 10
Using the Peer Map
The Peer Map view in AiroPeek NX and AiroPeek VX is a powerful tool for visualizing network traffic in a Capture window. The Peer Map graphically displays all of the nodes, or a user-defined subset, detected in a particular Capture window.
Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes.
The Peer Map viewTo display the Peer Map:
1. Open a Capture window and begin capturing traffic.
2. From the Capture window, click the Peer Map view.
Tip Hold the cursor over a particular node in the Peer Map to see a tooltip with more information about this node.
37
Chapter 10: Using the Peer Map
3. Click the Peer Map Options icon to open the Peer Map Options dialog. This dialog lets you choose to show or hide displayable icons, node visibilities, and protocol line segment gaps.
4. Use the tabs in the right pane to configure Peer Map settings:
● Profiles: This tab lets you configure settings into a profile that controls the appearance and layout of the Peer Map. The toolbar in the task pane allows you to save, edit, duplicate, delete, import, and export profiles.
● Configuration: This tab lets you set the basic parameters of the Peer Map, what part of the traffic in the Capture window’s buffer is displayed, and how the protocols (line segments) are displayed in the Peer Map.
● Node Visibilities: This tab displays node counts and nodes that are both shown and hidden in the Peer Map.
5. Right-click on a node for other options, including:
● Arrange: If you have changed the appearance of the Peer Map by dragging nodes to new positions, this option arranges the node back to the ellipse of the Peer Map.
● Node Details: This option opens the Detailed Statistics dialog and shows details of the selected node.
Peer Map Header
Peer Map Options
38 The Peer Map view
C H A P T E R 11
Using VoIP Analysis
VoIP (Voice over IP) refers to the protocol suites used to set up and maintain two-way voice and video communications over the Internet. If you have purchased AiroPeek VX, a VoIP view is available in Capture windows. The VoIP view provides real-time data and statistics on both open and closed calls found on a particular network interface.
The VoIP viewThe VoIP view of a Capture window opens in Call oriented mode, displaying a view of all calls in the Capture window.
To display the VoIP tab:
1. From a Capture window, click the VoIP view.
2. Click Start Capture. VoIP calls appear first under Open Calls and then under Closed Calls as they are completed.
39
Chapter 11: Using VoIP Analysis
3. Click the Closed Call Statistics button. The Statistics view for the sum total of current closed calls appears.
4. Click the tabs to see each type of statistics, such as Bandwidth Utilization below.
Toolbar
Open Calls
Closed Calls
Save csv
Find
Closed Call Statistics
Open Call Statistics
Setup
VoIP Filter
Import Settings
Export Settings
40 The VoIP view
AiroPeek Getting Started Guide
Analyzing a single call or channelThe VoIP tab offers many ways to view the details of a particular call or channel.
To open the Call Details window for an individual call:
1. Double-click a closed call with media from the initial VoIP tab. (A call with media is one with data in the Media Channels column.) The Call Details window appears.
Analyzing a single call or channel 41
Chapter 11: Using VoIP Analysis
2. Double-click a media channel in the Media table. The Channel Properties window appears.
Back
Save txt Help
Initial VoIP view
42 Analyzing a single call or channel
AiroPeek Getting Started Guide
3. Click the tabs to see the information available in each field.
4. Click the Audio button. The playback feature allows you to hear what difference various jitter buffer settings will make in the sound quality of the selected media channel.
Analyzing a single call or channel 43
Chapter 11: Using VoIP Analysis
44 Analyzing a single call or channel
A P P E N D I X A
Keyboard Shortcuts
Shortcut Description
Ctrl + N Creates a new Capture window.
Ctrl + O Opens an AiroPeekCapture file or other supported file type in a new Capture file window.
Ctrl + S Opens the Save dialog to save all packets in the active window.
Ctrl + P Prints the active window in a format appropriate to its type.
Alt + F4 Quit AiroPeek.
Ctrl + Z Undoes the last edit.
Ctrl + X Cuts the highlighted item(s) and copies to the clipboard.
Ctrl + C Copies highlighted item(s) to the clipboard.
Ctrl + V Pastes the current contents of the clipboard.
Ctrl + B Deletes all packets from the active Capture window.
Ctrl + A Selects all packets, text, or items in a window.
Ctrl + D Removes all highlighting and selection.
Ctrl + E Opens the Select dialog, where you can use filters, ASCII or hex strings, packet length, and Analysis Modules to select captured packets.
Ctrl + H Removes selected packets from the display without deleting them. Hidden packets are not processed further.
Ctrl + Shift + H Removes unselected packets from the display without deleting them. Hidden packets are not processed further.
45
Appendix A: Keyboard Shortcuts
Ctrl + U Restores all previously hidden packets to normal status.
Ctrl + G Opens the Go To dialog where you can choose a packet number to jump to. If packets are selected, the number of the first selected packet is shown.
Ctrl + J Jumps to the next selected packet.
Ctrl + Z Undoes the last edit.
Ctrl + M Opens the Filters window.
Ctrl + L Opens the Log window.
Ctrl + Y Toggles the packet capture function.
Ctrl + 1 Opens the monitor Node Statistics window.
Ctrl + 2 Opens the monitor Protocol Statistics window.
Ctrl + 3 Opens the monitor Network Statistics window.
Ctrl + 4 Opens the monitor packet Size Statistics window.
Ctrl + 5 Opens the monitor Summary Statistics window.
Ctrl + 6 Opens the monitor History Statistics window.
Ctrl + 7 Opens the monitor Channel Statistics window.
Ctrl + 8 Opens the monitor WLAN Statistics window.
Ctrl + Tab Makes the next window in sequence the active window.
Ctrl + Shift + Tab Makes the previous window in sequence the active window.
F1 Launches the Online Help.
Shortcut Description
46
Index
Numerics802.11 channel settings and encryption 3
Aadapter view, capture options dialog 8ASCII 12
Bbandwidth utilization 40baselining with summary statistics 17BSSID (basic service set identifier) 21
Ccall oriented mode 39capture options dialog 7capture packets 7capture window 7, 9channel statistics 17, 23compare tab, visual expert 31conversations view 25
EESSID (extended service set identifier) 21expert analysis 27expert EventFinder settings 27, 28
Ffilter 33
creating a simple filter 35enable a filter 33insert filter dialog 35make filter command 34reject matching 34
filtersreject matching 34
flat viewconversations view 25, 26expert view 29
Ggauge tab 16geiger counter 24general view, capture options dialog 7graphs 19
graph data options dialog 19statistical displays 19
graphs tab, visual expert 30
Hhexadecimal view 12hierarchy view
conversations view 25expert view 27
history statistics 17
Llatency graphs, visual expert 30
Mmedia table 42monitor statistics 15
Nnetwork statistics 16network traffic 15node statistics 16
OOSI layer 27
Ppacket decode 11packet size distribution graph 16packetvisualizer tab, visual expert 30payload tab, visual expert 30peer map 37playback feature (VoIP call channel) 43
47
Index
protocol statistics 16
Rraw packet data 12reject matching 34
Ssequence graphs, visual expert 30service set identifier 17signal statistics 17, 24size statistics 16SSID 17STA (station) 21start capture 9stop capture 9summary statistics 17
baselining with summary statistics 17snapshot 18
summary tab, visual expert 31
system requirements 1
TTCP window graphs, visual expert 30tcptrace graphs, visual expert 30throughput graphs, visual expert 30
Vvalue tab 16visual expert 27, 29Voice over IP 39VoIP view 39
Wwhat if tab, visual expert 31wireless nodes 17WLAN statistics 17, 21WLAN view 21
48
