When and Why You Should Capture 802.11n Traffic with Remote AP Adapters

The classic method of capturing WLAN traffic is to attach a dongle to a laptop and walk the floor. There are some advantages to this method, but the innovations introduced in 802.11n provide a clear argument that the time has come to rely on access point (AP) based capture.

Walking the floor “feels” like the right way to address WLAN issues. It’s a technique commonly used when deciding where to install APs, to detect noise sources, and determine the farthest limits of coverage. There are well-respected tools specifically built to use floorplans to provide a path to walk to test the WLAN signal. Best of all, it provides an active alternative to sitting at your desk.

802.11n changes some of the underlying assumptions around WLAN analysis. Beam forming means that APs are able to create direct paths to reach WLAN clients, replacing omnidirectional antennas with arrays of unidirectional antennas. While we at WildPackets are fans of anything that includes the term “Omni,” we’re also fans of technology that improves performance and bandwidth, which beam forming definitely does. What it means for your WLAN is that an AP will be able to optimize the packet delivery to physically route around sources of noise, so there’s less need to survey the site.

There’s also another issue we’re hearing about with 802.11n laptop-based analysis, which is that the higher speeds – not to mention channel bonding – are starting to overwhelm the ability of a single laptop to capture all WLAN traffic across all channels. There’s simply not enough bandwidth in USB for more than about 3 active WLAN capture dongles. While it’s not a problem for any given client, it’s a problem for an analyst performing true multi-channel analysis.

With a remote AP adapter on the other hand, the traffic is captured by an AP that is put into promiscuous mode and sent in real-time over the (often gigabit) wire to OmniPeek or an OmniEngine for analysis. This helps you capture traffic at rates as high as a wired network. It also allows captures to be done remotely, from as many locations as you have APs installed.

There’s one caveat with AP-based capture: not every AP out there supports remote capture, and not every AP supports capturing at the same time as acting as a base station.

For APs that support remote capture, there’s no better way to get a “true” view of the wireless traffic. Since the AP is the center of the network, it’s the most accurate location to measure signal strength for clients. It’s much faster to see the reception for all attached clients than to walk the floor and measure the signal at every location. That’s especially true when the “floor” in question is at a remote site: packets travel faster than people do, so problems can be detected, diagnosed, and fixed quicker.

For best success with AP-based capture, consider putting an OmniEngine near your AP controller, to reduce the distance your captured traffic has to traverse. The optimized protocol between OmniPeek and OmniEngines means that you’ll get the advantages of full visibility without creating a lot of additional traffic.

If you’re still not convinced, or you just like the excuse to get up and walk around, WildPackets is still there to support you. Take a look at our new OmniWiFi WLAN adapter for reliable capture at a reasonable cost.

One thought on “When and Why You Should Capture 802.11n Traffic with Remote AP Adapters

Leave a Reply