Download pdf - AiroPeek Gettingstarted

Transcript
Page 1: AiroPeek Gettingstarted
Page 2: AiroPeek Gettingstarted

Copyright © 2006, WildPackets, Inc. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form, or by any means, electronic or mechanical, including photocopying, for any purpose, without the express written permission of WildPackets, Inc.

AiroPeek SE, AiroPeek NX, AiroPeek VX, EtherPeek SE, EtherPeek NX, EtherPeek VX, Gigabit Analyzer Card (GAC), GigaPeek NX, iNetTools, NAX, NetDoppler, NetSense, Network Calculator, Omni³, Omni Capture Engine, Omni Desktop Engine, Omni DNX Engine, OmniEngine Desktop, OmniEngine Enterprise, OmniEngine Workgroup, Omni Management Console, Omni PacketGrabber, OmniPeek, OmniPeek Enterprise, OmniPeek Enterprise Connect, OmniPeek Personal, OmniPeek Workgroup, OmniPeek Workgroup Pro, OmniPeek Personal, Omnipliance, OmniSpectrum, PacketGrabber, Peek DNX, ProConvert, ProtoSpecs, RFGrabber, RMONGrabber, WAN Analyzer Card (WAC), WANPeek NX, WildPackets, WildPackets Academy, and WildPackets OmniAnalysis Platform are trademarks of WildPackets, Inc. All other trademarks are the property of their respective holders.

The material in this document is for information purposes only and is subject to change without notice. While reasonable efforts have been made in the preparation of this document to assure its accuracy, WildPackets, Inc. assumes no liability resulting from errors or omissions in this document, nor from the use of the information contained herein.

WildPackets, Inc. reserves the right to make changes in the product design without reservation and without notification to its users.

Contacting WildPackets

Mailing Address

WildPackets, Inc.1340 Treat Blvd., Suite 500Walnut Creek, CA 94597

Voice/Fax

8 AM - 5 PM (PST)(925) 937-3200 (800) 466-2447 (US only)Fax: (925) 937-3211

[email protected]

Sales

[email protected]

Web

http://www.wildpackets.com

Technical Support

http://www.wildpackets.com/support

Resources

See http://www.wildpackets.com/support/additional_resources/white_papers for white papers, tutorials, technical briefs and more.

ii

Page 3: AiroPeek Gettingstarted

Training and CertificationWildPackets Academy offers the most effective and comprehensive network and protocol analysis training available, meeting the professional requirements of corporate, educational, government, and private network managers. Our instructional methodology is centered on practical applications of protocol analysis techniques.

See http://www.wildpackets.com/services for course catalog, current public course scheduling, web-delivered courses, and consulting services.

WildPackets Academy(800) [email protected]

Product Support and MaintenanceWildPackets Product Maintenance Programs ensure that you grow along with our products as new features and enhancements to existing features are added. All WildPackets customers are entitled to technical support for the life of their purchased product(s).

Enhanced support services are available through our Premium Maintenance Programs. Premium Maintenance offers Remote Trace File Analysis assistance and free seats in our WildPackets Academy Training courses, in addition to our standard maintenance services.

Standard or Premium Maintenance can be purchased by contacting [email protected].

About WildPackets, Inc.

Since 1990, WildPackets has been delivering real-time fault analysis solutions that enable the world's leading organizations to keep their networks running securely and reliably, day after day. From the desktop to the datacenter, from wireless LANs to Gigabyte backbones, on local segments and across distributed networks, WildPackets products enable IT organizations to quickly find and fix problems affecting mission-critical network services. WildPackets products are sold in over 60 countries through a broad network of channel and strategic partners. More than 5,000 customers, spanning all industrial sectors and including 80% of the Fortune 1000, use WildPackets products daily to troubleshoot networks and maximize network uptime. WildPackets customers include Agilent, Cisco Systems, Comcast, EDS, Microsoft, Siemens AG, Qualcomm, Unisys, Motorola, and Deutsche Bank. Strategic partners include Aruba, Atheros, Cisco, 3Com, Intel and Symbol Technologies. For further information, please visit www.wildpackets.com.

20060531-E-AP31/11_d3

iii

Page 4: AiroPeek Gettingstarted
Page 5: AiroPeek Gettingstarted

Contents

Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Installing AiroPeek . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Main program window and Start Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 2 Capturing Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Capturing packets into a Capture window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 3 Viewing Decoded Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11The packet decode window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Chapter 4 Monitoring the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Displaying Monitor statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Baselining with summary statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 5 Creating Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Creating a graph from a Capture window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 6 Wireless Statistics in Capture Windows . . . . . . . . . . . . . . . . . . 21The WLAN view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21The Channels view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23The Signal view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Chapter 7 Displaying Conversations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25The Conversations view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Chapter 8 Troubleshooting with the Expert . . . . . . . . . . . . . . . . . . . . . . . . 27The Expert view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Using the Expert EventFinder Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Using the Visual Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Chapter 9 Creating Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Enabling a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating filters with the Make Filter command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

v

Page 6: AiroPeek Gettingstarted

Contents

Creating a simple filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Chapter 10 Using the Peer Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37The Peer Map view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Chapter 11 Using VoIP Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39The VoIP view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Analyzing a single call or channel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Appendix A Keyboard Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

vi

Page 7: AiroPeek Gettingstarted

C H A P T E R 1

Introduction

Welcome to AiroPeek, the award-winning wireless network analyzer from WildPackets!

AiroPeek incorporates advanced capabilities for monitoring and troubleshooting wireless LANs, including full decodes for 802.11a/b/g WLAN standards, encryption and decryption features, and sophisticated displays of channel and signal strength statistics of your wireless network.

This Getting Started Guide provides information about three programs:

● AiroPeek SE (Wireless LAN Protocol Analyzer): AiroPeek SE (Standard Edition) offers all the features of a great wireless analyzer at an affordable price. In addition, the Conversations tab is unique to AiroPeek SE. See Chapter 7, Displaying Conversations.

● AiroPeek NX (Expert Wireless LAN Analyzer): AiroPeek NX has all the features of AiroPeek SE plus an advanced set of expert troubleshooting and diagnostic capabilities (available in the Expert tab) and a graphical view of peer-to-peer communications (available in the Peer Map tab). See Chapter 8, Troubleshooting with the Expert and Chapter 10, Using the Peer Map.

● AiroPeek VX (Expert Voice over Wireless LAN Analyzer): AiroPeek VX has all the features of AiroPeek NX plus the analysis of real-time voice data and statistics on both open and closed VoIP connections (available in the VoIP tab). See Chapter 11, Using VoIP Analysis.

Note The term ‘AiroPeek’ will be used throughout this Getting Started Guide to refer to the program with features common to all three versions, unless otherwise noted. Screenshots will depict the fullest version, AiroPeek VX, unless otherwise noted.

System requirementsThe system requirements for AiroPeek are:

● Windows XP (SP2) or Windows 2000 (SP4)

1

Page 8: AiroPeek Gettingstarted

Chapter 1: Introduction

Minimal testing on AiroPeek SE and AiroPeek NX has been done with Windows Server 2003 (SP1). AiroPeek VX does not support Windows Server 2003.

● Internet Explorer 6.0 (SP1)

● Microsoft .NET (Framework 2)

AiroPeek supports portable computers as long as the basic system requirements to run the supported operating systems are met. Depending on traffic and the particular usage of AiroPeek, the requirements may be substantially higher.

The following system is recommended:

● P4 2 GHz (P4 2.4 GHz for AiroPeek VX)

● 512 MB RAM (1 GB RAM for AiroPeek VX)

● 10 GB Available Hard Disk Space (20 GB Available Hard Disk Space for AiroPeek VX)

Factors that contribute towards superior performance include, high speed CPU, dual CPUs, two or more GB of RAM, high performance disk storage subsystem (RAID 0), and as much additional hard disk space as is required to save the trace files that you plan to manage. .

Note Supported operating systems require users to have “Administrator” level privileges in order to load and unload device drivers, or to select a network adapter for the program’s use in capturing packets.

For more information, please see our web site at http://www.wildpackets.com/products.

Network adapters and driversAiroPeek requires the installation of a special NDIS driver for packet capture and to control a supported network adapter. The Atheros Wireless LAN Adapter driver has been tested and is included with AiroPeek. Check the Readme in the driver folder (for example, C:\Program Files\WildPackets\AiroPeek\Driver) for driver installation instructions. The Atheros driver supports advanced functionalities such as WPA/PSK decryption, noise measurement, and hardware timestamping.

Important! 802.11 WLAN adapters cannot be used for network services while they are in RF Monitor mode.

To download other available drivers, visit our website at http://www.wildpackets.com/support/product_support/overview. Some minimal testing has been done with these drivers;

2 System requirements

Page 9: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

however, the advanced functionalities found in the Atheros driver may not be available with these other drivers.

For information about configuring 802.11 channel settings and encryption for wireless adapters, please see the AiroPeek User Guide or online help.

Installing AiroPeekTo install AiroPeek, follow these steps:

1. Uninstall any earlier versions of AiroPeek.

The recommended way to uninstall is to run the installer and choose to remove the previous version.

2. Insert the AiroPeek Installer CD into your CD or DVD drive.

3. Follow the installation instructions that appear on the screen.

During installation you are asked to enter a valid Activation Key. When prompted, you can select Automatic or Manual:

● Automatic: The installer uses your Internet connection to send an encrypted message to an activation server, which retrieves and displays your Activation Key. Please write down the Activation Key for future reference.

● Manual: The installer allows you to enter the Activation Key manually. You can obtain an Activation Key in the following ways: Go to a computer with an Internet connection and web browser and complete the request form, or call WildPackets Technical Support.

For more information about the product activation process, please see our web site at: http://www.wildpackets.com/activation.

4. When the Installer has finished installing the program files, you can choose to view the Readme or launch the program.

Main program window and Start PageTo start AiroPeek:

● Choose Start > All Programs > WildPackets AiroPeek.

The main program window and Start Page appears. The parts of the main program window are described below.

Installing AiroPeek 3

Page 10: AiroPeek Gettingstarted

Chapter 1: Introduction

● Toolbar: Provides icons for frequently-used tasks in AiroPeek. The name of each icon’s function appears when the cursor passes over it. Choose View > Toolbars to toggle the display of this toolbar.

● Status Bar: Shows brief context-sensitive messages on the left and the current monitor adapter on the right. Choose View > Status Bar under the menu to toggle the display of this status bar.

● Monitor Options: Lets you choose an adapter for collecting Monitor statistics, as well as configure other settings. See Chapter 4, Monitoring the Network for details on enabling and viewing Monitor statistics.

● Network Statistics Gauge: Shows network utilization as analog dials with corresponding digital displays. Available by choosing Monitor > Network.

● AiroPeek Log: Records Start, Stop, and other AiroPeek events. Available by choosing View > Log Window.

● Start Page: Provides links to useful resources, both local and online.

Toolbar

Status Bar

Network Statistics Gauge

Monitor Options

AiroPeek Log

4 Main program window and Start Page

Page 11: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

Some of the quick links accessed from the Start Page include:

● opening recently saved Capture files

● starting a new capture

● starting Monitor statistics

● viewing an HTML version of the Getting Started Guide

● accessing the PDF version of the User Guide

● viewing the Audit Template instructions

● accessing the WildPackets Technical Compendium

Main program window and Start Page 5

Page 12: AiroPeek Gettingstarted

Chapter 1: Introduction

6 Main program window and Start Page

Page 13: AiroPeek Gettingstarted

C H A P T E R 2

Capturing Packets

Packets are the units of data carried on the network and the basis for all higher level network analysis. The Packets view of a Capture window is where you can view information about the individual packets transmitted on your network.

AiroPeek can capture packets in multiple configurable Capture windows, each with its own dedicated capture buffer and settings for filters, triggers, and statistics output. You can establish and view multiple Capture windows up to the limits of available system resources.

Capture windows allow you to:

● View and monitor network traffic in real time

● Use a different adapter for each Capture window, or use the same adapter for multiple Capture windows

● Apply filters, both before and after capture

● Start or stop capture based on network events or time settings

● View statistics based on selected network traffic

● View packet contents, raw and/or decoded

● Save packets for post-capture analysis in Capture file windows

Capturing packets into a Capture windowTo capture packets:

1. To start a new capture, do one of the following:

● Click the New Capture button on the Start Page

● Choose File > New…

The General view of the Capture Options dialog appears.

7

Page 14: AiroPeek Gettingstarted

Chapter 2: Capturing Packets

2. Configure the options in the General view.

3. Click the Adapter view to select the capture adapter.

Note For information on configuring settings in the other views of the Capture Options dialog, see the AiroPeek User Guide or online help.

4. Click OK. A new Capture window appears.

Capture window title

Save to disk options

Continuous capture options

Packet slicing options

Capture buffer size

“Show this dialog...”

8 Capturing packets into a Capture window

Page 15: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

5. Click Start Capture to begin capturing packets. The Start Capture button changes to the Stop Capture button and packets begin populating the Capture window.

Note You can right-click a column heading to hide or display available column headings in the Packets view.

6. Click Stop Capture when you want to stop capturing packets.

Start/Stop Capture

Capturing packets into a Capture window 9

Page 16: AiroPeek Gettingstarted

Chapter 2: Capturing Packets

Tip To resume capturing from where you left off, hold down the Shift key and click the Start Capture button. To empty the capture buffer and start a new capture, simply click the Start Capture button again.

10 Capturing packets into a Capture window

Page 17: AiroPeek Gettingstarted

C H A P T E R 3

Viewing Decoded Packets

Network problems are revealed more quickly by looking at the detailed information contained in individual packets. Looking into the packets can help you troubleshoot your network, track down a security breach, or examine protocol structure and compliance.

The packet decode windowYou can view detailed information about each packet by viewing the packet’s decode.

To view the decode of a packet:

1. Double-click a packet in the Packets view of a Capture window. The Packet Decode window appears. The decoded packet data is presented in byte order from top to bottom.

Window navigationDecoder options

Information added by AiroPeek

Window header

Decode view

Hex and ASCII viewOffsets

11

Page 18: AiroPeek Gettingstarted

Chapter 3: Viewing Decoded Packets

Tip You can open individual Packet Decode windows for up to 10 packets at once. When multiple packets are selected in the active Packet List, click Enter to open them all.

2. Click on the - minus or + plus signs in the margin to collapse or expand the view of any header section.

● Window header:

● Click the Decode Previous or Decode Next buttons at the top of the window to step through the packets shown in the Packet List of the active Capture window.

● Decode view:

● The items in green at the top of the Decode view include information on the Flags, Status, Packet Length, and Timestamp of the packet. This information is not in the packet itself, but is added by AiroPeek.

● The body of the Decode view is laid out in the same order as it appears in the packet. A quick glance at this section often reveals the source of trouble. Problems like a misconfigured client, or incompatible versions of the same protocol from different vendors can be easily understood when you can see and compare the packets themselves.

● Hexadecimal view:

● The Hex view at the bottom of the decode window shows the offset of the first character in each line, the raw packet data in hex, and the ASCII version of raw packet data

3. Highlight an item in one part of the window. The same bytes of the packet are highlighted in all the other views or panes as well. The highlight matches in the Decode, Hex, and ASCII panes.

Color coding is used to link the Decode view with the Hex view for both Hex and its ASCII equivalent. The Hex and ASCII views are in turn linked to the color of the protocol shown in the Protocols column of the Packet List.

Tip Right-click and choose Show Colors to toggle display of colors.

12 The packet decode window

Page 19: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

Tip Use the Toggle Orientation icon in the toolbar to tile the Decode and Hex views vertically or horizontally.

Toggle Orientation

Highlights match:

Decode

Hex

ASCII

The packet decode window 13

Page 20: AiroPeek Gettingstarted

Chapter 3: Viewing Decoded Packets

14 The packet decode window

Page 21: AiroPeek Gettingstarted

C H A P T E R 4

Monitoring the Network

The Monitoring statistics function provides insight into the overall flow of network traffic. It is like the view from a traffic helicopter and can indicate bottlenecks and anomalies. Use Monitor statistics to identify trends and current conditions that may signal unexpected network problems.

To enable Monitor statistics:

1. Choose Monitor > Monitor Options.... The Monitor Options dialog appears.

2. Click the Adapter view.

3. Select a locally installed network adapter listed under Local machine.

4. Click OK.

15

Page 22: AiroPeek Gettingstarted

Chapter 4: Monitoring the Network

5. Select Monitor Statistics in the Monitor menu to enable the collection of Monitor statistics.

The program begins monitoring traffic from the selected adapter in the background. AiroPeek will continue to collect Monitor statistics from the selected adapter until you quit the program or deselect Monitor statistics from the Monitor menu.

Displaying Monitor statisticsYou can view various Monitor statistics windows by going to the Monitor menu and selecting a type of statistic to view:

● Nodes: Displays real-time data organized by network node.

● Protocols: Displays network traffic volume, in packets and in bytes, broken down by protocol and subprotocol.

● Network: Displays network statistics in two different ways:

● The Gauge tab displays network statistics as three analog dials with corresponding digital displays at their centers. A history graph under the gauges displays maximum (red line) and average (yellow line) values.

● The Value tab displays network statistics: duration, aggregate counts and volumes, error packets, and both Total Errors and CRC.

● Size: Displays the Packet Size Distribution graph, showing what percentage of the packets on the network are in each size class (according to their length in bytes).

16 Displaying Monitor statistics

Page 23: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

● Summary: Displays summary of key network statistics in real time. You can use summary Statistics to baseline “normal” network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior. See Baselining with summary statistics.

● History: Displays a graph of network performance at selected intervals over time.

● Channel: Displays channels statistics in two different ways:

● The Channel tab displays a variety of statistics and counts for each channel, laid out in tabular form.

● The Signal tab displays continuously updated bar graphs of signal strength for monitored network traffic

● WLAN: Displays an SSID (Service Set Identifier) tree view of wireless nodes.

Note Equivalent views of Monitor statistics windows are available in Capture windows. See Chapter 6, Wireless Statistics in Capture Windows and Chapter 5, Creating Graphs.

Baselining with summary statisticsThe summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline “normal” network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem.

Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client’s network with a saved “healthy” router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance.

Baselining with summary statistics 17

Page 24: AiroPeek Gettingstarted

Chapter 4: Monitoring the Network

To baseline with summary statistics:

1. Choose Monitor > Summary. The Summary Statistics window appears.

2. Click the Snapshot icon. The real-time network traffic data displayed in the Current column is copied to a new column identified as Snapshot # (where # is the sequence number of the Snapshot). The new Snapshot column also shows the date and start time at which the Snapshot was made.

Tip Right-click in the column of a Snapshot you wish to remove and select Delete Snapshot #.

3. Choose File > Save Summary Statistics to save the information to a text file.

Snapshot icon

18 Baselining with summary statistics

Page 25: AiroPeek Gettingstarted

C H A P T E R 5

Creating Graphs

In addition to the standard statistical displays available from the Monitor menu and Capture window views, AiroPeek offers multiple methods for displaying individual statistical items or groups of statistics in user-defined graphs.

Creating a graph from a Capture windowThis section shows you how you can easily create a graph from a Capture window. You can graph any statistics item calculated in the Nodes, Protocols, Summary, WLAN, or Channels views of a Capture window.

Note You can also create graphs from any equivalent window of Monitor Statistics.

To create a graph from a statistics view:

1. From a Capture window, select one of the statistics or wireless views.

2. Right-click the item you wish to graph and then select Graph. The Graph Data Options dialog appears.

19

Page 26: AiroPeek Gettingstarted

Chapter 5: Creating Graphs

3. Select Display graph in new window.

4. Complete the dialog and click OK. The graph is displayed in a new window.

5. Click the Bar, Area, and Line icons to vary the display of the graph.

Tip Click the Options icon for more graph display options.

Bar

AreaLine

OptionsPause

20 Creating a graph from a Capture window

Page 27: AiroPeek Gettingstarted

C H A P T E R 6

Wireless Statistics in Capture Windows

AiroPeek calculates a variety of key statistics in real time and presents these statistics in intuitive graphical displays. You can save, copy, print, or automatically generate periodic reports on these statistics in a variety of formats. (Please see the AiroPeek User Guide or online help for information on generating statistics reports.)

Two distinct program functions—Monitor statistics and packet capture—provide statistics in the program. The two differ in the traffic stream on which their statistics are calculated:

● Statistics presented by the Monitor statistics function are based on all the traffic seen on the adapter selected in the Monitor Options dialog since Monitor statistics calculations began. (See Chapter 4, Monitoring the Network).

● Statistics in a Capture window reflect all the packets accepted into the buffer of the Capture window since capture began, based on traffic seen on the adapter selected in the Capture Options dialog. Capture windows provide the following statistics views: Conversations (unique to AiroPeek SE), Nodes, Protocols, Summary, Graphs, WLAN, Channels, and Signal.

This chapter introduces the features in the WLAN, Channels, and Signal views of Capture windows.

The WLAN viewThe WLAN view shows an SSID (Service Set Identifier) tree view of wireless nodes. The hierarchy is:

● ESSID (Extended Service Set Identifier): the name of a logical group of access points

● BSSID (Basic Service Set Identifier): a single access point

● STA (Station): a client associated to the particular access point

The parts of the WLAN view are identified below.

21

Page 28: AiroPeek Gettingstarted

Chapter 6: Wireless Statistics in Capture Windows

● The header section provides summary counts of Wireless Networks, Ad Hoc Networks, Access Points, and Clients (STAs).

● Node Type: Lets you limit the display to selected nodes (All Nodes, Stations, Access Points, ESSID, Ad Hoc, Admin, and Unknown).

● Color globes: Indicate the type of node.

● Blue: ESSID

● Pink: AP or Ad Hoc equivalent

● Orange: STA or client

● Gray: Admin or otherwise unknown

● Gray with (?): Indications for a particular node are contradictory or unexpected.

Tip Select a node and click on the icons to Make Filter, Graph, Make Alarm, and more.

Color Globe

Node Type

Summary Counts

22 The WLAN view

Page 29: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

The Channels viewThe Channels view of a Capture window shows a variety of statistics and counts for each channel, laid out in a tabular form.

You can choose to display information by Packets, Bytes or All.

The arrow in the left column shows which channel is being scanned.

Tip Right-click in the column headers to add or remove columns from the display.

Make AlarmGraph

Make Filter

Refresh

The Channels view 23

Page 30: AiroPeek Gettingstarted

Chapter 6: Wireless Statistics in Capture Windows

The Signal viewThe Signal view shows continuously updated graphs of signal strength for traffic in the Capture window.

● All or AP only: Choose to show signals on all channels, or show only the signals of access points detected on the channels advertised in AP beacon and probe response packets.

● Node Type: Limit the display to traffic between certain types of nodes.

● Units: Choose the units of display.

● Options: Opens the Signal Statistics Options dialog, where you can choose to Reset graph occasionally or to toggle the Legend in the Signal view on or off.

● Pause: Temporarily suspend the update of the display.

● Geiger Counter: Acts as toggle. When enabled, makes an audible click each time the user-specified number of packets is processed on the selected adapter.

All or AP only view Node Type Units PauseGeiger Counter

Options

24 The Signal view

Page 31: AiroPeek Gettingstarted

C H A P T E R 7

Displaying Conversations

The Conversations view, unique to AiroPeek SE, groups traffic in a Capture window into conversations between pairs of network nodes.

The Conversations viewThe Hierarchy view of the Conversations view provides a hierarchical list of all conversations, or flows, contained in the unhidden packets of the capture buffer. The Flat view displays each flow independently, presenting them in a flat table.

To display conversations:

1. Open a Capture window and begin capturing traffic.

2. Click Hierarchy under the Conversations view.

The parts of this view are identified below.

25

Page 32: AiroPeek Gettingstarted

Chapter 7: Displaying Conversations

● Flows analyzed: Summary count of conversations.

● Upper pane: Current conversations, with information about each conversation displayed in a user-definable set of columns.

● Color coding:

● Green: Demonstrates that a conversation is still active.

● White: Demonstrates that a conversation is completed.

● Right-click options:

When one or more conversations are highlighted, you can use the context menu to Select Related Packets either By Source and Destination, which chooses packets with matching source and destination addresses, or By Conversation, choosing packets sent between two nodes in either direction, with the matching protocol and port.

● Node Details view: Additional information about a selected peer appears here.

3. Select the Flat view.

Flows (conversations) are numbered in the Flow ID column in the order in which they are identified. This view allows you to compare flows to one another, regardless of the node pair to which they belong.

26 The Conversations view

Page 33: AiroPeek Gettingstarted

C H A P T E R 8

Troubleshooting with the Expert

The Expert features in AiroPeek NX and AiroPeek VX provide real-time analysis of response time, throughput, and a wide variety of network events and potential problems in a flow-centered view of traffic in a Capture window.

The Expert EventFinder detects nearly 200 different network events and provides descriptions, possible causes, and possible remedies organized by OSI layer. Depending on your version of the program, network events specifically related to VoIP, Wireless, WAN, and user-defined Network Policy items are also shown.

The Visual Expert presents a variety of ways to look at an individual flow found in the Expert view, providing a static snapshot of all of the packets that were in the buffer for a particular flow at the time the window was created.

The Expert viewThe Hierarchy view of the Expert view makes it easy to track events and to see them in the context of peer-to-peer or client-server traffic patterns.

To display events in the Expert view:

1. From the Capture window, click Hierarchy under the Expert view.

Pairs of nodes are displayed at the top level, individual conversations (flows) underneath them, and individual events nested under each flow. Color coded traffic indicator lights show whether or not packets were received in the last few seconds:

● green (active)

● white (inactive)

27

Page 34: AiroPeek Gettingstarted

Chapter 8: Troubleshooting with the Expert

2. Right-click in the upper pane to collapse or expand the hierarchy to display the most relevant information.

Using the Expert EventFinder SettingsYou can view more details about individual events in the Expert EventFinder Settings dialog.

To open the Expert EventFinder Settings window:

1. Select an individual event in the Hierarchy view of the Expert view.

2. Click the EventFinder Settings icon. The Expert EventFinder Settings window appears with the particular class of event highlighted.

Network Policy

EventFinder Settings

Refresh

28 Using the Expert EventFinder Settings

Page 35: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

The Expert EventFinder Settings window provides information on what sensitivity or setting value was used to flag this event as significant.

Tip Click Show Info to see a more complete description of the event, possible causes, and possible remedies.

Using the Visual ExpertThe Visual Expert provides various ways of looking at an individual flow at the time the window was created.

To open the Visual Expert:

1. Select Flat under the Expert view of a Capture window.

2. Right-click any flow and choose Visual Expert. The Visual Expert window appears.

Using the Visual Expert 29

Page 36: AiroPeek Gettingstarted

Chapter 8: Troubleshooting with the Expert

The six tabs at the bottom of the window are described below.

● PacketVisualizer: This tab displays all of the packets for both sides of a flow.

● Payload: This tab reconstructs the TCP data without the header information.

● Graphs: This tab displays five types of graphs:

● Throughput: Displays the rolling average throughput for the flow, in TCP Sequence Number order over time.

● Latency: Displays the time between a packet and the request packet that it acknowledges.

● Sequence: Displays TCP SEQ numbers across time, a simple version of the information in the tcptrace graph.

● tcptrace: Displays varied visualizations of a TCP flow.

● TCP window: Displays the size of the available TCP window as it expands and contracts through the course of the TCP session in the current flow.

30 Using the Visual Expert

Page 37: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

Tip Highlight the graph names in the navigation bar to see all of the graphs at once.

● What If: This tab lets you estimate the effects of changes in various network and application parameters on throughput, utilization, and response times in the current flow.

● Compare: This tab can find a particular flow in any other open file or capture, and display the two separately captured instances of that flow side by side, noting any detailed differences between the two.

● Summary: This tab displays the same data that appears in the Node Details pane of the Expert tab.

Using the Visual Expert 31

Page 38: AiroPeek Gettingstarted

Chapter 8: Troubleshooting with the Expert

32 Using the Visual Expert

Page 39: AiroPeek Gettingstarted

C H A P T E R 9

Creating Filters

Filters let you focus on specific traffic. If you want to check a problem between two particular devices, perhaps a computer and a printer, address filters can capture just the traffic between these two devices. If you are having a problem with a particular function on your network, a protocol filter allows you to focus on traffic related to that particular function.

Filters work by testing packets against the criteria specified in the filter. Packets whose contents meet these criteria match the filter. You can build filters to test for just about anything found in a packet: addresses, protocols, sub-protocols, ports, error conditions, and more. Filters are so easy to create in that you can often create a custom filter on-the-fly while analyzing suspect traffic on your network.

Enabling a filterIn addition to the filters that you create, the program includes numerous pre-defined filters. You can enable one or more filters when capturing or monitoring packets.

To enable filters when capturing packets:

1. Click the Filters view in a Capture window.

33

Page 40: AiroPeek Gettingstarted

Chapter 9: Creating Filters

2. Select the filter or filters that you want to enable.

3. Click the Start Capture button to begin capturing packets. Any packets that match the filters that are enabled are placed into the capture buffer.

Alternately, you can choose to place the packets that do not match the filter in the capture buffer by clicking the Reject Matching icon.

Creating filters with the Make Filter commandYou can use the Make Filter command to easily create a filter based on the address, protocol, and port settings of an existing packet, node, protocol, conversation, or packet decode.

To create a filter with the Make Filter command:

1. Right-click a packet, node, protocol, conversation, or packet decode item from one of the views available in a Capture window and choose Make Filter. The Insert Filter dialog appears with the Address, Protocol, and Port settings already configured with the information from the packet that was selected.

2. Enter a new name in the Filter text box and make any additional changes.

3. Click OK. The new filter is now available whenever a list of available filters is displayed.

4. To enable the new filter in your Capture window, click the Filters view and select the check box of the new filter. The filter is applied immediately, even if a capture is already under way.

Reject Matching Start/Stop Capture

34 Creating filters with the Make Filter command

Page 41: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

Creating a simple filterYou can create a simple filter by manually entering the parameters for the filter that you want to create. Unlike creating a filter using the Make Filter command, you will have to manually define the parameters (address, protocol, and port settings) for the filter you want to create.

Note For information on creating more advanced filters, refer to the AiroPeek User Guide or online help.

To create a simple filter by defining an address and protocol:

1. Do one of the following to open the Filters view:

● Click the Filters view in an open Capture window

● Choose View > Filters from the main menu

2. Click the Insert icon. The Insert Filter dialog appears.

Insert

Creating a simple filter 35

Page 42: AiroPeek Gettingstarted

Chapter 9: Creating Filters

3. Give your new filter a name.

4. Complete the address, protocol, or port setting information and click OK. The new filter is now available whenever a list of available filters is displayed.

5. To enable the new filter in your Capture window, click the Filters view and select the check box of the new filter. The filter is applied immediately, even if a capture is already under way.

36 Creating a simple filter

Page 43: AiroPeek Gettingstarted

C H A P T E R 10

Using the Peer Map

The Peer Map view in AiroPeek NX and AiroPeek VX is a powerful tool for visualizing network traffic in a Capture window. The Peer Map graphically displays all of the nodes, or a user-defined subset, detected in a particular Capture window.

Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes.

The Peer Map viewTo display the Peer Map:

1. Open a Capture window and begin capturing traffic.

2. From the Capture window, click the Peer Map view.

Tip Hold the cursor over a particular node in the Peer Map to see a tooltip with more information about this node.

37

Page 44: AiroPeek Gettingstarted

Chapter 10: Using the Peer Map

3. Click the Peer Map Options icon to open the Peer Map Options dialog. This dialog lets you choose to show or hide displayable icons, node visibilities, and protocol line segment gaps.

4. Use the tabs in the right pane to configure Peer Map settings:

● Profiles: This tab lets you configure settings into a profile that controls the appearance and layout of the Peer Map. The toolbar in the task pane allows you to save, edit, duplicate, delete, import, and export profiles.

● Configuration: This tab lets you set the basic parameters of the Peer Map, what part of the traffic in the Capture window’s buffer is displayed, and how the protocols (line segments) are displayed in the Peer Map.

● Node Visibilities: This tab displays node counts and nodes that are both shown and hidden in the Peer Map.

5. Right-click on a node for other options, including:

● Arrange: If you have changed the appearance of the Peer Map by dragging nodes to new positions, this option arranges the node back to the ellipse of the Peer Map.

● Node Details: This option opens the Detailed Statistics dialog and shows details of the selected node.

Peer Map Header

Peer Map Options

38 The Peer Map view

Page 45: AiroPeek Gettingstarted

C H A P T E R 11

Using VoIP Analysis

VoIP (Voice over IP) refers to the protocol suites used to set up and maintain two-way voice and video communications over the Internet. If you have purchased AiroPeek VX, a VoIP view is available in Capture windows. The VoIP view provides real-time data and statistics on both open and closed calls found on a particular network interface.

The VoIP viewThe VoIP view of a Capture window opens in Call oriented mode, displaying a view of all calls in the Capture window.

To display the VoIP tab:

1. From a Capture window, click the VoIP view.

2. Click Start Capture. VoIP calls appear first under Open Calls and then under Closed Calls as they are completed.

39

Page 46: AiroPeek Gettingstarted

Chapter 11: Using VoIP Analysis

3. Click the Closed Call Statistics button. The Statistics view for the sum total of current closed calls appears.

4. Click the tabs to see each type of statistics, such as Bandwidth Utilization below.

Toolbar

Open Calls

Closed Calls

Save csv

Find

Closed Call Statistics

Open Call Statistics

Setup

VoIP Filter

Import Settings

Export Settings

40 The VoIP view

Page 47: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

Analyzing a single call or channelThe VoIP tab offers many ways to view the details of a particular call or channel.

To open the Call Details window for an individual call:

1. Double-click a closed call with media from the initial VoIP tab. (A call with media is one with data in the Media Channels column.) The Call Details window appears.

Analyzing a single call or channel 41

Page 48: AiroPeek Gettingstarted

Chapter 11: Using VoIP Analysis

2. Double-click a media channel in the Media table. The Channel Properties window appears.

Back

Save txt Help

Initial VoIP view

42 Analyzing a single call or channel

Page 49: AiroPeek Gettingstarted

AiroPeek Getting Started Guide

3. Click the tabs to see the information available in each field.

4. Click the Audio button. The playback feature allows you to hear what difference various jitter buffer settings will make in the sound quality of the selected media channel.

Analyzing a single call or channel 43

Page 50: AiroPeek Gettingstarted

Chapter 11: Using VoIP Analysis

44 Analyzing a single call or channel

Page 51: AiroPeek Gettingstarted

A P P E N D I X A

Keyboard Shortcuts

Shortcut Description

Ctrl + N Creates a new Capture window.

Ctrl + O Opens an AiroPeekCapture file or other supported file type in a new Capture file window.

Ctrl + S Opens the Save dialog to save all packets in the active window.

Ctrl + P Prints the active window in a format appropriate to its type.

Alt + F4 Quit AiroPeek.

Ctrl + Z Undoes the last edit.

Ctrl + X Cuts the highlighted item(s) and copies to the clipboard.

Ctrl + C Copies highlighted item(s) to the clipboard.

Ctrl + V Pastes the current contents of the clipboard.

Ctrl + B Deletes all packets from the active Capture window.

Ctrl + A Selects all packets, text, or items in a window.

Ctrl + D Removes all highlighting and selection.

Ctrl + E Opens the Select dialog, where you can use filters, ASCII or hex strings, packet length, and Analysis Modules to select captured packets.

Ctrl + H Removes selected packets from the display without deleting them. Hidden packets are not processed further.

Ctrl + Shift + H Removes unselected packets from the display without deleting them. Hidden packets are not processed further.

45

Page 52: AiroPeek Gettingstarted

Appendix A: Keyboard Shortcuts

Ctrl + U Restores all previously hidden packets to normal status.

Ctrl + G Opens the Go To dialog where you can choose a packet number to jump to. If packets are selected, the number of the first selected packet is shown.

Ctrl + J Jumps to the next selected packet.

Ctrl + Z Undoes the last edit.

Ctrl + M Opens the Filters window.

Ctrl + L Opens the Log window.

Ctrl + Y Toggles the packet capture function.

Ctrl + 1 Opens the monitor Node Statistics window.

Ctrl + 2 Opens the monitor Protocol Statistics window.

Ctrl + 3 Opens the monitor Network Statistics window.

Ctrl + 4 Opens the monitor packet Size Statistics window.

Ctrl + 5 Opens the monitor Summary Statistics window.

Ctrl + 6 Opens the monitor History Statistics window.

Ctrl + 7 Opens the monitor Channel Statistics window.

Ctrl + 8 Opens the monitor WLAN Statistics window.

Ctrl + Tab Makes the next window in sequence the active window.

Ctrl + Shift + Tab Makes the previous window in sequence the active window.

F1 Launches the Online Help.

Shortcut Description

46

Page 53: AiroPeek Gettingstarted

Index

Numerics

802.11 channel settings and encryption 3

Aadapter view, capture options dialog 8ASCII 12

Bbandwidth utilization 40baselining with summary statistics 17BSSID (basic service set identifier) 21

Ccall oriented mode 39capture options dialog 7capture packets 7capture window 7, 9channel statistics 17, 23compare tab, visual expert 31conversations view 25

EESSID (extended service set identifier) 21expert analysis 27expert EventFinder settings 27, 28

Ffilter 33

creating a simple filter 35enable a filter 33insert filter dialog 35make filter command 34reject matching 34

filtersreject matching 34

flat viewconversations view 25, 26expert view 29

Ggauge tab 16geiger counter 24general view, capture options dialog 7graphs 19

graph data options dialog 19statistical displays 19

graphs tab, visual expert 30

Hhexadecimal view 12hierarchy view

conversations view 25expert view 27

history statistics 17

Llatency graphs, visual expert 30

Mmedia table 42monitor statistics 15

Nnetwork statistics 16network traffic 15node statistics 16

OOSI layer 27

Ppacket decode 11packet size distribution graph 16packetvisualizer tab, visual expert 30payload tab, visual expert 30peer map 37playback feature (VoIP call channel) 43

47

Page 54: AiroPeek Gettingstarted

Index

protocol statistics 16

Rraw packet data 12reject matching 34

Ssequence graphs, visual expert 30service set identifier 17signal statistics 17, 24size statistics 16SSID 17STA (station) 21start capture 9stop capture 9summary statistics 17

baselining with summary statistics 17snapshot 18

summary tab, visual expert 31

system requirements 1

TTCP window graphs, visual expert 30tcptrace graphs, visual expert 30throughput graphs, visual expert 30

Vvalue tab 16visual expert 27, 29Voice over IP 39VoIP view 39

Wwhat if tab, visual expert 31wireless nodes 17WLAN statistics 17, 21WLAN view 21

48