Tag Archives: wireless capture

802.11ac – New Standard, New Methodologies for WLAN Analysis

The 802.11ac Wi-Fi standard has the ability to revolutionize how enterprises support the large quantity of devices connected to corporate networks. Yet, most organizations do not understand that monitoring and analyzing 802.11ac traffic requires significant changes in the way wireless data is captured.

As we get closer to 802.11ac ratification (still scheduled for Q1 2014) we’re seeing the same pattern we saw with 802.11n. Early equipment in the market, developed against an early draft standard, was targeted mainly at the home market. Head into any electronics store (brick and mortar or online) and you’ll already find a wide selection of 802.11ac APs for the home. But it was only a few months ago that we began seeing devices from the major enterprise AP players hitting the market that are truly enterprise-grade. And it’s these new enterprise-grade APs that are going to force a change in WLAN troubleshooting and analysis.

As a provider of WLAN analysis solutions, the most common question we are hearing today is “what 802.11ac USB devices can I use to monitor the network?” The question seems innocent enough, but the answer is far from simple.

In the “good old days of a/b/g” finding a USB device for monitoring and analyzing was pretty simple. The APs and the USB adapters pretty much had the same capabilities regarding encoding, data transmission, and data rates, and these are some of the key elements when looking for compatible WLAN adapters to use for wireless packet capture. And the list of optional features was very short. But with 802.11n, and even more so with 802.11ac, APs often have much greater capabilities than stations, and this is especially true when comparing APs with 802.11ac USB WLAN adapters.

Most of the 802.11ac APs hitting the market are capable of at least 3-stream operation, and 4-stream APs will not be far behind. Most 802.11ac USB WLAN adapters are 1-stream, with a small selection at 2-stream. There are no 3-stream or 4-stream 802.11ac USB WLAN adapters, and it’s quite likely there won’t be any. The market for USB WLAN adapters is shrinking, as most devices have 802.11 built in, including products ranging from TVs and DVRs to washing machines and refrigerators.

So, if you have an 802.11ac network based on 4-stream APs, how can you ensure that you capture ALL of the traffic from these APs if the best USB-based capture device you can find is only 1- or 2-stream?

Well, I know everyone wants a different answer, but the answer is you can’t, at least not with a 1- or 2-stream USB WLAN adapter. If you have a 4-stream AP, and at least one 4-stream client (let’s say a dedicated video conferencing device that needs the maximum bandwidth it can achieve), you need a capture solution that is also 4-stream, and also supports any other optional features the AP/client combination may support.

And guess what, you already have such a device – it’s the AP itself! With 802.11ac, your best packet capture solution is another AP, preferably one of the same model being used in your network. There are 3 main approaches that can be employed.

  1. You can take an AP that’s adjacent to the AP whose communications you want to monitor, and turn it into “promiscuous” mode, a mode where the AP is in a “listen only” mode and can pick up all 802.11 communications in its vicinity. In most cases (meaning for most vendors APs) this requires taking the listening AP offline, but if you have sufficient overlap designed into your WLAN this is typically not a problem.
  2. If you don’t want to take an AP offline, simply add some strategically placed AP’s into your network that can be dedicated to packet capture and analysis.
    This creates a flexible, distributed monitoring network that allows you to monitor the WLAN remotely whenever it’s needed, or even 24×7. (We’ll cover the topic of 24×7 WLAN analysis in an upcoming blog.) And another benefit of this approach is that if you change your mind and decide you don’t need one or more of the monitoring points you designed in, you can simply work the AP into your overall WLAN, as opposed to a dedicated sensor which has no other purpose.
  3. If you still want to be portable, you can always bring your laptop and an AP to the area you wish to monitor, directly connect the AP to your laptop, and use it in promiscuous mode to capture all of the traffic. Though not as portable as USB devices attached to your laptop, this configuration will ensure that you can capture all of the 802.11ac traffic being generated by your WLAN.

This is not to say that 802.11ac USB WLAN adapters are useless for packet capture, or that portable analysis is dead. A significant percentage of the WLAN traffic on your 802.11ac WLAN will likely be 2-stream or less. Just about all laptops and handheld devices will be 2-stream or less to conserve battery power, and that’s likely to be what generates the bulk of your traffic. So you can still use a laptop with one or more 2-stream 802.11ac USB WLAN adapters (as soon as one that can be used for packet capture is commercially available) and you will be able to analyze your 1-and 2-stream 802.11ac traffic. But keep in mind that you won’t be seeing ALL of the traffic. Any traffic at 3-stream and above will simply not show up in the analyzer – you won’t know what you’re missing.

802.11ac will deliver on the promise of gigabit wireless, but it will also complicate your ability to monitor and analyze your network. The best approach is to plan ahead and design overlap into your 802.11ac network design. Whether you intend to simply troubleshoot from time to time, or you’re planning on a 24×7 monitoring and analysis capability, using APs as packet capture devices will provide complete visibility into your 802.11ac network, and it will provide a highly distributed analysis solution that you can access from anywhere, saving time and money when problems occur.