WiFi module: Difference between revisions
| No edit summary | No edit summary | ||
| Line 1: | Line 1: | ||
| This module analyses IEEE 802.11 frames either acquired using the WiFi monitoring feature (see TODO) or encapsulated in special packets (https://www.wireshark.org/docs/dfref/p/peekremote.html). It also provides statistics when analyzing PCAPs with a Radiotap link  | This module analyses IEEE 802.11 frames either acquired using the WiFi monitoring feature (see TODO) or encapsulated in special packets (https://www.wireshark.org/docs/dfref/p/peekremote.html). It also provides statistics when analyzing PCAPs with a Radiotap link type and IEEE 802.11 packets. | ||
| === Statistics === | === Statistics === | ||
| '''Channel statistics''' | '''Channel statistics''' | ||
| This page shows a list of all WiFi channels on which traffic is seen and offers the ability to capture the traffic of each channel. The table contains the following data | This page shows a list of all WiFi channels on which traffic is seen and offers the ability to capture the traffic of each channel. The table contains the following data: | ||
| * Frequency: the frequency of the channel in MHz. This uniquely identifies a channel as the channel numbers themselves are ambiguous. | * Frequency: the frequency of the channel in MHz. This uniquely identifies a channel as the channel numbers themselves are ambiguous. | ||
| Line 13: | Line 13: | ||
| * Bytes: the number of bytes seen on this channel. | * Bytes: the number of bytes seen on this channel. | ||
| * Graph: Multigraph selection that can show packet rate and data rate history. | * Graph: Multigraph selection that can show packet rate and data rate history. | ||
| The channel frequency can be clicked on get a list of BSS in that specific channel. This table contains the same information as the global table in the BSS statistics. | |||
| ==== BSS statistics ==== | ==== BSS statistics ==== | ||
| [[File:Ieee 802 11 bss list.png|thumb|600x600px|BSS list]] | [[File:Ieee 802 11 bss list.png|thumb|600x600px|BSS list]]The table shown on this page lists all so-called "base service sets" which are usually the access points. | ||
| The table shown  | |||
| The table contains the following data: | |||
| * BSS ID: This is the MAC address of the station. | * BSS ID: This is the MAC address of the station. | ||
| Line 33: | Line 30: | ||
| ** The actual subscribers can be seen in the BSS detail page. | ** The actual subscribers can be seen in the BSS detail page. | ||
| * Current channel: This is the channel the BSS is currently operating on (firmware >= 3.4) | * Current channel: This is the channel the BSS is currently operating on (firmware >= 3.4) | ||
| * Current frequency: This is the frequency the BSS is currently operating on (firmware >= 4.0) | |||
| * Current channel utilization: This value is extracted from beacon frames indicating the percentage of time the channel was active (firmware >= 3.4) | * Current channel utilization: This value is extracted from beacon frames indicating the percentage of time the channel was active (firmware >= 3.4) | ||
| * Current frequency: This classifies the BSS frequency into 2.4 GHz, 5 GHz, or 0 for other frequencies | * Current frequency: This classifies the BSS frequency into 2.4 GHz, 5 GHz, or 0 for other frequencies | ||
| * pps transmitted: This is the number of  | * pps transmitted: This is the number of frames that have been analyzed for this BSS. | ||
| * | * bytes transmitted: This is the number of bytes that have been analyzed for this BSS. | ||
| * Signal/noise level: These values indicate the signal quality of the BSS. | * Signal/noise level: These values indicate the signal quality of the BSS. | ||
| ** It uses information from packets sent from or to the BSS to give an indication ab out the overall quality. | ** It uses information from packets sent from or to the BSS to give an indication ab out the overall quality. | ||
| * Graph:  | * Graph: Multigraph selection for detailed information over time: | ||
| ** Packets  | ** Packets: this is the number of frames seen over time | ||
| ** Bytes: this is the number of bytes seen over time | |||
| ** dbm signal/noise: the signal and noise level over time | ** dbm signal/noise: the signal and noise level over time | ||
| ** Channel: This is the channel used at any given time (firmware >= 3.4) | ** Channel: This is the channel used at any given time (firmware >= 3.4) | ||
| [[File:Ieee 802 11 client list.png|thumb|300x300px|WiFi client list]] | [[File:Ieee 802 11 client list.png|thumb|300x300px|WiFi client list]] | ||
Revision as of 12:49, 30 March 2023
This module analyses IEEE 802.11 frames either acquired using the WiFi monitoring feature (see TODO) or encapsulated in special packets (https://www.wireshark.org/docs/dfref/p/peekremote.html). It also provides statistics when analyzing PCAPs with a Radiotap link type and IEEE 802.11 packets.
Statistics
Channel statistics
This page shows a list of all WiFi channels on which traffic is seen and offers the ability to capture the traffic of each channel. The table contains the following data:
- Frequency: the frequency of the channel in MHz. This uniquely identifies a channel as the channel numbers themselves are ambiguous.
- Channel: the channel number. These numbers are ambiguous as there exists a channel 1 in the 2.4GHz range as well as in the 5GHz range.
- Number of BSS: The number of BSS active on this channel.
- Active BSS within the last hour: the number of BSS that were active on this channel during the last hour.
- Packets: the number of packets seen on this channel.
- Bytes: the number of bytes seen on this channel.
- Graph: Multigraph selection that can show packet rate and data rate history.
The channel frequency can be clicked on get a list of BSS in that specific channel. This table contains the same information as the global table in the BSS statistics.
BSS statistics
The table shown on this page lists all so-called "base service sets" which are usually the access points.
The table contains the following data:
- BSS ID: This is the MAC address of the station.
- In firmware >= 3.4, we also show the number of other BSS IDs of the same device, based on their MAC addresses. When following the link to the BSS detail page, the other BSS are listed on that page.
 
- NIC vendor name: This is the vendor name of the MAC addresse.
- SSID: When available, the SSID is shown for this BSS (firmware >= 3.4)
- AP name: When available, the AP name is shown (firmware >= 3.4)
- Note: The AP name is Cisco specific extension of beacon frame attributes and therefore only available for specific devices.
 
- Subscribers: This column shows the number of MAC addresses communication from or to this BSS (Firmware >= 3.4)
- The number of clients in parentheses are the number of unicast addresses different than the BSS MAC address.
- The actual subscribers can be seen in the BSS detail page.
 
- Current channel: This is the channel the BSS is currently operating on (firmware >= 3.4)
- Current frequency: This is the frequency the BSS is currently operating on (firmware >= 4.0)
- Current channel utilization: This value is extracted from beacon frames indicating the percentage of time the channel was active (firmware >= 3.4)
- Current frequency: This classifies the BSS frequency into 2.4 GHz, 5 GHz, or 0 for other frequencies
- pps transmitted: This is the number of frames that have been analyzed for this BSS.
- bytes transmitted: This is the number of bytes that have been analyzed for this BSS.
- Signal/noise level: These values indicate the signal quality of the BSS.
- It uses information from packets sent from or to the BSS to give an indication ab out the overall quality.
 
- Graph: Multigraph selection for detailed information over time:
- Packets: this is the number of frames seen over time
- Bytes: this is the number of bytes seen over time
- dbm signal/noise: the signal and noise level over time
- Channel: This is the channel used at any given time (firmware >= 3.4)
 
Client statistics
The second tab shows all clients devices (unicast devices other than BSS) that have been seen in QoS and beacon frame.
The table shows the client MAC address, its vendor name and in how many BSSs this client was active.
When clicking on the client address, a detailed page is shown. The BSS tab shows which BSS were actually used at which time so it is possible to identify how often a client switched access points.
Channel view (firmware >= 3.4)
The third tab shows which channels in each frequency band is currently used by how many BSS. The channel can be clicked to get a list of BSS in that specific channel.
Per-BSS statistics
For each BSS MAC address, more detailed information can be shown by clicking on the MAC address in the BSS list.
The detail page shows an overview for this BSS ID and contains additional tabs for the list of subscribers of that base service set, as well as the list of frequencies, channels, and bands used by this base service set.
The overview tab shows all information from the BSS table and also all MAC addresses of other BSS that are handled by the same physical device.
Traffic processing
There are currently four kinds of 802.11 traffic that can be analyzed:
- Live packet processing of IEEE 802.11 packets acquired with the WiFi monitoring feature (see TODO).
- Radiotap PCAP files that contain IEEE 802.11 packets.
- PEEKREMOTE packets. This kind of traffic is generated by access points and is send via UDP to a specified IP address and port. To analyze this traffic, the endpoint mode has to be enabled on an interface which receives this traffic. In the endpoint mode configuration, an IP address and port can be configured for which the Allegro Network Multimeter accepts packets. PEEKREMOTE packets usually do not contain complete IP packets, only 802.11 statistics that are evaluated by the Allegro Network Multimeter.
- CAPWAP encapsulated packets. In contrast to PEEKREMOTE, CAPWAP packets encapsulate complete IP packets which itself contain 802.11 information. Therefore, the endpoint mode must be configured for a specific IP and port and the tunnel view mode must be enabled too to let the Allegro Network Multimeter look inside the encapsulated packets.




