WiFi module

From Allegro Network Multimeter Manual
Revision as of 10:07, 26 January 2022 by Ralf (talk | contribs)
Jump to navigation Jump to search

This module analyses IEEE 802.11 frame encapsulated in special packets (https://www.wireshark.org/docs/dfref/p/peekremote.html).

In the current version, only IEEE802.11 data frames with QoS data are processed to display statistics about the access points and participants and their quality. All other IEEE802.11 frame are skipped.

Beacon frames are also analyzed and additional information like SSID name, access point name, channel utilization are shown too (Firmware >= 3.4).

Statistics

BSS list

BSS list

The first entry tab "BSS list" shows shows two generic packet counts:

  • processed packets: This is the number of IEEE 802.11 data Qos frames and Beacon frames (https://en.wikipedia.org/wiki/802.11_Frame_Types#Types_and_SubTypes) that are decoded and accounted for statistics. This frame are type 2 and subtype 8 and type 0/8 respectively.
  • skipped packets: This is the number of IEEE 802.11 frames that are not analyzed (because they are not supported or invalid). This includes all frame not being type 0/2 or subtype 8, as well as possible corrupt packets.

The table shown in this section lists all so-called "base service sets" which are usually the access points.

Columns:

  • BSS ID: This is the MAC address of the station.
    • In firmware >= 3.4, we also show the number of other BSS IDs of the same device, based on their MAC addresses. When following the link to the BSS detail page, the other BSS are listed on that page.
  • NIC vendor name: This is the vendor name of the MAC addresse.
  • SSID: When available, the SSID is shown for this BSS (firmware >= 3.4)
  • AP name: When available, the AP name is shown (firmware >= 3.4)
    • Note: The AP name is Cisco specific extension of beacon frame attributes and therefore only available for specific devices.
  • Subscribers: This column shows the number of MAC addresses communication from or to this BSS (Firmware >= 3.4)
    • The number of clients in parentheses are the number of unicast addresses different than the BSS MAC address.
    • The actual subscribers can be seen in the BSS detail page.
  • Current channel: This is the channel the BSS is currently operating on (firmware >= 3.4)
  • Current channel utilization: This value is extracted from beacon frames indicating the percentage of time the channel was active (firmware >= 3.4)
  • Current frequency: This classifies the BSS frequency into 2.4 GHz, 5 GHz, or 0 for other frequencies
  • pps transmitted: This is the number of QoS or beacon frames that have been analyzed for this BSS.
    • Note: This is not the number of packets sent in the whole WiFi channel.
  • bytes transmitted: Similar to pps, this is the number bytes of QoS or beacon frames.
  • Signal/noise level: These values indicate the signal quality of the BSS.
    • It uses information from packets sent from or to the BSS to give an indication ab out the overall quality.
  • Graph: Multiple graphs are shown for detailed information over time:
    • Packets sent: this is the number of QoS/beacon frames sent over time
    • dbm signal/noise: the signal and noise level over time
    • Channel: This is the channel used at any given time (firmware >= 3.4)
    • Utilization: This is the channel utilization over time (firmware >= 3.4)
WiFi client list

List of clients (firmware >= 3.4)

The second tab shows all clients devices (unicast devices other than BSS) that have been seen in QoS and beacon frame.

The table shows the client MAC address, its vendor name and in how many BSSs this client was active.

WiFi client detail

When clicking on the client address, a detailed page is shown. The BSS tab shows which BSS were actually used at which time so it is possible to identify how often a client switched access points.

Channel view (firmware >= 3.4)

WiFi channel view

The third tab shows which channels in each frequency band is currently used by how many BSS. The channel can be clicked to get a list of BSS in that specific channel.

Per-BSS statistics

For each BSS MAC address, more detailed information can be shown by clicking on the MAC address in the BSS list.

WiFi BSS details

The detail page shows an overview for this BSS ID and contains additional tabs for the list of subscribers of that base service set, as well as the list of frequencies, channels, and bands used by this base service set.

The overview tab shows all information from the BSS table and also all MAC addresses of other BSS that are handled by the same physical device.

Traffic processing

There are currently two kinds of 802.11 traffic that can be analyzed:

  1. PEEKREMOTE packets This kind of traffic is generated by access points and is send via UDP to a specified IP address and port. To analyze this traffic, the endpoint mode has to be enabled on an interface which receives this traffic. In the endpoint mode configuration, an IP address and port can be configured for which the Allegro Network Multimeter accepts packets. PEEKREMOTE packets usually do not contain complete IP packets, only 802.11 statistics that are evaluated by the Allegro Network Multimeter.
  2. CAPWAP encapsulated packets In contrast to PEEKREMOTE, CAPWAP packets encapsulate complete IP packets which itself contain 802.11 information. Therefore, the endpoint mode must be configured for a specific IP and port and the tunnel view mode must be enabled too to let the Allegro Network Multimeter look inside the encapsulated packets.
Retrieved from "https://allegro-packets.com/wiki/index.php?title=WiFi_module&oldid=3836"