WiFi module

From Allegro Network Multimeter Manual
(Redirected from IEEE 802.11 module)
Jump to navigation Jump to search

This module analyses IEEE 802.11 frames either acquired using the WiFi monitoring feature (see WiFi interface settings) or encapsulated in special packets (https://www.wireshark.org/docs/dfref/p/peekremote.html). It also provides statistics when analyzing PCAPs with a Radiotap link type and IEEE 802.11 packets.

Statistics

Channel statistics

WiFi channel view

This page shows a list of all WiFi channels on which traffic is seen and offers the ability to capture the traffic of each channel. The table contains the following data:

  • Frequency: the frequency of the channel in MHz. This uniquely identifies a channel as the channel numbers themselves are ambiguous.
  • Channel: the channel number. These numbers are ambiguous as there exists a channel 1 in the 2.4GHz range as well as in the 5GHz range.
  • Number of BSS: The number of BSS active on this channel.
  • Active BSS within the last hour: the number of BSS that were active on this channel during the last hour.
  • Packets: the number of packets seen on this channel.
  • Packets retransmitted: the number of retransmitted packets seen on this channel. (firmware >= 4.2)
  • Bytes: the number of bytes seen on this channel.
  • Bytes retransmitted: the number of retransmitted bytes seen on this channel. (firmware >= 4.2)
  • Graph: Multigraph selection that can show packet rate and data rate history.

The channel frequency can be clicked on get a list of BSS in that specific channel. This table contains the same information as the global table in the BSS statistics.

BSS statistics

BSS list

The table shown on this page lists all so-called "base service sets" which are usually the access points and offers the ability to capture the traffic of each BSS.

The table contains the following data:

  • BSS ID: This is the MAC address of the station.
    • In firmware >= 3.4, we also show the number of other BSS IDs of the same device, based on their MAC addresses. When following the link to the BSS detail page, the other BSS are listed on that page.
  • NIC vendor name: This is the vendor name of the MAC addresse.
  • SSID: When available, the SSID is shown for this BSS (firmware >= 3.4)
  • AP name: When available, the AP name is shown (firmware >= 3.4)
    • Note: The AP name is Cisco specific extension of beacon frame attributes and therefore only available for specific devices.
  • Subscribers: This column shows the number of MAC addresses communication from or to this BSS (Firmware >= 3.4)
    • The number of clients in parentheses are the number of unicast addresses different than the BSS MAC address.
    • The actual subscribers can be seen in the BSS detail page.
  • Current channel: This is the channel the BSS is currently operating on (firmware >= 3.4)
  • Current frequency: This is the frequency the BSS is currently operating on (firmware >= 4.0)
  • Current channel utilization: This value is extracted from beacon frames indicating the percentage of time the channel was active (firmware >= 3.4)
  • Current frequency: This classifies the BSS frequency into 2.4 GHz, 5 GHz, or 0 for other frequencies
  • packets transmitted: This is the number of packets that have been analyzed for this BSS. (firmware >= 4.2)
  • packets retransmitted: This is the number of retransmitted packets that have been analyzed for this BSS. (firmware >= 4.2)
  • packets retransmitted ratio: This is the proportion of retransmitted packets that have been analyzed for this BSS. (firmware >= 4.2)
  • bytes transmitted: This is the number of bytes that have been analyzed for this BSS.
  • bytes retransmitted: This is the number of retransmitted bytes that have been analyzed for this BSS. (firmware >= 4.2)
  • bytes retransmitted ratio: This is the proportion of retransmitted bytes that have been analyzed for this BSS. (firmware >= 4.2)
  • Signal/noise level: These values indicate the signal quality of the BSS.
    • It uses information from packets sent from or to the BSS to give an indication ab out the overall quality.
  • Graph: Multigraph selection for detailed information over time:
    • Packets: this is the number of frames seen over time
    • Packets retransmitted: this is the number of retransmitted frames seen over time (firmware >= 4.2)
    • Bytes: this is the number of bytes seen over time
    • Bytes retransmitted: this is the number of retransmitted bytes seen over time (firmware >= 4.2)
    • dbm signal/noise: the signal and noise level over time
    • Channel: This is the channel used at any given time (firmware >= 3.4)
WiFi client list

Client statistics

This page shows all clients devices (unicast devices other than BSS) that have been seen in QoS and beacon frame.

The table shows the client MAC address, its vendor name and in how many BSSs this client was active.

WiFi client detail

When clicking on the client address, a detailed page is shown. The BSS tab shows which BSS were actually used at which time so it is possible to identify how often a client switched access points.

Per-BSS statistics

For each BSS MAC address, more detailed information can be shown by clicking on the MAC address in the BSS list.

WiFi BSS details

The detail page shows an overview for this BSS ID and contains additional tabs for the list of subscribers and network endpoints of that base service set, as well as the list of frequencies, channels, and bands used by this base service set.

The overview tab shows all information from the BSS table and also all MAC addresses of other BSS that are handled by the same physical device.

Traffic processing

There are currently four kinds of 802.11 traffic that can be analyzed:

  1. Live packet processing of IEEE 802.11 packets acquired with the WiFi monitoring feature (see WiFi interface settings).
  2. Radiotap PCAP files that contain IEEE 802.11 packets.
  3. PEEKREMOTE packets. This kind of traffic is generated by access points and is send via UDP to a specified IP address and port. To analyze this traffic, the endpoint mode has to be enabled on an interface which receives this traffic. In the endpoint mode configuration, an IP address and port can be configured for which the Allegro Network Multimeter accepts packets. PEEKREMOTE packets usually do not contain complete IP packets, only 802.11 statistics that are evaluated by the Allegro Network Multimeter.
  4. CAPWAP encapsulated packets. In contrast to PEEKREMOTE, CAPWAP packets encapsulate complete IP packets which itself contain 802.11 information. Therefore, the endpoint mode must be configured for a specific IP and port and the tunnel view mode must be enabled too to let the Allegro Network Multimeter look inside the encapsulated packets.