122
edits
WiFi module: Difference between revisions
no edit summary
m (Martin.Weiser moved page IEEE 802.11 module to WiFi module) |
No edit summary |
||
| Line 1: | Line 1: | ||
This module analyses IEEE 802.11 | This module analyses IEEE 802.11 frames either acquired using the WiFi monitoring feature (see TODO) or encapsulated in special packets (https://www.wireshark.org/docs/dfref/p/peekremote.html). It also provides statistics when analyzing PCAPs with a Radiotap link layer and IEEE 802.11 packets. | ||
=== Statistics === | |||
'''Channel statistics''' | |||
This page shows a list of all WiFi channels on which traffic is seen and offers the ability to capture the traffic of each channel. The table contains the following data" | |||
* Frequency: the frequency of the channel in MHz. This uniquely identifies a channel as the channel numbers themselves are ambiguous. | |||
* Channel: the channel number. These numbers are ambiguous as there exists a channel 1 in the 2.4GHz range as well as in the 5GHz range. | |||
* Number of BSS: The number of BSS active on this channel. | |||
* Active BSS within the last hour: the number of BSS that were active on this channel during the last hour. | |||
* Packets: the number of packets seen on this channel. | |||
* Bytes: the number of bytes seen on this channel. | |||
* Graph: Multigraph selection that can show packet rate and data rate history. | |||
==== BSS | ==== BSS statistics ==== | ||
[[File:Ieee 802 11 bss list.png|thumb|600x600px|BSS list]] | [[File:Ieee 802 11 bss list.png|thumb|600x600px|BSS list]] | ||
The first entry tab "BSS list" shows shows two generic packet counts: | The first entry tab "BSS list" shows shows two generic packet counts: | ||
| Line 40: | Line 47: | ||
[[File:Ieee 802 11 client list.png|thumb|300x300px|WiFi client list]] | [[File:Ieee 802 11 client list.png|thumb|300x300px|WiFi client list]] | ||
==== | ==== Client statistics ==== | ||
The second tab shows all clients devices (unicast devices other than BSS) that have been seen in QoS and beacon frame. | The second tab shows all clients devices (unicast devices other than BSS) that have been seen in QoS and beacon frame. | ||
| Line 59: | Line 66: | ||
=== Traffic processing === | === Traffic processing === | ||
There are currently | There are currently four kinds of 802.11 traffic that can be analyzed: | ||
# PEEKREMOTE packets | # Live packet processing of IEEE 802.11 packets acquired with the WiFi monitoring feature (see TODO). | ||
# CAPWAP encapsulated packets | # Radiotap PCAP files that contain IEEE 802.11 packets. | ||
# PEEKREMOTE packets. This kind of traffic is generated by access points and is send via UDP to a specified IP address and port. To analyze this traffic, the endpoint mode has to be enabled on an interface which receives this traffic. In the [[Global settings#Endpoint mode|endpoint mode configuration]], an IP address and port can be configured for which the Allegro Network Multimeter accepts packets. PEEKREMOTE packets usually do not contain complete IP packets, only 802.11 statistics that are evaluated by the Allegro Network Multimeter. | |||
# CAPWAP encapsulated packets. In contrast to PEEKREMOTE, CAPWAP packets encapsulate complete IP packets which itself contain 802.11 information. Therefore, the endpoint mode must be configured for a specific IP and port and the [[Global settings#Tunnel view mode|tunnel view mode]] must be enabled too to let the Allegro Network Multimeter look inside the encapsulated packets. | |||